We use cookies to improve your experience on our site.
AVID-2026-R0853
Description
Incomplete validation in QuantizeV2 in TensorFlow (CVE-2021-37663)
Details
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation has some validation but does not check that min_range and max_range both have the same non-zero number of elements. If axis is provided (i.e., not -1), then validation should check that it is a value in range for the rank of input tensor and then the lengths of min_range and max_range inputs match the axis dimension of the input tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-37663 describes a vulnerability in TensorFlow (QuantizeV2) due to incomplete input validation in a core ML framework. This is a software vulnerability in a widely used AI software stack, affecting training/inference workflows and potentially enabling data exposure or integrity issues. It directly concerns components used to build/deploy AI systems (TensorFlow), hence a software supply chain risk for general-purpose AI systems. The report provides evidence including affected versions, a GitHub commit with a fix, and the remediation timeline. Therefore, it should be kept for AVID curation.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j
- https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Base Score | 7.8 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-20 | CWE-20: Improper Input Validation |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-08-12
- Version: 0.3.3
- AVID Entry