CVE-2021-29555 : What You Need to Know
Discover how the TensorFlow CVE-2021-29555 vulnerability exposes a division by 0 flaw in `FusedBatchNorm`, enabling denial of service attacks. Learn about the impact and mitigation steps.
TensorFlow, an open-source platform for machine learning, is impacted by CVE-2021-29555 due to a division by 0 vulnerability in
FusedBatchNormUnderstanding CVE-2021-29555
TensorFlow's vulnerability, CVE-2021-29555, stems from a division by 0 flaw in the
FusedBatchNormWhat is CVE-2021-29555?
CVE-2021-29555 is a vulnerability in TensorFlow that enables attackers to trigger a denial of service by exploiting a division by 0 error within the
FusedBatchNormThe Impact of CVE-2021-29555
The impact of CVE-2021-29555 is rated as low severity. While it requires a low level of privileges for exploitation, the attack complexity is high due to the local attack vector. The confidentiality and integrity impacts are both none, with low availability impact.
Technical Details of CVE-2021-29555
The vulnerability in TensorFlow's
FusedBatchNormxVulnerability Description
The flaw allows attackers to exploit a division by 0 condition in
FusedBatchNormAffected Systems and Versions
The versions affected include TensorFlow < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2.
Exploitation Mechanism
By manipulating the last dimension of the input tensor, attackers can induce a division by 0 error within the
FusedBatchNormMitigation and Prevention
To safeguard against CVE-2021-29555:
Immediate Steps to Take
- Apply the respective patches provided by TensorFlow to address the vulnerability.
Long-Term Security Practices
- Regularly update TensorFlow to versions beyond the affected range to mitigate the risk of exploitation.
Patching and Updates
- Ensure timely installation of TensorFlow patches, particularly version 2.5.0 or later, which includes the fix for CVE-2021-29555.