Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoODctZnZqci12MzN3

CHECK-fail in `tf.raw_ops.RFFT`

Impact

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT:

import tensorflow as tf

inputs = tf.constant([1], shape=[1], dtype=tf.float32)
fft_length = tf.constant([0], shape=[1], dtype=tf.int32)

tf.raw_ops.RFFT(input=inputs, fft_length=fft_length)

The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

Patches

We have patched the issue in GitHub commit 31bd5026304677faa8a0b77602c6154171b9aec1.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.

Permalink: https://github.com/advisories/GHSA-ph87-fvjr-v33w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoODctZnZqci12MzN3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago

CVSS Score: 2.5
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Identifiers: GHSA-ph87-fvjr-v33w, CVE-2021-29563
References:

• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ph87-fvjr-v33w
• https://nvd.nist.gov/vuln/detail/CVE-2021-29563
• https://github.com/tensorflow/tensorflow/commit/31bd5026304677faa8a0b77602c6154171b9aec1
• https://github.com/advisories/GHSA-ph87-fvjr-v33w

Repository: https://github.com/tensorflow/tensorflow
Blast Radius: 12.2

Affected Packages