CVE-2021-37665: Incomplete validation in MKL requantization in TensorFlow
First published: Thu Aug 12 2021(Updated: )
### Impact Due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: ```python import tensorflow as tf tf.raw_ops.RequantizationRangePerChannel( input=[], input_min=[0,0,0,0,0], input_max=[1,1,1,1,1], clip_value_max=1) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`: ```python import tensorflow as tf from tensorflow.python.ops import gen_math_ops gen_math_ops.requantize_per_channel( input=[], input_min=[-100,-100,-100,-100,-100], input_max=[-100,-100,-100], requested_output_min=[-100,-100,-100,-100,-100], requested_output_max=[], out_type=tf.int) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. ### Patches We have patched the issue in GitHub commit [9e62869465573cb2d9b5053f1fa02a81fce21d69](https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69) and in the Github commit [203214568f5bc237603dbab6e1fd389f1572f5c9](https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9). The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | >=2.3.0<2.3.4 | |
| Google TensorFlow | >=2.4.0<2.4.3 | |
| Google TensorFlow | =2.5.0 | |
| Google TensorFlow | =2.6.0-rc0 | |
| Google TensorFlow | =2.6.0-rc1 | |
| Google TensorFlow | =2.6.0-rc2 | |
| pip/tensorflow-gpu | =2.5.0 | 2.5.1 |
| pip/tensorflow-gpu | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow-gpu | <2.3.4 | 2.3.4 |
| pip/tensorflow-cpu | =2.5.0 | 2.5.1 |
| pip/tensorflow-cpu | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow-cpu | <2.3.4 | 2.3.4 |
| pip/tensorflow | =2.5.0 | 2.5.1 |
| pip/tensorflow | >=2.4.0<2.4.3 | 2.4.3 |
| pip/tensorflow | <2.3.4 | 2.3.4 |
| >=2.3.0<2.3.4 | ||
| >=2.4.0<2.4.3 | ||
| =2.5.0 | ||
| =2.6.0-rc0 | ||
| =2.6.0-rc1 | ||
| =2.6.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9
- https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp
- https://nvd.nist.gov/vuln/detail/CVE-2021-37665
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-578.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-776.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-287.yaml
- https://github.com/advisories/GHSA-v82p-hv3v-p6qp (Advisory)
Frequently Asked Questions
What is the severity of CVE-2021-37665?
CVE-2021-37665 has been classified as a high severity vulnerability due to the risk of undefined behavior and potential data leak.
How do I fix CVE-2021-37665?
To fix CVE-2021-37665, users should upgrade to TensorFlow version 2.5.1 or later, or update to 2.4.3 or 2.3.4 depending on their version.
What software is affected by CVE-2021-37665?
CVE-2021-37665 affects TensorFlow versions 2.3.0 to 2.3.4, 2.4.0 to 2.4.3, and 2.5.0, as well as release candidates of version 2.6.0.
What type of vulnerabilities does CVE-2021-37665 include?
CVE-2021-37665 includes vulnerabilities related to incomplete validation in the MKL implementation leading to memory access issues.
Is CVE-2021-37665 being actively exploited?
As of now, there is no public information indicating that CVE-2021-37665 is being actively exploited in the wild.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-v82p-hv3v-p6qp
- alias/CVE-2021-37665
- agent/software-canonical-lookup
- agent/references
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/trending
- agent/tags
- agent/source
- vendor/google
- canonical/google tensorflow
- version/google tensorflow/2.3.0
- version/google tensorflow/2.4.0
- version/google tensorflow/2.5.0
- version/google tensorflow/2.6.0-rc0
- version/google tensorflow/2.6.0-rc1
- version/google tensorflow/2.6.0-rc2
- package-manager/pip