CVE-2021-29596 in TensorFlowinfo

Summary

by MITRE • 05/15/2021

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/e4b29809543b250bc9b19678ec4776299dd569ba/tensorflow/lite/kernels/embedding_lookup.cc#L73-L74). An attacker can craft a model such that the first dimension of the `value` input is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/19/2021

The vulnerability identified as CVE-2021-29596 affects TensorFlow's TensorFlow Lite implementation, specifically within the EmbeddingLookup operator. This flaw represents a classic division by zero error that occurs when processing machine learning models designed for mobile and embedded deployment. The issue stems from the operator's failure to properly validate input dimensions before performing mathematical operations, creating a condition where a zero value in the first dimension of the value input parameter can trigger a critical runtime exception.

The technical implementation flaw exists in the embedding_lookup.cc file at lines 73-74, where the code performs division operations without adequate bounds checking. When an attacker crafts a malicious model with a zero-sized first dimension in the value tensor, the division operation fails catastrophically, leading to a denial of service condition that can crash applications utilizing TensorFlow Lite. This vulnerability falls under CWE-369, which specifically addresses division by zero errors, and demonstrates how seemingly benign input validation can create critical system failures in machine learning frameworks.

The operational impact of this vulnerability extends beyond simple service disruption, as it affects the reliability of machine learning applications deployed on mobile devices, edge computing systems, and embedded platforms where TensorFlow Lite is commonly utilized. Applications using the affected TensorFlow versions may experience unexpected crashes when processing specially crafted models, potentially leading to complete application failure and compromising user experience. The vulnerability affects multiple supported release lines including TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, indicating the widespread nature of the issue across the TensorFlow ecosystem.

Organizations utilizing TensorFlow Lite for mobile applications, IoT devices, or edge computing deployments must implement immediate mitigations to address this vulnerability. The recommended approach involves upgrading to TensorFlow 2.5.0 or applying the cherry-picked fix to affected versions within the supported release range. Security practitioners should also consider implementing input validation measures and monitoring for suspicious model loading patterns. This vulnerability aligns with ATT&CK technique T1584.002, which involves the development of malware through the exploitation of software vulnerabilities, highlighting the importance of maintaining up-to-date security patches in machine learning environments.

Responsible

GitHub, Inc.

Reservation

03/30/2021

Disclosure

05/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00201

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!