CVE-2021-29561

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4

Description An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw ops.LoadAndRemapMatrix. This is because the implementation assumes that the ckpt path is always a valid scalar. However, an attacker can send any other tensor as the first argument of LoadAndRemapMatrix. This would cause the rank CHECK in scalar<T>()() to trigger and terminate the process.

Recommendations For TensorFlow versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For TensorFlow version 2.4.2, update to a version that includes the cherrypicked commit. For TensorFlow version 2.3.3, update to a version that includes the cherrypicked commit. For TensorFlow version 2.2.3, update to a version that includes the cherrypicked commit. For TensorFlow version 2.1.4, update to a version that includes the cherrypicked commit. As a temporary workaround, consider restricting the use of the tf.raw ops.LoadAndRemapMatrix function until a patch is available. Avoid using the ckpt path parameter with invalid scalars in the affected tf.raw ops.LoadAndRemapMatrix function until the issue is resolved.