CVE-2021-37688
📋 TL;DR
This vulnerability allows attackers to craft malicious TFLite models that trigger a null pointer dereference in TensorFlow, causing a crash and denial of service. It affects TensorFlow users who process untrusted TFLite models, particularly in production ML inference systems.
💻 Affected Systems
- TensorFlow
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption through denial of service, potentially affecting critical ML inference pipelines and downstream applications.
Likely Case
Service crashes when processing malicious models, requiring restart and causing temporary unavailability.
If Mitigated
Minimal impact with proper input validation and model vetting procedures in place.
🎯 Exploit Status
Attack requires ability to submit TFLite models to vulnerable systems. No authentication needed if model submission endpoint is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: TensorFlow 2.6.0, 2.5.1, 2.4.3, 2.3.4
Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vcjj-9vg7-vf68
Restart Required: Yes
Instructions:
1. Update TensorFlow to patched version using pip: pip install --upgrade tensorflow==2.6.0 2. Restart all TensorFlow services and applications 3. Verify fix by checking version: python -c 'import tensorflow as tf; print(tf.__version__)'
🔧 Temporary Workarounds
Input validation for TFLite models
allImplement strict validation and sanitization of all incoming TFLite models before processing
Model source restriction
allOnly accept TFLite models from trusted, verified sources with cryptographic signatures
🧯 If You Can't Patch
- Implement network segmentation to isolate TensorFlow services processing untrusted models
- Deploy runtime protection tools to detect and block null pointer dereference attempts
🔍 How to Verify
Check if Vulnerable:
Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)'. Versions 2.3.0-2.5.0 are vulnerable.Check Version:
python -c 'import tensorflow as tf; print(tf.__version__)'Verify Fix Applied:
Verify version is 2.6.0, 2.5.1, 2.4.3, or 2.3.4. Test with known safe TFLite models to ensure processing works.📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs from TensorFlow processes
- Abnormal termination of model inference services
- Repeated model processing failures
Network Indicators:
- Unusual spikes in model submission traffic
- Requests with malformed TFLite model files
SIEM Query:
source="tensorflow" AND ("segmentation fault" OR "null pointer" OR "crash" OR "SIGSEGV")🔗 References
- https://github.com/tensorflow/tensorflow/commit/15691e456c7dc9bd6be203b09765b063bf4a380c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vcjj-9vg7-vf68
- https://github.com/tensorflow/tensorflow/commit/15691e456c7dc9bd6be203b09765b063bf4a380c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vcjj-9vg7-vf68
