CVE-2021-41226: Heap OOB read in `SparseBinCount`
First published: Fri Nov 05 2021(Updated: )
### Impact The [implementation](https://github.com/tensorflow/tensorflow/blob/e71b86d47f8bc1816bf54d7bddc4170e47670b97/tensorflow/core/kernels/bincount_op.cc#L353-L417) of `SparseBinCount` is vulnerable to a heap OOB: ```python import tensorflow as tf tf.raw_ops.SparseBincount( indices=[[0],[1],[2]] values=[0,-10000000] dense_shape=[1,1] size=[1] weights=[3,2,1] binary_output=False) ``` This is because of missing validation between the elements of the `values` argument and the shape of the sparse output: ```cc for (int64_t i = 0; i < indices_mat.dimension(0); ++i) { const int64_t batch = indices_mat(i, 0); const Tidx bin = values(i); ... out(batch, bin) = ...; } ``` ### Patches We have patched the issue in GitHub commit [f410212e373eb2aec4c9e60bf3702eba99a38aba](https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | <2.4.4 | |
| Google TensorFlow | >=2.5.0<2.5.2 | |
| Google TensorFlow | >=2.6.0<2.6.1 | |
| pip/tensorflow-gpu | <2.4.4 | 2.4.4 |
| pip/tensorflow-gpu | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow-gpu | >=2.6.0<2.6.1 | 2.6.1 |
| pip/tensorflow-cpu | <2.4.4 | 2.4.4 |
| pip/tensorflow-cpu | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow-cpu | >=2.6.0<2.6.1 | 2.6.1 |
| pip/tensorflow | <2.4.4 | 2.4.4 |
| pip/tensorflow | >=2.5.0<2.5.2 | 2.5.2 |
| pip/tensorflow | >=2.6.0<2.6.1 | 2.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8
- https://nvd.nist.gov/vuln/detail/CVE-2021-41226
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-635.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-833.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-418.yaml
- https://github.com/advisories/GHSA-374m-jm66-3vj8 (Advisory)
Frequently Asked Questions
What is CVE-2021-41226?
CVE-2021-41226 is a vulnerability in TensorFlow, an open source platform for machine learning, which allows for a heap out-of-bounds access in the SparseBinCount implementation.
What is the severity of CVE-2021-41226?
CVE-2021-41226 has a severity value of 7.1, which is considered high.
How does CVE-2021-41226 affect TensorFlow?
CVE-2021-41226 affects certain versions of TensorFlow (up to and including 2.6.1) in the implementation of SparseBinCount due to missing validation between the elements of the 'values' argument and the shape of the sparse output.
How can I fix CVE-2021-41226?
To mitigate CVE-2021-41226, it is recommended to update TensorFlow to version 2.4.5, 2.5.3, or 2.6.2 or later as the fix has been included in those versions.
Where can I find more information about CVE-2021-41226?
More information about CVE-2021-41226 can be found in the TensorFlow GitHub commit and security advisories: [GitHub:tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba](https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba) and [GitHub:tensorflow/security/advisories/GHSA-374m-jm66-3vj8](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8).
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-374m-jm66-3vj8
- alias/CVE-2021-41226
- collector/nvd-cve
- source/NVD
- vendor/google
- canonical/google tensorflow
- version/google tensorflow/2.5.0
- version/google tensorflow/2.6.0
- package-manager/pip