CVE-2021-29527
Division by 0 in `QuantizedConv2D`
Description
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/00e9a4d67d76703fa1aee33dac582acf317e0e81/tensorflow/core/kernels/quantized_conv_ops.cc#L257-L259) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
How to fix CVE-2021-29527
To remediate CVE-2021-29527, upgrade the affected package to a fixed version below.
- —upgrade to 2.1.4 or later
- —upgrade to 2.1.4 or later
- —upgrade to cfa91be9863a91d5105a3b4941096044ab32036b or later
- —upgrade to cfa91be9863a91d5105a3b4941096044ab32036b or later
- —upgrade to 2.1.4 or later
- —upgrade to cfa91be9863a91d5105a3b4941096044ab32036b or later
- —upgrade to 2.1.4 or later
Is CVE-2021-29527 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (7)
- from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
- from 0, < 2.1.4
- from 0, < cfa91be9863a91d5105a3b4941096044ab32036b | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
- from 0, < cfa91be9863a91d5105a3b4941096044ab32036b | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
- from 0, < 2.1.4
- from 0, < cfa91be9863a91d5105a3b4941096044ab32036b | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
- from 0, < 2.1.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW2.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |