{"id":"CVE-2021-41223","details":"TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-41223","GHSA-f54p-f6jp-4rhr","PYSEC-2021-415","PYSEC-2021-632","PYSEC-2021-830"],"modified":"2026-03-13T22:14:51.261192Z","published":"2021-11-05T21:15:09.203Z","related":["GHSA-f54p-f6jp-4rhr","openSUSE-SU-2024:12116-1"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"64918868e2154b06c7479347a59a4230f785e9fa"},{"introduced":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"},{"fixed":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"fixed":"3aa40c3ce9d16eae296f086bc4ac4d62deb2affc"},{"fixed":"aab9998916c2ffbd8f0592059fad352622f89cda"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.4"},{"introduced":"2.5.0"},{"fixed":"2.5.2"},{"introduced":"2.6.0"},{"fixed":"2.6.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41223.json","vanir_signatures":[{"signature_version":"v1","target":{"file":"tensorflow/core/kernels/fused_batch_norm_op.cc"},"deprecated":false,"digest":{"line_hashes":["110003020748666096897504968397805496979","233615624047603408359319930395799344127","126114243795816316864075701430387049790","288757428700635812070274634597422467466","231993889213198812689967074683406181726","124071792450591309303227826143254760610","54964776335320040543584272291970043541","249671106518592137094334877865941261077","6361205835380122295250376640962153128","62409307926471686221323343586564922942","146633594572934952933644128448437246378","52560408318027994585589441568056232972","577940162824394673506833861458280508","98012185968734996023691124549750428769","2434210053426454392820214421509457510","121646972233936483154613181088084921033","203749569478634526352652480415646679519","319220863235826220215958131642807144768","61859548334849748005307758410952699051","193552904021096460535981741833843339456","327249809794799378139336666102087577775","275762299363184648336238693792289427431"],"threshold":0.9},"signature_type":"Line","id":"CVE-2021-41223-2753b3de","source":"https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}