We use cookies to improve your experience on our site.
AVID-2026-R0890
Description
Crashes due to overflow and CHECK-fail in ops with large tensor shapes (CVE-2021-41197)
Details
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-41197 describes a software vulnerability in TensorFlow where integer overflow in tensor shape computations can lead to a crash (CHECK failure). TensorFlow is a core AI framework; this affects software used to build/train/deploy AI systems, i.e., an AI stack supply chain vulnerability. It has CVSS metrics indicating an availability impact and local access; the report provides description and references and confirms a fix in TF 2.7.0 and backports, satisfying evidence for a software supply chain vulnerability in AI software stacks.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p
- https://github.com/tensorflow/tensorflow/issues/46890
- https://github.com/tensorflow/tensorflow/issues/51908
- https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85
- https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf
- https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Base Score | 5.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-190 | CWE-190: Integer Overflow or Wraparound |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-11-05
- Version: 0.3.3
- AVID Entry