CVE-2021-29519 in TensorFlow
Summary
by MITRE • 05/15/2021
TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3d782b7d47b1bf2ed32bd4a246d6d6cadc4c903d/tensorflow/core/kernels/sparse_cross_op.cc#L114-L116) is tricked to consider a tensor of type `tstring` which in fact contains integral elements. Fixing the type confusion by preventing mixing `DT_STRING` and `DT_INT64` types solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/19/2021
The vulnerability identified as CVE-2021-29519 resides within the TensorFlow machine learning platform, specifically within the `tf.raw_ops.SparseCross` API implementation. This issue represents a type confusion flaw that manifests as a CHECK-failure leading to potential denial of service conditions. The vulnerability stems from the improper handling of tensor type validation within the sparse cross operation kernel, where the implementation fails to correctly distinguish between different data types during processing operations.
The technical flaw occurs in the sparse cross operation implementation at lines 114-116 of the sparse_cross_op.cc file, where a type confusion vulnerability allows a tensor of type `tstring` to be incorrectly processed as if it contained integral elements. This misclassification happens when the system attempts to combine tensors with mixed data types, specifically where `DT_STRING` and `DT_INT64` types are inadvertently mixed during the cross operation processing. The flaw exploits the lack of proper type validation that should prevent operations between incompatible tensor types, creating a scenario where string-typed tensors containing integer data are processed through integer-specific code paths.
This vulnerability presents significant operational impact as it can be exploited to cause denial of service conditions within TensorFlow applications that utilize the affected API. Attackers could craft malicious inputs that trigger the CHECK-failure, causing the application to terminate unexpectedly or enter an unstable state. The vulnerability affects multiple TensorFlow versions including 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0, indicating a widespread impact across the platform's supported releases. The issue aligns with CWE-129, which describes improper handling of length parameters in input validation, and represents a classic case of type confusion that can lead to memory safety violations.
The recommended mitigation strategy involves implementing proper type validation within the sparse cross operation kernel to prevent mixing `DT_STRING` and `DT_INT64` types during processing. The fix requires ensuring that tensors of different fundamental data types are properly validated before any cross-operation processing occurs, preventing the type confusion that leads to the CHECK-failure. This approach aligns with ATT&CK technique T1499.004, which covers network denial of service attacks, and addresses the underlying security principle of input validation. Organizations should immediately upgrade to TensorFlow 2.5.0 or apply the cherry-picked fixes to their affected versions to prevent exploitation of this vulnerability. The fix ensures that the kernel properly validates tensor types before processing operations, maintaining the integrity of the type system and preventing unauthorized type coercion that could lead to system instability or service interruption.