Cloud Defense Logo

Products

Solutions

Company

CVE-2021-29555 : What You Need to Know

Discover how the TensorFlow CVE-2021-29555 vulnerability exposes a division by 0 flaw in `FusedBatchNorm`, enabling denial of service attacks. Learn about the impact and mitigation steps.

TensorFlow, an open-source platform for machine learning, is impacted by CVE-2021-29555 due to a division by 0 vulnerability in

FusedBatchNorm
. An attacker can exploit this issue to cause a denial of service. Here's all you need to know about this CVE.

Understanding CVE-2021-29555

TensorFlow's vulnerability, CVE-2021-29555, stems from a division by 0 flaw in the

FusedBatchNorm
component, allowing attackers to launch denial-of-service attacks.

What is CVE-2021-29555?

CVE-2021-29555 is a vulnerability in TensorFlow that enables attackers to trigger a denial of service by exploiting a division by 0 error within the

FusedBatchNorm
operation.

The Impact of CVE-2021-29555

The impact of CVE-2021-29555 is rated as low severity. While it requires a low level of privileges for exploitation, the attack complexity is high due to the local attack vector. The confidentiality and integrity impacts are both none, with low availability impact.

Technical Details of CVE-2021-29555

The vulnerability in TensorFlow's

FusedBatchNorm
operation arises from a division error based on the last dimension of the
x
tensor provided by users, leading to denial-of-service possibilities.

Vulnerability Description

The flaw allows attackers to exploit a division by 0 condition in

FusedBatchNorm
, triggering a denial-of-service scenario due to the user-controlled 'x' tensor dimension.

Affected Systems and Versions

The versions affected include TensorFlow < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2.

Exploitation Mechanism

By manipulating the last dimension of the input tensor, attackers can induce a division by 0 error within the

FusedBatchNorm
implementation, resulting in denial-of-service conditions.

Mitigation and Prevention

To safeguard against CVE-2021-29555:

Immediate Steps to Take

        Apply the respective patches provided by TensorFlow to address the vulnerability.

Long-Term Security Practices

        Regularly update TensorFlow to versions beyond the affected range to mitigate the risk of exploitation.

Patching and Updates

        Ensure timely installation of TensorFlow patches, particularly version 2.5.0 or later, which includes the fix for CVE-2021-29555.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now