CVE-2021-29529 in TensorFlowinfo

Summary

by MITRE • 05/15/2021

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66) computes two integers (representing the upper and lower bounds for interpolation) by ceiling and flooring a floating point value. For some values of `in`, `interpolation->upper[i]` might be smaller than `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is capped at `in_size-1` as it means that `interpolation->lower[i]` points outside of the image. Then, in the interpolation code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264), this would result in heap buffer overflow. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/19/2021

The vulnerability identified as CVE-2021-29529 resides within the TensorFlow machine learning platform, specifically affecting the `tf.raw_ops.QuantizedResizeBilinear` operation. This heap buffer overflow represents a critical security flaw that can be exploited by attackers through careful manipulation of input parameters. The vulnerability stems from improper handling of floating point arithmetic during image resizing operations, creating conditions where memory access violations can occur. The flaw impacts TensorFlow versions prior to 2.5.0 and affects users who employ quantized bilinear resizing operations in their machine learning workflows.

The technical implementation of the vulnerability occurs in the quantized resize bilinear kernel where floating point values undergo ceiling and flooring operations to determine interpolation bounds. Specifically, the code computes two integers representing upper and lower bounds for interpolation by applying ceiling and floor functions to floating point values. Under certain conditions, particularly when input values result in specific rounding behaviors, the computed upper bound can become smaller than the lower bound. This mathematical inconsistency occurs because the upper bound is capped at `in_size-1` while the lower bound is not subjected to the same constraint, creating a scenario where the lower bound references memory locations outside the valid image boundaries.

The operational impact of this vulnerability extends beyond simple memory corruption, as it creates potential for arbitrary code execution or denial of service conditions within applications that process user-supplied image data through TensorFlow's resizing operations. When the interpolation code attempts to access memory locations determined by these malformed bounds, heap buffer overflow conditions occur at lines 245-264 of the implementation. This memory corruption can be leveraged by attackers to manipulate program execution flow or cause application crashes, particularly in environments where TensorFlow processes untrusted image inputs from external sources. The vulnerability affects not only the primary TensorFlow 2.5.0 release but also several previous supported versions including 2.4.2, 2.3.3, 2.2.3, and 2.1.4, indicating a widespread impact across multiple release branches.

The mitigation strategy involves applying the official patches that will be included in TensorFlow 2.5.0, with cherry-picked fixes for the affected older versions. This vulnerability aligns with CWE-121, heap-based buffer overflow, and represents a classic example of improper integer handling in mathematical operations. From an ATT&CK perspective, this vulnerability could be categorized under T1059 for execution through code injection, and T1499 for denial of service. The fix addresses the core issue by ensuring proper bounds checking and preventing the scenario where upper bounds become smaller than lower bounds, thereby eliminating the conditions that lead to heap buffer overflow during image processing operations. Organizations should prioritize upgrading to patched versions or implementing the cherry-picked fixes to maintain secure TensorFlow deployments, particularly in production environments handling diverse image inputs.

Responsible

GitHub, Inc.

Reservation

03/30/2021

Disclosure

05/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00251

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!