1## TFSA-2021-150: Division by 0 in most convolution operators 2 3### CVE Number 4CVE-2021-37675 5 6### Impact 7Most implementations of convolution operators in TensorFlow are affected by a 8division by 0 vulnerability where an attacker can trigger a denial of service 9via a crash: 10 11```python 12import tensorflow as tf 13 14tf.compat.v1.disable_v2_behavior() 15tf.raw_ops.Conv2D( 16 input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32), 17 filter = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32), 18 strides = [1, 1, 1, 1], 19 padding = "SAME") 20``` 21 22The shape inference 23[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577) 24is missing several validations before doing divisions and modulo operations. 25 26### Patches 27We have patched the issue in GitHub commit 28[8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4](https://github.com/tensorflow/tensorflow/commit/8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4). 29 30The fix will be included in TensorFlow 2.6.0. We will also cherrypick this 31commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are 32also affected and still in supported range. 33 34### For more information 35Please consult [our security 36guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 37more information regarding the security model and how to contact us with issues 38and questions. 39 40### Attribution 41This vulnerability has been reported by Yakun Zhang of Baidu Security. 42