CVE-2021-29561

LOW

TensorFlow < 2.1.4 - Denial of Service via LoadAndRemapMatrix ckpt_path CHECK Failure

Title source: llm

Description

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from `tf.raw_ops.LoadAndRemapMatrix`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) assumes that the `ckpt_path` is always a valid scalar. However, an attacker can send any other tensor as the first argument of `LoadAndRemapMatrix`. This would cause the rank `CHECK` in `scalar<T>()()` to trigger and terminate the process. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

References (2)

Core 2

Core References

Exploit, Patch, Third Party Advisory x_refsource_confirm

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gvm4-h8j3-rjrq

Patch, Third Party Advisory x_refsource_misc

https://github.com/tensorflow/tensorflow/commit/77dd114513d7796e1e2b8aece214a380af26fbf4

Scores

CVSS v3 2.5

EPSS 0.0019

EPSS Percentile 8.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-617

Status published

Products (4)

google/tensorflow < 2.1.4

pypi/tensorflow 0 - 2.1.4PyPI

pypi/tensorflow-cpu 0 - 2.1.4PyPI

pypi/tensorflow-gpu 0 - 2.1.4PyPI

Published May 14, 2021

Tracked Since Feb 18, 2026