CVE-2021-29576 — LOW (2.5) — White Hats Nepal

Q: How severe is CVE-2021-29576?

CVE-2021-29576 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29576?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L694-L696) does not check that the initialization of `Pool3dParameters` completes successfully. Since the constructor(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L48-L88) uses `OP_REQUIRES` to validate conditions, the first assertion that fails interrupts the initialization of `params`, making it contain invalid data. In turn, this might cause a heap buffer overflow, depending on default initialized values. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

CVSS Score

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Google	Tensorflow	< 2.1.4

Related Weaknesses (CWE)

CWE-119 CWE-787

References

https://github.com/tensorflow/tensorflow/commit/63c6a29d0f2d692b247f7bf81f8732d6PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7cqx-92hp-x6whExploitPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/63c6a29d0f2d692b247f7bf81f8732d6PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7cqx-92hp-x6whExploitPatchThird Party Advisory

FAQ

What is CVE-2021-29576?

CVE-2021-29576 is a vulnerability with a CVSS score of 2.5 (LOW). TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.c...

How severe is CVE-2021-29576?

CVE-2021-29576 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29576?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.