1## TFSA-2021-174: Access to invalid memory during shape inference in `Cudnn*` ops 2 3### CVE Number 4CVE-2021-41221 5 6### Impact 7The [shape inference code](https://github.com/tensorflow/tensorflow/blob/9ff27787893f76d6971dcd1552eb5270d254f31b/tensorflow/core/ops/cudnn_rnn_ops.cc) for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: 8 9```python 10import tensorflow as tf 11 12@tf.function 13def func(): 14 return tf.raw_ops.CudnnRNNV3( 15 input=[0.1, 0.1], 16 input_h=[0.5], 17 input_c=[0.1, 0.1, 0.1], 18 params=[0.5, 0.5], 19 sequence_lengths=[-1, 0, 1]) 20 21func() 22``` 23 24This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values: 25 26```cc 27auto input_shape = c->input(0); 28auto input_h_shape = c->input(1); 29auto seq_length = c->Dim(input_shape, 0); 30auto batch_size = c->Dim(input_shape, 1); // assumes rank >= 2 31auto num_units = c->Dim(input_h_shape, 2); // assumes rank >= 3 32``` 33 34### Patches 35We have patched the issue in GitHub commit [af5fcebb37c8b5d71c237f4e59c6477015c78ce6](https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6). 36 37The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. 38 39### For more information 40Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. 41 42### Attribution 43This vulnerability has been reported by members of the Aivul Team from Qihoo 360. 44