Cloud Defense Logo

Products

Solutions

Company

CVE-2021-29528 : Security Advisory and Response

Explore CVE-2021-29528 revealing a TensorFlow vulnerability allowing Division by 0 in `QuantizedMul`. Learn impacted versions, risks, and mitigation steps.

TensorFlow is an end-to-end open-source platform for machine learning. The vulnerability in this CVE, labeled as 'Division by 0 in

QuantizedMul
', allows an attacker to trigger a division by 0 in
tf.raw_ops.QuantizedMul
. The issue arises from a division operation influenced by the caller, impacting versions ranging from < 2.1.4 to < 2.4.2. This vulnerability has a CVSS base score of 2.5 (Low severity).

Understanding CVE-2021-29528

This section will delve into what CVE-2021-29528 entails and its potential impacts.

What is CVE-2021-29528?

The CVE identifies a vulnerability in TensorFlow that enables an attacker to induce a divide by 0 scenario in

tf.raw_ops.QuantizedMul
. This arises due to a division operation impacted by external factors.

The Impact of CVE-2021-29528

The vulnerability exposes affected versions of TensorFlow (< 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2) to potential exploitation. The exploitation could lead to disruptions in operations and possible security breaches.

Technical Details of CVE-2021-29528

Let's explore the technical aspects of the CVE in more detail.

Vulnerability Description

The vulnerability stems from the

QuantizedMul
functionality within TensorFlow, where an attacker can manipulate the division operation by influencing a specific quantity, causing a division by 0.

Affected Systems and Versions

TensorFlow versions prior to 2.1.4 and between 2.2.0 to 2.4.2 are susceptible to this vulnerability, presenting a risk to systems leveraging these versions.

Exploitation Mechanism

Exploiting this vulnerability involves triggering a division by 0 scenario in

tf.raw_ops.QuantizedMul
, which can be initiated by influencing the controlled quantity.

Mitigation and Prevention

Learn how to address and prevent the CVE-2021-29528 vulnerability effectively.

Immediate Steps to Take

Update to TensorFlow version 2.5.0 to mitigate the vulnerability. For versions still within support, patches are available for TensorFlow 2.1.4, 2.2.3, 2.3.3, and 2.4.2 to address the issue.

Long-Term Security Practices

Incorporate secure coding practices, regular security assessments, and timely updates to ensure overall system security and resilience.

Patching and Updates

Stay informed about security advisories from TensorFlow and promptly apply patches and updates to safeguard against known vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now