1## TFSA-2021-040: Heap OOB in `QuantizeAndDequantizeV3` 2 3### CVE Number 4CVE-2021-29553 5 6### Impact 7An attacker can read data outside of bounds of heap allocated buffer in 8`tf.raw_ops.QuantizeAndDequantizeV3`: 9 10```python 11import tensorflow as tf 12 13tf.raw_ops.QuantizeAndDequantizeV3( 14 input=[2.5,2.5], input_min=[0,0], input_max=[1,1], num_bits=[30], 15 signed_input=False, range_given=False, narrow_range=False, axis=3) 16``` 17 18This is because the 19[implementation](https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) 20does not validate the value of user supplied `axis` attribute before using it to 21index in the array backing the `input` argument: 22 23```cc 24const int depth = (axis_ == -1) ? 1 : input.dim_size(axis_); 25``` 26 27### Patches 28We have patched the issue in GitHub commit 29[99085e8ff02c3763a0ec2263e44daec416f6a387](https://github.com/tensorflow/tensorflow/commit/99085e8ff02c3763a0ec2263e44daec416f6a387). 30 31The fix will be included in TensorFlow 2.5.0. We will also cherrypick this 32commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 332.1.4, as these are also affected and still in supported range. 34 35### For more information 36Please consult [our security 37guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 38more information regarding the security model and how to contact us with issues 39and questions. 40 41### Attribution 42This vulnerability has been reported by Aivul Team from Qihoo 360. 43