2021-37665 | Google TensorFlow null pointer dereference


CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
6.0 $0-$5k 0.38

A vulnerability has been found in Google TensorFlow up to 2.3.3/2.4.2/2.5.0 (Artificial Intelligence Software) and classified as critical. Affected by this vulnerability is an unknown code. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-476. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

The weakness was released 08/13/2021. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2021-37665 since 07/29/2021. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/17/2021).

Upgrading to version 2.3.4, 2.4.3, 2.5.1 or 2.6.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Type

Vendor

Name

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍

AV AC Au C I A
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
Vector Complexity Authentication Confidentiality Integrity Availability
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Denial of service
CWE: CWE-476
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒


0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: TensorFlow 2.3.4/2.4.3/2.5.1/2.6.0
Patch: github.com

07/29/2021 CVE assigned
08/13/2021 +15 days Advisory disclosed
08/13/2021 +0 days VulDB entry created
08/17/2021 +4 days VulDB last updateVendor: https://www.google.com/

Advisory: github.com
Status: Confirmed
Confirmation: 🔒

CVE: CVE-2021-37665 (🔒)

Created: 08/13/2021 06:59
Updated: 08/17/2021 15:12
Changes: (1) source_cve_cna
Complete: 🔍

Download the whitepaper to learn more about our service!



Source link