CVE-2021-29554

Description

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division. Since `data` is given by the `values` argument, `num_batch_elements` is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, and TensorFlow 2.3.3, as these are also affected.

How to fix CVE-2021-29554

To remediate CVE-2021-29554, upgrade the affected package to a fixed version below.

—upgrade to 2.1.4 or later
—upgrade to 2.3.3 or later
—upgrade to da5ff2daf618591f64b2b62d9d9803951b945e9f or later
—upgrade to da5ff2daf618591f64b2b62d9d9803951b945e9f or later
—upgrade to 2.3.3 or later
—upgrade to da5ff2daf618591f64b2b62d9d9803951b945e9f or later
—upgrade to 2.3.3 or later

Is CVE-2021-29554 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (7)

from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
>= 2.3.0, < 2.3.3
from 0, < da5ff2daf618591f64b2b62d9d9803951b945e9f | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
from 0, < da5ff2daf618591f64b2b62d9d9803951b945e9f | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
>= 2.3.0, < 2.3.3
from 0, < da5ff2daf618591f64b2b62d9d9803951b945e9f | from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
>= 2.3.0, < 2.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
osv	CVSS 3.1	LOW2.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L