How severe is CVE-2021-29544?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-29544?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2021-29544 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`. This is because the implementation does not validate the rank of the `input_*` tensors. In turn, this results in the tensors being passes as they are to `QuantizeAndDequantizePerChannelGradientImpl`. However, the `vec<T>` method, requires the rank to 1 and triggers a `CHECK` failure otherwise. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version.

Related Vulnerabilities

CVE-2017-17815

MEDIUM

CVSS:5.5(Medium)

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationsh...

CWE-7542017

CVE-2018-15815

MEDIUM

CVSS:5.5(Medium)

FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.

CWE-7542018

CVE-2018-18690

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition...

CWE-7542018

CVE-2019-11165

MEDIUM

CVSS:5.5(Medium)

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service vi...

CWE-7542019

CVE-2019-11459

MEDIUM

CVSS:5.5(Medium)

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to un...

CWE-7542019

CVE-2019-17257

MEDIUM

CVSS:5.5(Medium)

IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.

CWE-7542019