AVID-2026-R0903

Description

Heap OOB read in shape inference for QuantizeV2 (CVE-2021-41211)

Details

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start of a heap buffer. The code allows axis to be an optional argument (s would contain an error::NOT_FOUND error code). Otherwise, it assumes that axis is a valid index into the dimensions of the input tensor. If axis is less than -1 then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.

Reason for inclusion in AVID: CVE-2021-41211 describes a heap out-of-bounds read in TensorFlow’s shape inference for QuantizeV2, a vulnerability in the TensorFlow ML framework. This directly affects software used to build/train/deploy AI systems, representing a software supply-chain vulnerability in AI stacks. It has clear security impact (RCE-like implications via memory access, per CVSS) and is evidenced by the advisory and CVE details.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c
• https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-11-05
• Version: 0.3.3
• AVID Entry