CVE-2021-29552
CHECK-failure in `UnsortedSegmentJoin`
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar<T>()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
TensorFlow es una plataforma de código abierto de extremo a extremo para el aprendizaje automático. Un atacante puede causar una denegación de servicio al controlar los valores del argumento tensorial "num_segments" para "UnsortedSegmentJoin". Esto es debido a que la implementación (https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) asume que el tensor "num_segments" es un tensor válido. Dado que el tensor está vacío, el "CHECK" involucrado en ".scalar (T)()()" que comprueba que el número de elementos es exactamente 1 será invalidado y esto resultaría en una terminación del proceso. La corrección será incluída en TensorFlow versión 2.5.0. También seleccionaremos este commit en TensorFlow versión 2.4.2, TensorFlow versión 2.3.3, TensorFlow versión 2.2.3 y TensorFlow versión 2.1.4, ya que estos también están afectados y aún están en el rango admitido
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-05-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-617: Reachable Assertion
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jhq9-wm9m-cf89 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/tensorflow/tensorflow/commit/704866eabe03a9aeda044ec91a8d0c83fc1ebdbe | 2021-07-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | < 2.1.4 Search vendor "Google" for product "Tensorflow" and version " < 2.1.4" | - |
Affected
| ||||||
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.2.0 < 2.2.3 Search vendor "Google" for product "Tensorflow" and version " >= 2.2.0 < 2.2.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.3.0 < 2.3.3 Search vendor "Google" for product "Tensorflow" and version " >= 2.3.0 < 2.3.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.4.0 < 2.4.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.4.0 < 2.4.2" | - |
Affected
| ||||||