AVID-2026-R0864

Description

Incomplete validation in MaxPoolGrad in TensorFlow (CVE-2021-37674)

Details

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the orig_input and orig_output tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: TensorFlow is a core ML framework; CVE-2021-37674 describes a vulnerability in MaxPoolGrad causing a denial of service due to incomplete input validation. It affects AI pipelines built with TensorFlow and there is a patch/commit referenced, with advisories noting remediation. This is a software vulnerability in a component used to build/train/deploy AI systems, i.e., a software supply chain issue in AI software stacks. Hardware-only issues are not involved. Evidence includes CVE entry, commit, and security advisory.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7ghq-fvr3-pj2x
• https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475
• https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-08-12
• Version: 0.3.3
• AVID Entry