CVE-2021-29550 in TensorFlowinfo

Summary

by MITRE • 05/15/2021

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/16/2021

The vulnerability CVE-2021-29550 affects TensorFlow's fractional average pooling operation within the tf.raw_ops.FractionalAvgPool functionality. This issue stems from a division by zero error that can be exploited to cause a denial of service condition. The flaw exists in the implementation where user-controllable parameters are used to compute divisor quantities, specifically involving input_size[i] and pooling_ratio_[i] values that originate from the value.shape() and pooling_ratio arguments respectively. The mathematical computation process leads to scenarios where the floor operation results in output_size[i] being zero when input_size[i] is smaller than pooling_ratio_[i]. This condition is particularly dangerous because the DCHECK_GT validation mechanism, which would normally prevent such scenarios, operates only in debug mode and becomes ineffective in production environments.

The technical execution of this vulnerability occurs through a cascading sequence of operations that begins with the initial parameter validation and continues through to the final pooling sequence generation. When the computed output_length parameter becomes zero, subsequent calculations within the GeneratePoolingSequence function trigger a runtime division by zero error. This occurs specifically in a modulo operation where the divisor becomes zero, causing the system to crash immediately. The vulnerability is classified under CWE-369 as a divide by zero condition that arises from improper input validation, while the attack pattern aligns with ATT&CK technique T1499.004 for network denial of service through resource exhaustion.

The operational impact of this vulnerability extends beyond simple system crashes, as it can be leveraged by malicious actors to disrupt machine learning workflows and inference systems that rely on TensorFlow's fractional pooling operations. Attackers can craft malicious input tensors that specifically trigger the zero output size condition, thereby causing denial of service across applications that depend on TensorFlow's fractional average pooling functionality. The vulnerability affects multiple TensorFlow versions including 2.1.4, 2.2.3, 2.3.3, 2.4.2, and the affected versions are all within supported release cycles, indicating that organizations using these platforms are particularly at risk. The fix implementation addresses the core validation issue by ensuring proper bounds checking before the division operations occur, preventing the generation of zero output sizes that would lead to subsequent runtime failures.

Organizations implementing TensorFlow-based machine learning systems must prioritize immediate patching of affected versions to prevent exploitation. The recommended mitigation strategy includes upgrading to TensorFlow 2.5.0 or applying the cherry-picked fixes to the supported older versions. Security teams should also implement monitoring for unusual input patterns that might indicate attempted exploitation of this vulnerability, particularly focusing on fractional pooling operations within their machine learning pipelines. Additionally, input validation mechanisms should be strengthened to prevent user-controllable parameters from reaching the vulnerable computation paths, ensuring that all dimensional parameters are validated against expected ranges before processing. The vulnerability serves as a reminder of the importance of robust input validation in mathematical operations within machine learning frameworks, where improper handling of edge cases can lead to critical system failures.

Responsible

GitHub, Inc.

Reservation

03/30/2021

Disclosure

05/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00189

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!