{"id":"CVE-2021-41221","details":"TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-41221","GHSA-cqv6-3phm-hcwx","PYSEC-2021-413","PYSEC-2021-630","PYSEC-2021-828"],"modified":"2026-04-11T18:45:26.678190Z","published":"2021-11-05T23:15:08.413Z","related":["GHSA-cqv6-3phm-hcwx","openSUSE-SU-2024:12116-1"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"64918868e2154b06c7479347a59a4230f785e9fa"},{"introduced":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"},{"fixed":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"fixed":"3aa40c3ce9d16eae296f086bc4ac4d62deb2affc"},{"introduced":"0"},{"last_affected":"ce35e5c3a8efdb8161c6a85c8fb9ffb5bbdc9ffd"},{"introduced":"0"},{"last_affected":"ff68385595088304cf772086b9a259a65b007622"},{"fixed":"af5fcebb37c8b5d71c237f4e59c6477015c78ce6"}],"database_specific":{"versions":[{"introduced":"2.4.0"},{"fixed":"2.4.4"},{"introduced":"2.5.0"},{"fixed":"2.5.2"},{"introduced":"2.6.0"},{"fixed":"2.6.1"},{"introduced":"0"},{"last_affected":"2.7.0-rc0"},{"introduced":"0"},{"last_affected":"2.7.0-rc1"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.5.1","v2.6.0","v2.7.0-rc0","v2.7.0-rc1"],"database_specific":{"vanir_signatures":[{"target":{"file":"tensorflow/core/ops/cudnn_rnn_ops_test.cc"},"signature_type":"Line","source":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","digest":{"line_hashes":["118694546093519178402817787757898241473","258846801479330369354051197833199152723","283437646914638091728887841506823151821","239652795635704487224366929297095596058","118694546093519178402817787757898241473","258846801479330369354051197833199152723","315250839980954442794389400229965781291","281273899779120340251234867540017516981","118694546093519178402817787757898241473","258846801479330369354051197833199152723","253541768477098468456454063446009678706"],"threshold":0.9},"id":"CVE-2021-41221-0d55eb0b","signature_version":"v1","deprecated":false},{"target":{"file":"tensorflow/core/ops/cudnn_rnn_ops_test.cc","function":"TEST"},"signature_type":"Function","source":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","digest":{"length":923,"function_hash":"202902201092835611437034021854511617419"},"id":"CVE-2021-41221-6b13451d","signature_version":"v1","deprecated":false},{"target":{"file":"tensorflow/core/ops/cudnn_rnn_ops_test.cc","function":"TEST"},"signature_type":"Function","source":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","digest":{"length":929,"function_hash":"304136540262746988534198931519059772696"},"id":"CVE-2021-41221-97fa497c","signature_version":"v1","deprecated":false},{"target":{"file":"tensorflow/core/ops/cudnn_rnn_ops_test.cc","function":"TEST"},"signature_type":"Function","source":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","digest":{"length":1066,"function_hash":"66182289958864132325895794462936143042"},"id":"CVE-2021-41221-bf482407","signature_version":"v1","deprecated":false},{"target":{"file":"tensorflow/core/ops/cudnn_rnn_ops.cc"},"signature_type":"Line","source":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","digest":{"line_hashes":["123875540620579454762848304763070508768","145987571041281447065708213934056822852","255765073408836349722371678193814315449","71606848174238972166582519510640422008","319802517651899723163523400941898362128","50437515902350039548985297195807307137","48039668474374917909536629248595790238","160635530201276953824480718569855529512","196389132899340221627507251824533212295","123875540620579454762848304763070508768","145987571041281447065708213934056822852","255765073408836349722371678193814315449","71606848174238972166582519510640422008","319802517651899723163523400941898362128","50437515902350039548985297195807307137","251289243987824787917355713817453569710","145451793578567446919497572074278921923","201804582758592530163778121090951495598","37581804411958549139825504814327340783","251675699549679527107647937379157442183","57996396148105329571288912809518158194","304769490380883915301941841283663411189","334370031726148448186845603596904053509","160635530201276953824480718569855529512","196389132899340221627507251824533212295","183568529671463780385030105081443204417","203809736805669869767923346918929742954","156036236433352584483844332244518604211","291239982531107127469776900706612765285"],"threshold":0.9},"id":"CVE-2021-41221-fc1d693d","signature_version":"v1","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41221.json","vanir_signatures_modified":"2026-04-11T18:45:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}