CVE-2021-37640

Advisory

Tensorflow-rocm 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-95xm-g58g-3p88
• https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37640