CVE-2021-29524

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: An attacker can trigger a division by 0 in tf.raw ops.Conv2DBackpropFilter. This is because the implementation does a modulus operation where the divisor is controlled by the caller. The issue can be exploited by creating a specific input tensor and filter sizes, allowing an attacker to cause a division by zero error.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow versions 2.4.2 and earlier, update to version 2.4.2 or later. For TensorFlow versions 2.3.3 and earlier, update to version 2.3.3 or later. For TensorFlow versions 2.2.3 and earlier, update to version 2.2.3 or later. For TensorFlow versions 2.1.4 and earlier, update to version 2.1.4 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.Conv2DBackpropFilter until a patch is applied.