We use cookies to improve your experience on our site.
AVID-2026-R0896
Description
Missing validation during checkpoint loading (CVE-2021-41203)
Details
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-41203 describes a vulnerability in TensorFlow’s checkpoint loading that can trigger undefined behavior, segfaults, and crashes when processing crafted checkpoints. This is a software vulnerability within a core ML framework component, directly impacting AI systems that rely on TensorFlow for training and deployment. It concerns software supply chain elements (the TensorFlow package and its checkpoint infrastructure) used to build, train, and run general-purpose AI systems. The report provides CVE details, affected versions, and remediation signals, establishing a clear security impact in the AI software stack.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2
- https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec
- https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578
- https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad
- https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Base Score | 7.8 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-345 | CWE-345: Insufficient Verification of Data Authenticity |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-11-05
- Version: 0.3.3
- AVID Entry