CVE-2021-41213: Deadlock in mutually recursive `tf.function` objects
First published: Fri Nov 05 2021(Updated: )
### Impact The [code behind `tf.function` API](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/python/eager/def_function.py#L542) can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive: ```python import tensorflow as tf @tf.function() def fun1(num): if num == 1: return print(num) fun2(num-1) @tf.function() def fun2(num): if num == 0: return print(num) fun1(num-1) fun1(9) ``` This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. ### Patches We have patched the issue in GitHub commit [afac8158d43691661ad083f6dd9e56f327c1dcb7](https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | >=2.4.0<2.4.4 | |
| Google TensorFlow | >=2.6.0<2.6.1 | |
| Google TensorFlow | =2.7.0-rc0 | |
| Google TensorFlow | =2.7.0-rc1 | |
| pip/tensorflow-gpu | <2.4.4 | 2.4.4 |
| pip/tensorflow-gpu | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow-gpu | >=2.6.0<2.6.1 | 2.6.1 |
| pip/tensorflow-cpu | <2.4.4 | 2.4.4 |
| pip/tensorflow-cpu | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow-cpu | >=2.6.0<2.6.1 | 2.6.1 |
| pip/tensorflow | <2.4.4 | 2.4.4 |
| pip/tensorflow | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow | >=2.6.0<2.6.1 | 2.6.1 |
| >=2.4.0<2.4.4 | ||
| >=2.6.0<2.6.1 | ||
| =2.7.0-rc0 | ||
| =2.7.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf
- https://nvd.nist.gov/vuln/detail/CVE-2021-41213
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-622.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-820.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-405.yaml
- https://github.com/advisories/GHSA-h67m-xg8f-fxcf (Advisory)
Frequently Asked Questions
What is CVE-2021-41213?
CVE-2021-41213 is a vulnerability in TensorFlow, an open-source platform for machine learning, that can cause deadlock when two tf.function decorated Python functions are mutually recursive due to the use of a non-reentrant Lock Python object.
How severe is CVE-2021-41213?
CVE-2021-41213 has a severity rating of 5.5 (medium).
Which versions of TensorFlow are affected by CVE-2021-41213?
The versions affected by CVE-2021-41213 are TensorFlow 2.4.0 to 2.4.4, TensorFlow 2.6.0 to 2.6.1, TensorFlow 2.7.0-rc0, and TensorFlow 2.7.0-rc1.
How can I fix CVE-2021-41213?
To fix CVE-2021-41213, update your TensorFlow installation to a version that includes the patch.
Where can I find more information about CVE-2021-41213?
You can find more information about CVE-2021-41213 on the GitHub commit and security advisory pages: GitHub commit: https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7, GitHub security advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf
- agent/weakness
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/title
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-h67m-xg8f-fxcf
- alias/CVE-2021-41213
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/nvd-api
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/google
- canonical/google tensorflow
- version/google tensorflow/2.4.0
- version/google tensorflow/2.5.0
- version/google tensorflow/2.6.0
- version/google tensorflow/2.7.0-rc0
- version/google tensorflow/2.7.0-rc1
- package-manager/pip