CVE-2021-41221
- Source
- https://cve.org/CVERecord?id=CVE-2021-41221
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41221.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41221
- Aliases
- Downstream
- Related
- Published
- 2021-11-05T23:15:08.413Z
- Modified
- 2026-02-03T21:34:43.164112Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the
Cudnn*operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of theinput,input_handinput_cparameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. - References
-
- https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx
- https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedFixed
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41221.json"
vanir_signatures
[
{
"signature_type": "Line",
"source": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "tensorflow/core/ops/cudnn_rnn_ops_test.cc"
},
"id": "CVE-2021-41221-0d55eb0b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"118694546093519178402817787757898241473",
"258846801479330369354051197833199152723",
"283437646914638091728887841506823151821",
"239652795635704487224366929297095596058",
"118694546093519178402817787757898241473",
"258846801479330369354051197833199152723",
"315250839980954442794389400229965781291",
"281273899779120340251234867540017516981",
"118694546093519178402817787757898241473",
"258846801479330369354051197833199152723",
"253541768477098468456454063446009678706"
]
}
},
{
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "tensorflow/core/ops/cudnn_rnn_ops_test.cc",
"function": "TEST"
},
"id": "CVE-2021-41221-6b13451d",
"digest": {
"length": 923.0,
"function_hash": "202902201092835611437034021854511617419"
}
},
{
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "tensorflow/core/ops/cudnn_rnn_ops_test.cc",
"function": "TEST"
},
"id": "CVE-2021-41221-97fa497c",
"digest": {
"length": 929.0,
"function_hash": "304136540262746988534198931519059772696"
}
},
{
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "tensorflow/core/ops/cudnn_rnn_ops_test.cc",
"function": "TEST"
},
"id": "CVE-2021-41221-bf482407",
"digest": {
"length": 1066.0,
"function_hash": "66182289958864132325895794462936143042"
}
},
{
"signature_type": "Line",
"source": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "tensorflow/core/ops/cudnn_rnn_ops.cc"
},
"id": "CVE-2021-41221-fc1d693d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"123875540620579454762848304763070508768",
"145987571041281447065708213934056822852",
"255765073408836349722371678193814315449",
"71606848174238972166582519510640422008",
"319802517651899723163523400941898362128",
"50437515902350039548985297195807307137",
"48039668474374917909536629248595790238",
"160635530201276953824480718569855529512",
"196389132899340221627507251824533212295",
"123875540620579454762848304763070508768",
"145987571041281447065708213934056822852",
"255765073408836349722371678193814315449",
"71606848174238972166582519510640422008",
"319802517651899723163523400941898362128",
"50437515902350039548985297195807307137",
"251289243987824787917355713817453569710",
"145451793578567446919497572074278921923",
"201804582758592530163778121090951495598",
"37581804411958549139825504814327340783",
"251675699549679527107647937379157442183",
"57996396148105329571288912809518158194",
"304769490380883915301941841283663411189",
"334370031726148448186845603596904053509",
"160635530201276953824480718569855529512",
"196389132899340221627507251824533212295",
"183568529671463780385030105081443204417",
"203809736805669869767923346918929742954",
"156036236433352584483844332244518604211",
"291239982531107127469776900706612765285"
]
}
}
]