Moderate severityNVD Advisory· Published Nov 5, 2021· Updated Aug 4, 2024

Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

CVE-2021-41205

Description

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV* operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	>= 2.6.0, < 2.6.1	2.6.1
tensorflowPyPI	>= 2.5.0, < 2.5.2	2.5.2
tensorflowPyPI	< 2.4.4	2.4.4
tensorflow-cpuPyPI	>= 2.6.0, < 2.6.1	2.6.1
tensorflow-cpuPyPI	>= 2.5.0, < 2.5.2	2.5.2
tensorflow-cpuPyPI	< 2.4.4	2.4.4
tensorflow-gpuPyPI	>= 2.6.0, < 2.6.1	2.6.1
tensorflow-gpuPyPI	>= 2.5.0, < 2.5.2	2.5.2
tensorflow-gpuPyPI	< 2.4.4	2.4.4

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.6.0, < 2.6.1

Patches

7cf73a227473

Address QuantizeAndDequantizeV* heap oob. Added additional checks for the 'axis' attribute.

https://github.com/tensorflow/tensorflowPankaj KanwarOct 12, 2021via ghsa

commit

2 files changed · +18 −4

tensorflow/core/ops/array_ops.cc+16 −4 modified

@@ -2863,7 +2863,10 @@ REGISTER_OP("QuantizeAndDequantizeV2")
       ShapeHandle minmax;
       TF_RETURN_IF_ERROR(c->WithRank(c->input(1), minmax_rank, &minmax));
       TF_RETURN_IF_ERROR(c->Merge(c->input(2), minmax, &minmax));
-      if (axis != -1) {
+      if (axis < -1) {
+        return errors::InvalidArgument("axis should be at least -1, got ",
+                                       axis);
+      } else if (axis != -1) {
         ShapeHandle input;
         TF_RETURN_IF_ERROR(c->WithRankAtLeast(c->input(0), axis + 1, &input));
         DimensionHandle depth;
@@ -2895,7 +2898,10 @@ REGISTER_OP("QuantizeAndDequantizeV4")
       ShapeHandle minmax;
       TF_RETURN_IF_ERROR(c->WithRank(c->input(1), minmax_rank, &minmax));
       TF_RETURN_IF_ERROR(c->Merge(c->input(2), minmax, &minmax));
-      if (axis != -1) {
+      if (axis < -1) {
+        return errors::InvalidArgument("axis should be at least -1, got ",
+                                       axis);
+      } else if (axis != -1) {
         ShapeHandle input;
         TF_RETURN_IF_ERROR(c->WithRankAtLeast(c->input(0), axis + 1, &input));
         DimensionHandle depth;
@@ -2923,7 +2929,10 @@ REGISTER_OP("QuantizeAndDequantizeV4Grad")
       ShapeHandle minmax;
       TF_RETURN_IF_ERROR(c->WithRank(c->input(2), minmax_rank, &minmax));
       TF_RETURN_IF_ERROR(c->Merge(c->input(3), minmax, &minmax));
-      if (axis != -1) {
+      if (axis < -1) {
+        return errors::InvalidArgument("axis should be at least -1, got ",
+                                       axis);
+      } else if (axis != -1) {
         ShapeHandle input;
         TF_RETURN_IF_ERROR(c->WithRankAtLeast(c->input(0), axis + 1, &input));
         DimensionHandle depth;
@@ -2956,7 +2965,10 @@ REGISTER_OP("QuantizeAndDequantizeV3")
       ShapeHandle minmax;
       TF_RETURN_IF_ERROR(c->WithRank(c->input(1), minmax_rank, &minmax));
       TF_RETURN_IF_ERROR(c->Merge(c->input(2), minmax, &minmax));
-      if (axis != -1) {
+      if (axis < -1) {
+        return errors::InvalidArgument("axis should be at least -1, got ",
+                                       axis);
+      } else if (axis != -1) {
         ShapeHandle input;
         TF_RETURN_IF_ERROR(c->WithRankAtLeast(c->input(0), axis + 1, &input));
         DimensionHandle depth;

tensorflow/core/ops/array_ops_test.cc+2 −0 modified

@@ -1374,6 +1374,8 @@ TEST(ArrayOpsTest, QuantizeAndDequantizeV2_ShapeFn) {
   INFER_ERROR("Shapes must be equal rank, but are 1 and 0", op,
               "[1,2,?,4,5];[];[1]");
   INFER_ERROR("Shape must be rank 0 but is rank 1", op, "[1,2,?,4,5];[1];[1]");
+  (*op.node_def.mutable_attr())["axis"].set_i(-2);
+  INFER_ERROR("axis should be at least -1, got -2", op, "?;?;?");
 }
 
 TEST(ArrayOpsTest, SpaceToBatch_ShapeFn) {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-49rx-x2rw-pc6fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-41205ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-615.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-813.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-398.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6dghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6fghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000