1## TFSA-2021-086: Division by zero in TFLite's implementation of `SVDF` 2 3### CVE Number 4CVE-2021-29598 5 6### Impact 7The implementation of the `SVDF` TFLite operator is [vulnerable to a 8division by zero 9error](https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102): 10 11```cc 12const int rank = params->rank; 13... 14TF_LITE_ENSURE_EQ(context, num_filters % rank, 0); 15``` 16 17An attacker can craft a model such that `params->rank` would be 0. 18 19### Patches 20We have patched the issue in GitHub commit 21[6841e522a3e7d48706a02e8819836e809f738682](https://github.com/tensorflow/tensorflow/commit/6841e522a3e7d48706a02e8819836e809f738682). 22 23The fix will be included in TensorFlow 2.5.0. We will also cherrypick this 24commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 252.1.4, as these are also affected and still in supported range. 26 27### For more information 28Please consult [our security 29guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 30more information regarding the security model and how to contact us with issues 31and questions. 32 33### Attribution 34This vulnerability has been reported by members of the Aivul Team from Qihoo 35360. 36