CVE-2021-37654 – This vulnerability in TensorFlow allows attacke... (How to Fix)

Q: What is the severity of CVE-2021-37654?

CVE-2021-37654 has a CVSS score of 7.3 (HIGH). This vulnerability in TensorFlow allows attackers to trigger crashes or read data outside allocated memory bounds via the ResourceGather API. It affects TensorFlow users who process untrusted input with the vulnerable function, potentially leading to denial of service or information disclosure.

📋 TL;DR

This vulnerability in TensorFlow allows attackers to trigger crashes or read data outside allocated memory bounds via the ResourceGather API. It affects TensorFlow users who process untrusted input with the vulnerable function, potentially leading to denial of service or information disclosure.

💻 Affected Systems

Products:

TensorFlow

Versions: TensorFlow 2.3.0 to 2.5.0, and earlier versions if using ResourceGather

Operating Systems: All platforms running affected TensorFlow versions

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in both debug and release builds - debug builds crash via CHECK-fail, release builds have out-of-bounds reads.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution via memory corruption leading to full system compromise, though this requires specific memory layout conditions.

🟠

Likely Case

Denial of service through application crashes or information disclosure via out-of-bounds memory reads.

🟢

If Mitigated

No impact if proper input validation is implemented or vulnerable functions aren't exposed to untrusted users.

🌐 Internet-Facing: MEDIUM - Exploitable if TensorFlow services accept user input via ResourceGather API, but requires specific API usage.

🏢 Internal Only: LOW - Lower risk in controlled environments unless processing untrusted data internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires calling tf.raw_ops.ResourceGather with malicious batch_dims parameter. No authentication needed if API is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.6.0, 2.5.1, 2.4.3, 2.3.4

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4

Restart Required: No

Instructions:

1. Update TensorFlow to patched version: pip install --upgrade tensorflow==2.6.0 (or appropriate version). 2. Verify installation with: python -c 'import tensorflow as tf; print(tf.__version__)'.

🔧 Temporary Workarounds

Input Validation Wrapper

all

Add validation to ensure batch_dims < input tensor rank before calling ResourceGather

# Python code to wrap ResourceGather calls
import tensorflow as tf

def safe_resource_gather(resource, indices, batch_dims=0, name=None):
    if batch_dims >= resource.shape.rank:
        raise ValueError('batch_dims must be less than tensor rank')
    return tf.raw_ops.ResourceGather(resource=resource, indices=indices, batch_dims=batch_dims, name=name)

🧯 If You Can't Patch

Restrict access to TensorFlow services processing untrusted input
Implement strict input validation for all ResourceGather API calls

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' - versions 2.3.0-2.5.0 are vulnerable.

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.6.0, 2.5.1, 2.4.3, or 2.3.4. Test ResourceGather with invalid batch_dims to ensure proper error handling.

📡 Detection & Monitoring

Log Indicators:

TensorFlow crash logs mentioning ResourceGather
CHECK-fail errors in debug builds
Memory access violation errors

Network Indicators:

Unusual requests to TensorFlow-serving APIs with batch_dims parameters

SIEM Query:

source="tensorflow" AND ("ResourceGather" OR "CHECK-fail" OR "out of bounds")

📊 Metadata

CVE ID: CVE-2021-37654

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CWE: CWE-125

Published: August 12, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d Patch,Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4 Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d Patch,Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37654, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Tensorflow by Google

Tensorflow by Google

Tensorflow by Google

Tensorflow by Google

Tensorflow by Google

Tensorflow by Google

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Wrapper

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities