AVID-2026-R0865

Description

Division by 0 in most convolution operators in TensorFlow (CVE-2021-37675)

Details

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation is missing several validations before doing divisions and modulo operations. We have patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-37675 describes a division-by-zero vulnerability in TensorFlow’s convolution shape inference that can cause denial of service via a crash. TensorFlow is a core AI framework used in general-purpose AI systems, and the issue resides in the software stack (framework/dependency) rather than hardware/firmware. This aligns with a software supply-chain vulnerability in AI systems, affecting how models are built/deployed using TensorFlow. The report provides details of the vulnerability, affected versions, and a patch, providing sufficient evidence.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-2mv3-49ww
• https://github.com/tensorflow/tensorflow/commit/8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-08-12
• Version: 0.3.3
• AVID Entry