GHSA-6g85-3hm8-83f9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6g85-3hm8-83f9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-6g85-3hm8-83f9/GHSA-6g85-3hm8-83f9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-6g85-3hm8-83f9
- Aliases
- Related
- Published
- 2021-05-21T14:23:22Z
- Modified
- 2024-11-19T19:47:01.069136Z
- Severity
-
- 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- CHECK-fail in `QuantizeAndDequantizeV4Grad`
- Details
-
Impact
An attacker can trigger a denial of service via a
CHECK-fail intf.raw_ops.QuantizeAndDequantizeV4Grad:import tensorflow as tf gradient_tensor = tf.constant([0.0], shape=[1]) input_tensor = tf.constant([0.0], shape=[1]) input_min = tf.constant([[0.0]], shape=[1, 1]) input_max = tf.constant([[0.0]], shape=[1, 1]) tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=gradient_tensor, input=input_tensor, input_min=input_min, input_max=input_max, axis=0)This is because the implementation does not validate the rank of the
input_*tensors. In turn, this results in the tensors being passes as they are toQuantizeAndDequantizePerChannelGradientImpl:template <typename Device, typename T> struct QuantizeAndDequantizePerChannelGradientImpl { static void Compute(const Device& d, typename TTypes<T, 3>::ConstTensor gradient, typename TTypes<T, 3>::ConstTensor input, const Tensor* input_min_tensor, const Tensor* input_max_tensor, typename TTypes<T, 3>::Tensor input_backprop, typename TTypes<T>::Flat input_min_backprop, typename TTypes<T>::Flat input_max_backprop) { ... auto input_min = input_min_tensor->vec<T>(); auto input_max = input_max_tensor->vec<T>(); ... }However, the
vec<T>method, requires the rank to 1 and triggers aCHECKfailure otherwise.Patches
We have patched the issue in GitHub commit 20431e9044cf2ad3c0323c34888b192f3289af6b.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
- Database specific
{ "nvd_published_at": "2021-05-14T20:15:00Z", "cwe_ids": [ "CWE-754" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2021-05-18T21:50:36Z" }- References
-
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6g85-3hm8-83f9
- https://nvd.nist.gov/vuln/detail/CVE-2021-29544
- https://github.com/tensorflow/tensorflow/commit/20431e9044cf2ad3c0323c34888b192f3289af6b
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-472.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-670.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-181.yaml
- https://github.com/tensorflow/tensorflow
- https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L162-L163
- https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.h#L295-L306
Affected packages
PyPI / tensorflow
Package
- Name
- tensorflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow
PyPI / tensorflow-cpu
Package
- Name
- tensorflow-cpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-cpu
PyPI / tensorflow-gpu
Package
- Name
- tensorflow-gpu
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-gpu