Miggo Logo

CVE-2021-41205: Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

7.1

CVSS Score
3.1

Basic Information

EPSS Score
0.03059%
Published
11/10/2021
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip>= 2.6.0, < 2.6.12.6.1
tensorflowpip>= 2.5.0, < 2.5.22.5.2
tensorflowpip< 2.4.42.4.4
tensorflow-cpupip>= 2.6.0, < 2.6.12.6.1
tensorflow-cpupip>= 2.5.0, < 2.5.22.5.2
tensorflow-cpupip< 2.4.42.4.4
tensorflow-gpupip>= 2.6.0, < 2.6.12.6.1
tensorflow-gpupip>= 2.5.0, < 2.5.22.5.2
tensorflow-gpupip< 2.4.42.4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from shape inference functions in QuantizeAndDequantizeV* ops that only checked for axis != -1 but allowed other negative values. The code attempted to access c->Dim(input, axis) without proper validation of negative axis values, leading to OOB reads. The commit diff shows fixes applied to all four variants (V2, V3, V4, V4Grad) in array_ops.cc by adding explicit checks for axis < -1. Each operation's registration in array_ops.cc contains a shape inference function with this vulnerable pattern, making them clearly identifiable as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** [s**p* in**r*n** *un*tions *or t** `Qu*ntiz**n***qu*ntiz*V*` op*r*tions](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/*or*/ops/*rr*y_ops.**) **n tri***r * r*** outsi** o* *oun*s o* *

Reasoning

T** vuln*r**ility st*ms *rom s**p* in**r*n** *un*tions in Qu*ntiz**n***qu*ntiz*V* ops t**t only ****k** *or *xis != -* *ut *llow** ot**r n***tiv* v*lu*s. T** *o** *tt*mpt** to ****ss *->*im(input, *xis) wit*out prop*r v*li**tion o* n***tiv* *xis v*lu