CVE-2021-29554 in TensorFlowinfo

Summary

by MITRE • 05/15/2021

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division. Since `data` is given by the `values` argument, `num_batch_elements` is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, and TensorFlow 2.3.3, as these are also affected.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/19/2021

The vulnerability identified as CVE-2021-29554 affects TensorFlow, a widely-used open-source machine learning platform that powers numerous applications across various industries. This security flaw resides within the `tf.raw_ops.DenseCountSparseOutput` operation, which is part of TensorFlow's core computational kernels designed to process sparse data structures efficiently. The issue manifests as a potential denial of service condition that can be triggered by malicious input, making it particularly concerning for systems that process untrusted data inputs.

The technical root cause of this vulnerability stems from improper input validation within the count operations implementation. Specifically, the code at line 123-127 in the count_ops.cc file computes a divisor value derived from user-provided data through the `values` argument without first verifying that this computed value is non-zero before performing division operations. This mathematical error creates a floating-point exception (FPE) that crashes the application, effectively causing a denial of service condition. The vulnerability is particularly insidious because it leverages legitimate TensorFlow operations while exploiting a subtle edge case in the mathematical computation flow.

The operational impact of this vulnerability extends beyond simple service disruption, as it can be exploited by attackers to cause system instability in machine learning applications that process sparse data. Given that TensorFlow is deployed across diverse environments including web applications, mobile platforms, and enterprise systems, this vulnerability could affect any application that accepts user-provided data for processing through the affected operation. The flaw's exploitation requires only careful crafting of input data that results in a zero divisor, making it relatively straightforward for attackers to trigger the condition and cause system downtime.

Security researchers have classified this vulnerability according to CWE-369, which covers the "Division by Zero" weakness, and it aligns with ATT&CK technique T1499.004 for Denial of Service through resource exhaustion. The fix implemented by TensorFlow developers addresses the core issue by adding proper validation checks before division operations, ensuring that zero divisors are detected and handled gracefully rather than allowing the application to crash. The patch has been incorporated into TensorFlow 2.5.0 and backported to the affected 2.4.2 and 2.3.3 release versions, demonstrating the maintainers' commitment to protecting users across multiple supported versions of their platform. Organizations using TensorFlow should prioritize updating to these patched versions to mitigate the risk of exploitation and ensure continued system stability when processing sparse data inputs.

Responsible

GitHub, Inc.

Reservation

03/30/2021

Disclosure

05/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00189

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!