Login Sign Up

CVE-2021-41205

7.1 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in TensorFlow's QuantizeAndDequantizeV* operations that could allow attackers to read sensitive memory contents. It affects TensorFlow users running affected versions who process untrusted models or inputs. The vulnerability could lead to information disclosure or potentially facilitate further attacks.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow versions before 2.4.4, 2.5.2, 2.6.1, and 2.7.0
Operating Systems: All operating systems running affected TensorFlow versions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in core TensorFlow operations; all deployments using affected versions are vulnerable when processing QuantizeAndDequantizeV* operations.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure leading to sensitive data exposure, potential information leak that could facilitate other attacks, or denial of service through application crashes.

🟠

Likely Case

Information disclosure from heap memory, potentially exposing model parameters, training data remnants, or other sensitive information stored in adjacent memory.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing; potential denial of service if application crashes.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing untrusted models/inputs, but many ML services accept external inputs.
🏢 Internal Only: LOW - Internal systems typically process trusted models, reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires control over model inputs or operations; no public exploits known as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.4.4, 2.5.2, 2.6.1, or 2.7.0

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f

Restart Required: Yes

Instructions:

1. Identify current TensorFlow version. 2. Upgrade to patched version: pip install tensorflow==2.7.0 (or appropriate version). 3. Restart all TensorFlow services and applications. 4. Test functionality with existing models.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Validate and sanitize all model inputs to prevent malicious QuantizeAndDequantizeV* operations

Model Source Verification

all

Only load models from trusted sources and verify model integrity before processing

🧯 If You Can't Patch

  • Implement strict input validation for all TensorFlow operations
  • Isolate TensorFlow processing in sandboxed environments with limited memory access

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' and compare with affected versions

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.4.4, 2.5.2, 2.6.1, or 2.7.0+: python -c 'import tensorflow as tf; print(tf.__version__)'

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow segmentation faults
  • Memory access violation errors
  • Unexpected application crashes during model processing

Network Indicators:

  • Unusual model uploads to ML services
  • Suspicious input patterns to QuantizeAndDequantize operations

SIEM Query:

source="tensorflow" AND (error="segmentation fault" OR error="memory violation" OR error="out of bounds")

📊 Metadata

CVE ID: CVE-2021-41205
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: November 5, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41205, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)