1## TFSA-2021-089: Division by zero in TFLite's implementation of `DepthwiseConv` 2 3### CVE Number 4CVE-2021-29602 5 6### Impact 7The implementation of the `DepthwiseConv` TFLite operator is [vulnerable to a 8division by zero 9error](https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288): 10 11```cc 12int num_input_channels = SizeOfDimension(input, 3); 13TF_LITE_ENSURE_EQ(context, num_filter_channels % num_input_channels, 0); 14``` 15 16An attacker can craft a model such that `input`'s fourth dimension would be 0. 17 18### Patches 19We have patched the issue in GitHub commit 20[cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0](https://github.com/tensorflow/tensorflow/commit/cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0). 21 22The fix will be included in TensorFlow 2.5.0. We will also cherrypick this 23commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 242.1.4, as these are also affected and still in supported range. 25 26### For more information 27Please consult [our security 28guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 29more information regarding the security model and how to contact us with issues 30and questions. 31 32### Attribution 33This vulnerability has been reported by members of the Aivul Team from Qihoo 34360. 35