 
                        We found results for “”
CVE-2021-41221
Good to know:
 
                                    Date: November 5, 2021
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the "Cudnn*" operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the "input", "input_h" and "input_c" parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Language: Python
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Top Fix
 
                                    Upgrade Version
Upgrade to version tensorflow-cpu - 2.5.2;tensorflow-cpu - 2.6.1;tensorflow-cpu - 2.4.4;tensorflow-gpu - 2.6.1;tensorflow-gpu - 2.5.2;tensorflow-gpu - 2.4.4;tensorflow - 2.6.1;tensorflow - 2.5.2;tensorflow - 2.4.4
CVSS v3.1
| Base Score: |  | 
|---|---|
| Attack Vector (AV): | LOCAL | 
| Attack Complexity (AC): | LOW | 
| Privileges Required (PR): | LOW | 
| User Interaction (UI): | NONE | 
| Scope (S): | UNCHANGED | 
| Confidentiality (C): | HIGH | 
| Integrity (I): | HIGH | 
| Availability (A): | HIGH | 
CVSS v2
| Base Score: |  | 
|---|---|
| Access Vector (AV): | LOCAL | 
| Access Complexity (AC): | LOW | 
| Authentication (AU): | NONE | 
| Confidentiality (C): | PARTIAL | 
| Integrity (I): | PARTIAL | 
| Availability (A): | PARTIAL | 
| Additional information: | 
 Vulnerabilities
                        Vulnerabilities
                 Projects
                        Projects
                 Vulnerability Disclosure
                        Vulnerability Disclosure
                 About Us
                    About Us
                 Contact Us
                    Contact Us
                

