CVE-2021-29548 : Security Advisory and Response
Discover the impact and mitigation strategies for CVE-2021-29548, a TensorFlow vulnerability allowing a runtime error leading to denial of service. Learn how to protect your systems.
TensorFlow is an end-to-end open source platform for machine learning. Learn about the impact, technical details, and mitigation of this CVE.
Understanding CVE-2021-29548
In this section, we'll delve into the details of the vulnerability found in TensorFlow.
What is CVE-2021-29548?
An attacker can exploit a runtime division by zero error in
tf.raw_ops.QuantizedBatchNormWithGlobalNormalizationThe Impact of CVE-2021-29548
The CVSS v3.1 base score for this vulnerability is 2.5 (Low severity). The attack complexity is high, with a local attack vector and low availability impact.
Technical Details of CVE-2021-29548
This section covers the specifics of the vulnerability.
Vulnerability Description
The flaw allows an attacker to trigger a runtime division by zero error, resulting in denial of service.
Affected Systems and Versions
TensorFlow versions prior to 2.1.4, 2.2.3, 2.3.3, and 2.4.2 are vulnerable to this issue.
Exploitation Mechanism
By exploiting the inadequate validation in
QuantizedBatchNormWithGlobalNormalizationMitigation and Prevention
Learn how to address and prevent the exploitation of CVE-2021-29548.
Immediate Steps to Take
Update TensorFlow to version 2.5.0 or apply the necessary patches provided by the vendor.
Long-Term Security Practices
Maintain an up-to-date software environment and follow secure coding practices to mitigate similar vulnerabilities.
Patching and Updates
Ensure timely application of security patches and updates to stay protected from known vulnerabilities.