CVE-2021-29523 : Security Advisory and Response
Learn about CVE-2021-29523, a vulnerability in TensorFlow allowing denial-of-service attacks. Discover impacted versions, mitigation steps, and long-term security practices.
A detailed overview of CVE-2021-29523 affecting TensorFlow versions.
Understanding CVE-2021-29523
This section provides insights into the vulnerability affecting TensorFlow.
What is CVE-2021-29523?
TensorFlow is an open-source platform for machine learning that is vulnerable to a denial-of-service attack due to a
CHECKtf.raw_ops.AddManySparseToTensorsMapCHECKThe Impact of CVE-2021-29523
The vulnerability has a CVSS base score of 2.5, with a low severity impact on availability. Although the confidentiality and integrity remain unaffected, immediate action is required to prevent exploitation.
Technical Details of CVE-2021-29523
Explore the technical aspects of the vulnerability to understand its implications better.
Vulnerability Description
The vulnerability arises from how dimensions are handled in the output shape construction, leading to
CHECKAffected Systems and Versions
TensorFlow versions prior to 2.1.4 and between 2.2.0 to 2.2.3, 2.3.0 to 2.3.3, and 2.4.0 to 2.4.2 are impacted by this vulnerability.
Exploitation Mechanism
Attack vectors involve local attack complexities with low privileges required, making it crucial to address the vulnerability promptly.
Mitigation and Prevention
Discover the necessary steps to mitigate the risks associated with CVE-2021-29523.
Immediate Steps to Take
Users are advised to update TensorFlow to version 2.5.0 or implement relevant patches to prevent exploitation. Additionally, legacy implementations should be replaced with updated constructs.
Long-Term Security Practices
Incorporating updated constructs like
BuildTensorShapeBaseAddDimWithStatusCHECKPatching and Updates
Regularly monitor and apply security patches released by TensorFlow to address known vulnerabilities and ensure system integrity.