CVE-2021-29598: Division by zero in TFLite's implementation of `SVDF`
(updated )
The implementation of the SVDF
TFLite operator is vulnerable to a division by zero error:
const int rank = params->rank;
...
TF_LITE_ENSURE_EQ(context, num_filters % rank, 0);
An attacker can craft a model such that params->rank
would be 0.
References
- github.com/advisories/GHSA-pmpr-55fj-r229
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-526.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-724.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-235.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc
- github.com/tensorflow/tensorflow/commit/6841e522a3e7d48706a02e8819836e809f738682
- github.com/tensorflow/tensorflow/security/advisories/GHSA-pmpr-55fj-r229
- nvd.nist.gov/vuln/detail/CVE-2021-29598
Detect and mitigate CVE-2021-29598 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →