CVE-2021-29549: Division by 0 in `QuantizedAdd`
First published: Fri May 14 2021(Updated: )
### Impact An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedAdd`: ```python import tensorflow as tf x = tf.constant([68, 228], shape=[2, 1], dtype=tf.quint8) y = tf.constant([], shape=[2, 0], dtype=tf.quint8) min_x = tf.constant(10.723421015884028) max_x = tf.constant(15.19578006631113) min_y = tf.constant(-5.539003866682977) max_y = tf.constant(42.18819949559947) tf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y) ``` This is because the [implementation](https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. ```cc void VectorTensorAddition(const T* vector_data, float min_vector, float max_vector, int64 vector_num_elements, const T* tensor_data, float min_tensor, float max_tensor, int64 tensor_num_elements, float output_min, float output_max, Toutput* output) { for (int i = 0; i < tensor_num_elements; ++i) { const int64 vector_i = i % vector_num_elements; ... } } ``` Since `vector_num_elements` is [determined based on input shapes](https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0. ### Patches We have patched the issue in GitHub commit [744009c9e5cc5d0447f0dc39d055f917e1fd9e16](https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16). The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | <2.1.4 | |
| Google TensorFlow | >=2.2.0<2.2.3 | |
| Google TensorFlow | >=2.3.0<2.3.3 | |
| Google TensorFlow | >=2.4.0<2.4.2 | |
| pip/tensorflow-gpu | >=2.4.0<2.4.2 | 2.4.2 |
| pip/tensorflow-gpu | >=2.3.0<2.3.3 | 2.3.3 |
| pip/tensorflow-gpu | >=2.2.0<2.2.3 | 2.2.3 |
| pip/tensorflow-gpu | <2.1.4 | 2.1.4 |
| pip/tensorflow-cpu | >=2.4.0<2.4.2 | 2.4.2 |
| pip/tensorflow-cpu | >=2.3.0<2.3.3 | 2.3.3 |
| pip/tensorflow-cpu | >=2.2.0<2.2.3 | 2.2.3 |
| pip/tensorflow-cpu | <2.1.4 | 2.1.4 |
| pip/tensorflow | >=2.4.0<2.4.2 | 2.4.2 |
| pip/tensorflow | >=2.3.0<2.3.3 | 2.3.3 |
| pip/tensorflow | >=2.2.0<2.2.3 | 2.2.3 |
| pip/tensorflow | <2.1.4 | 2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x83m-p7pv-ch8v
- https://nvd.nist.gov/vuln/detail/CVE-2021-29549
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-477.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-675.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-186.yaml
- https://github.com/advisories/GHSA-x83m-p7pv-ch8v (Advisory)
Frequently Asked Questions
What is the severity of CVE-2021-29549?
CVE-2021-29549 has a severity rating that allows for denial of service conditions due to a runtime division by zero error.
How do I fix CVE-2021-29549?
To fix CVE-2021-29549, upgrade TensorFlow to version 2.4.2 or any version above it.
What versions of TensorFlow are affected by CVE-2021-29549?
CVE-2021-29549 affects TensorFlow versions below 2.4.2, specifically versions from 2.1.4 to below 2.4.2.
What kind of attack is possible with CVE-2021-29549?
CVE-2021-29549 allows an attacker to create conditions that lead to a denial of service through a division by zero error.
Is CVE-2021-29549 limited to specific environments?
CVE-2021-29549 affects all environments running vulnerable versions of TensorFlow, including both CPU and GPU implementations.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/severity
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-x83m-p7pv-ch8v
- alias/CVE-2021-29549
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- agent/trending
- agent/tags
- agent/source
- vendor/google
- canonical/google tensorflow
- version/google tensorflow/2.2.0
- version/google tensorflow/2.3.0
- version/google tensorflow/2.4.0
- package-manager/pip