CVE-2021-29597 in TensorFlowinfo

Summary

by MITRE • 05/15/2021

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/412c7d9bb8f8a762c5b266c9e73bfa165f29aac8/tensorflow/lite/kernels/space_to_batch_nd.cc#L82-L83). An attacker can craft a model such that one dimension of the `block` input is 0. Hence, the corresponding value in `block_shape` is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/19/2021

The vulnerability CVE-2021-29597 affects TensorFlow Lite implementations through a critical division by zero error in the SpaceToBatchNd operator. This flaw exists within the kernel implementation at line 82-83 of the space_to_batch_nd.cc file where the code fails to validate input parameters before performing mathematical operations. The vulnerability specifically manifests when an attacker crafts a malicious model that includes a zero value in the block input dimension, which directly translates to a zero value in the block_shape array. This condition creates an undefined behavior scenario where division operations attempt to divide by zero, potentially leading to application crashes or system instability during model execution.

The technical implementation of this vulnerability stems from inadequate input validation within the TensorFlow Lite operator. When the SpaceToBatchNd operation processes tensors, it calculates various dimensions based on the block_shape parameter without proper verification that these values remain non-zero. This lack of validation creates a path for malicious input to trigger arithmetic exceptions that can be exploited to cause denial of service conditions. The vulnerability is classified under CWE-369 as a division by zero error, representing a fundamental flaw in input sanitization that allows attackers to manipulate program execution flow through crafted inputs.

From an operational perspective, this vulnerability poses significant risks to TensorFlow Lite deployments across various environments including mobile applications, edge devices, and embedded systems where model loading and execution occur. Attackers can exploit this by submitting specially crafted models that contain zero values in block dimensions, causing the application to crash or behave unpredictably when processing these inputs. The impact extends beyond simple crashes as such vulnerabilities can be leveraged in broader attack chains where an initial denial of service might be followed by more sophisticated exploitation techniques. The vulnerability affects multiple TensorFlow versions including 2.4.2, 2.3.3, 2.2.3, and 2.1.4, indicating a widespread exposure across supported release lines.

The mitigation strategy for CVE-2021-29597 involves applying the official patches released by TensorFlow developers, which include fixes for TensorFlow versions 2.5.0 and backported updates for older supported versions. Organizations should prioritize updating their TensorFlow Lite implementations to the patched versions to eliminate the risk of division by zero errors. Additionally, implementing input validation at the application level can serve as an additional defense layer, though the primary remediation must come from the framework updates. Security teams should also consider monitoring for potential exploitation attempts through anomaly detection systems that might identify unusual model loading patterns or application crashes related to SpaceToBatchNd operations. The fix addresses the core issue by ensuring proper validation of block_shape parameters before any mathematical operations are performed, preventing the zero division scenario entirely.

Responsible

GitHub, Inc.

Reservation

03/30/2021

Disclosure

05/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00201

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!