{"id":"CVE-2021-41206","details":"TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-41206","GHSA-pgcq-h79j-2f69","PYSEC-2021-843","PYSEC-2021-845","PYSEC-2021-847"],"modified":"2026-04-11T18:45:22.968794Z","published":"2021-11-05T22:15:08.397Z","related":["GHSA-pgcq-h79j-2f69","openSUSE-SU-2024:12116-1"],"references":[{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"64918868e2154b06c7479347a59a4230f785e9fa"},{"introduced":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"},{"fixed":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"fixed":"3aa40c3ce9d16eae296f086bc4ac4d62deb2affc"},{"introduced":"0"},{"last_affected":"ce35e5c3a8efdb8161c6a85c8fb9ffb5bbdc9ffd"},{"introduced":"0"},{"last_affected":"ff68385595088304cf772086b9a259a65b007622"},{"fixed":"4d74d8a00b07441cba090a02e0dd9ed385145bf4"},{"fixed":"4dddb2fd0b01cdd196101afbba6518658a2c9e07"},{"fixed":"579261dcd446385831fe4f7457d802a59685121d"},{"fixed":"68422b215e618df5ad375bcdc6d2052e9fd3080a"},{"fixed":"da4aad5946be30e5f049920fa076e1f7ef021261"},{"fixed":"e7f497570abb6b4ae5af4970620cd880e4c0c904"}],"database_specific":{"versions":[{"introduced":"2.4.0"},{"fixed":"2.4.4"},{"introduced":"2.5.0"},{"fixed":"2.5.2"},{"introduced":"2.6.0"},{"fixed":"2.6.1"},{"introduced":"0"},{"last_affected":"2.7.0-rc0"},{"introduced":"0"},{"last_affected":"2.7.0-rc1"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.5.1","v2.6.0","v2.7.0-rc0","v2.7.0-rc1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-41206-03e0a086","digest":{"threshold":0.9,"line_hashes":["103487856522813867112147215660039285428","31975443184820996673692636843679057562","85759997356748283515410902982489207178","206801411489488250126456294738880717498","165072210027965680991168159173518984795","298254612006057154788158622595001383042","29066881310554117840026218314562593340","253136330494806047699957057334242248616","158628650403168499770819867961053118422","227183298010645597984782386482862390783","298115997090339415412701879101964741771","240208565073583367508842375031860337750","288903861749935295815486017642527803361","280909565601875680466813038402147446718","712107281991167717763730862359156926","214659461734263380524499872108660081492","132530423606263756709125521339428557899","313868504821877103652142281001890616030","168017354551436980848522778897814844970","334398783732612300625128787341935804465","317299657746041441650624568340216412263"]},"source":"https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/xent_op.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-10eb9afe","digest":{"function_hash":"186081205828427980078654713477096645859","length":7931},"source":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","signature_type":"Function","deprecated":false,"target":{"function":"Compute","file":"tensorflow/core/kernels/pooling_ops_common.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-12a39134","digest":{"threshold":0.9,"line_hashes":["236345591995763107218276057998447771612","78868812249695716501678655326355692593","118036374918635593274719968785493987761","269555886835694526640564728270969313017"]},"source":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/pooling_ops_common.h"},"signature_version":"v1"},{"id":"CVE-2021-41206-33ab020b","digest":{"threshold":0.9,"line_hashes":["250375610553780639816806174241161614424","78480438341100708975129999541352705334","1541607529347959473297543020786984508","296299608179992009596525017629567165838"]},"source":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/pooling_ops_common.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-7ffc378d","digest":{"threshold":0.9,"line_hashes":["50661328604838141911277961918407971582","182505250025142286345323668898861766294","91276100847919311544486043116683987031","78033990446338144959549012209443292599","116025486049841543204535154078394147735","216364794551202777509452899099001678392","108524505511293611478490167813624759881","278454785812682645397323284224960695158","298140402476273917342888670772294817080","300905371384976828412518419166191038223","124330295032921974698770082933201537051","332803118250071819183330687959868880883","50661328604838141911277961918407971582","260052460223925514926827606541031979994","332946519892814100583155262820440672212","233943214086942112642957598940937256350","50661328604838141911277961918407971582","332251155825805795004596118515710764961","100234825843209493683040613008734916325","223942155415325592091084088620775653282"]},"source":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/maxpooling_op.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-80421a08","digest":{"threshold":0.9,"line_hashes":["39284504530582405699807320285959450451","166015389593040811980341018285082274317","249069662705961203151023195587908545062","247162240936553339456547750429975257292","125502701962220371260498271345899640285","222629014251780826252901328777651794357","155973109534072403767087421739397223380","138050719695726281580101584108975561370"]},"source":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/pooling_ops_3d.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-8f566aa5","digest":{"threshold":0.9,"line_hashes":["228826414089626035450462821156673200739","295353060154048567600656211353389599998","26135343053204451786521087133040631690","80551772564978423755051716667149822425","228826414089626035450462821156673200739","299895293492580793815893173354575606766","170065672455815921167866783483899378507","263301260829198359123930055898182350018","109332046530266504545513991642805291693","135267357506694623352896766621028447547","101456296343280899110315791609721500447","187685160795504926338503340648812503849"]},"source":"https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/pooling_ops_common.h"},"signature_version":"v1"},{"id":"CVE-2021-41206-9322dab1","digest":{"threshold":0.9,"line_hashes":["212851164757965278257594021811394387212","37970633449508301121039606203478780532","272146090151356986638809097456924980425","44535256296896464762536033636958488445","210123485856876481416188382253644648470","12267667281741065459236001671510258083","311047989111143237917978586821283494548","133716535096992668163344400004395977311","292383895792197517253095118036012261281","974123166631682475383204870267465903","222575330300733418499905396321487914176"]},"source":"https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/conv_ops.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-9696bf92","digest":{"threshold":0.9,"line_hashes":["229935198554857345939528276346065530558","70123358692720370230354775713926126428","133636563105334879053114239719598755022","187303367511549680772812543176451750061","7691858709945825215871308334459484360","113887755835437202049325521528622358943","167401828038726317696166285297042942117","330817124920255224980076744895151439985"]},"source":"https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/linalg/tridiagonal_matmul_op_gpu.cu.cc"},"signature_version":"v1"},{"id":"CVE-2021-41206-d761b27c","digest":{"function_hash":"2773927156204554634792383886073387444","length":2673},"source":"https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07","signature_type":"Function","deprecated":false,"target":{"function":"SpatialAvgPool","file":"tensorflow/core/kernels/pooling_ops_common.h"},"signature_version":"v1"},{"id":"CVE-2021-41206-fa5e611b","digest":{"threshold":0.9,"line_hashes":["287973130527541368708372607819432094699","183886165475117844455408082174890597530","272600087891431108999642449891285367467","256331347993400813611938529536426681664","145879321171032202467983733682554340845","233183502627067757897538682667292780295","143801373911573104625142281239856046440","10432332237846561199990551268425367987","50099298586631515402564789406622733084","178491172550891307164982721109059732099","110975736923512627227501932625930231535","216605159245727525460001582027522236617"]},"source":"https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d","signature_type":"Line","deprecated":false,"target":{"file":"tensorflow/core/kernels/linalg/matrix_solve_op.cc"},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T18:45:22Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41206.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}