Lucene search
PRIOn knowledge basePRION:CVE-2021-29546HistoryMay 14, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-05-1420:15:00
PRIOn knowledge base
www.prio-n.com
3
0.0005 Low
EPSS
Percentile
17.8%
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.raw_ops.QuantizedBiasAdd. This is because the implementation of the Eigen kernel(https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | ge | 2.4.0 | |
| tensorflow | lt | 2.4.2 | |
| tensorflow | ge | 2.3.0 | |
| tensorflow | lt | 2.3.3 | |
| tensorflow | ge | 2.2.0 | |
| tensorflow | lt | 2.2.3 | |
| tensorflow | lt | 2.1.4 |
Related
osv
osv
PYSEC-2021-474
2021-05-14 20:15:00
Division by 0 in `QuantizedBiasAdd`
2021-05-21 14:23:28
CVE-2021-29546
2021-05-14 20:15:12
veracode
veracode
Denial Of Service(DoS)
2021-05-17 07:51:54
nvd
nvd
CVE-2021-29546
2021-05-14 20:15:12
cvelist
cvelist
CVE-2021-29546 Division by 0 in `QuantizedBiasAdd`
2021-05-14 19:10:55
cve
cve
CVE-2021-29546
2021-05-14 20:15:12
github
github
Division by 0 in `QuantizedBiasAdd`
2021-05-21 14:23:28
ibm
ibm