CVE-2021-29533

Description

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses `CHECK_*` assertions instead of `OP_REQUIRES` to validate user controlled inputs. Whereas `OP_REQUIRES` allows returning an error condition back to the user, the `CHECK_*` macros result in a crash if the condition is false, similar to `assert`. In this case, `height` is 0 from the `images` input. This results in `max_box_row_clamp` being negative and the assertion being falsified, followed by aborting program execution. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

How to fix CVE-2021-29533

To remediate CVE-2021-29533, upgrade the affected package to a fixed version below.

• —upgrade to 2.1.4 or later
• —upgrade to 2.1.4 or later
• —upgrade to b432a38fe0e1b4b904a6c222cbce794c39703e87 or later
• —upgrade to b432a38fe0e1b4b904a6c222cbce794c39703e87 or later
• —upgrade to 2.1.4 or later
• —upgrade to b432a38fe0e1b4b904a6c222cbce794c39703e87 or later
• —upgrade to 2.1.4 or later

Is CVE-2021-29533 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (7)

• from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• from 0, < 2.1.4
• from 0, < b432a38fe0e1b4b904a6c222cbce794c39703e87 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < b432a38fe0e1b4b904a6c222cbce794c39703e87 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < 2.1.4
• from 0, < b432a38fe0e1b4b904a6c222cbce794c39703e87 | from 0, < 2.2.0rc0, >= 2.2.0, < 2.3.0rc0, >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3
• from 0, < 2.1.4

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-29533
• PATCHgithub.com/tensorflow/tensorflow
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-461.yaml
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-659.yaml