CVE-2021-29615 in TensorFlow
Summary
by MITRE • 05/15/2021
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/19/2021
The vulnerability described in CVE-2021-29615 resides within the TensorFlow machine learning platform, specifically in the ParseAttrValue function implementation. This function serves as a critical component in TensorFlow's attribute value parsing mechanism, responsible for processing and validating attribute values within the framework's computational graph. The flaw manifests as a stack overflow condition that occurs during recursive processing of specially crafted input data, making it a significant security concern for any system utilizing TensorFlow's attribute parsing capabilities.
The technical implementation of ParseAttrValue in TensorFlow's core framework contains a recursive function call pattern that lacks proper depth validation or stack limit enforcement. When processing malformed or maliciously constructed attribute values, the recursive descent can exceed the available stack space, leading to a stack overflow condition. This vulnerability is particularly dangerous because it can be triggered through normal attribute parsing operations, meaning that any application or service using TensorFlow that processes untrusted input data could be susceptible to this attack vector. The recursive nature of the flaw means that even relatively small inputs can cause significant stack exhaustion, potentially leading to application crashes or, in more sophisticated attacks, arbitrary code execution.
The operational impact of this vulnerability extends across multiple TensorFlow versions, with affected releases including TensorFlow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and the affected versions requiring the fix. This widespread impact across the TensorFlow ecosystem means that numerous machine learning applications, research platforms, and production systems could be at risk. The vulnerability affects systems that process user-supplied or external data through TensorFlow's attribute parsing mechanisms, which are fundamental to many machine learning workflows, including model loading, graph construction, and parameter validation. Organizations deploying TensorFlow in environments where input validation is insufficient or where external data sources are processed without proper sanitization face heightened risk exposure.
The fix for this vulnerability addresses the recursive parsing logic by implementing stack depth limits and proper recursion termination conditions within the ParseAttrValue function. This approach aligns with common security practices for preventing stack overflow conditions and follows established patterns for recursive function safety. Organizations should prioritize updating their TensorFlow installations to versions 2.5.0 or the cherrypicked fixes for older supported versions to mitigate this risk. Additionally, implementing input validation and sanitization measures at the application layer can provide defense-in-depth protection against potential exploitation attempts. The vulnerability classification aligns with CWE-674, which describes "Uncontrolled Recursion" as a weakness that can lead to stack overflow conditions, and may map to ATT&CK technique T1059.001 for command and scripting interpreter usage, particularly when considering potential exploitation vectors that could leverage this vulnerability for unauthorized code execution in machine learning environments.