CVE-2021-29528
published 2021-05-14CVE-2021-29528: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 2.1.4 | 2.1.4 | |
| tensorflow | >= 2.2.0 < 2.2.3 | 2.2.3 | |
| tensorflow | >= 2.3.0 < 2.3.3 | 2.3.3 | |
| tensorflow | >= 2.4.0 < 2.4.2 | 2.4.2 | |
| intel | optimization_for_tensorflow | >= 0 < a1b11d2fdd1e51bfe18bb1ede804f60abfa92da6 | a1b11d2fdd1e51bfe18bb1ede804f60abfa92da6 |
| intel | optimization_for_tensorflow | >= 0 < 2.1.4 | 2.1.4 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.3 | 2.2.3 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.3 | 2.3.3 |
| intel | optimization_for_tensorflow | >= 2.4.0 < 2.4.2 | 2.4.2 |
| tensorflow | tensorflow | < 2.1.4 | 2.1.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
Debian
CVE-2021-29528: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack...
vendor_debian·2021·CVSS 2.5
CVE-2021-29528 [LOW] CVE-2021-29528: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack...
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Scope: local
forky: resolved
sid: resolved
OSV
Division by 0 in `QuantizedMul`
osv·2021-05-21
CVE-2021-29528 [LOW] Division by 0 in `QuantizedMul`
Division by 0 in `QuantizedMul`
### Impact
An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`:
```python
import tensorflow as tf
x = tf.zeros([4, 1], dtype=tf.quint8)
y = tf.constant([], dtype=tf.quint8)
min_x = tf.constant(0.0)
max_x = tf.constant(0.0010000000474974513)
min_y = tf.constant(0.0)
max_y = tf.constant(0.0010000000474974513)
tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)
```
This is because the [implementation](https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller:
```cc
template
void VectorTensorMultiply(const T* vector_data, int32 vector_offset,
int64 vector_num_el
GHSA
Division by 0 in `QuantizedMul`
ghsa·2021-05-21
CVE-2021-29528 [LOW] CWE-369 Division by 0 in `QuantizedMul`
Division by 0 in `QuantizedMul`
### Impact
An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`:
```python
import tensorflow as tf
x = tf.zeros([4, 1], dtype=tf.quint8)
y = tf.constant([], dtype=tf.quint8)
min_x = tf.constant(0.0)
max_x = tf.constant(0.0010000000474974513)
min_y = tf.constant(0.0)
max_y = tf.constant(0.0010000000474974513)
tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)
```
This is because the [implementation](https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller:
```cc
template
void VectorTensorMultiply(const T* vector_data, int32 vector_offset,
int64 vector_num_el
OSV
CVE-2021-29528: TensorFlow is an end-to-end open source platform for machine learning
osv·2021-05-14
CVE-2021-29528 CVE-2021-29528: TensorFlow is an end-to-end open source platform for machine learning
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b438392024912154a2c2f5e85/tensorflow/core/kernels/quantized_mul_op.cc#L188-L198) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tensorflow/tensorflow/commit/a1b11d2fdd1e51bfe18bb1ede804f60abfa92da6https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f84-42vf-ppwphttps://github.com/tensorflow/tensorflow/commit/a1b11d2fdd1e51bfe18bb1ede804f60abfa92da6https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f84-42vf-ppwp
2021-05-14
Published