Login Sign Up

CVE-2021-41219

7.8 HIGH

📋 TL;DR

This vulnerability in TensorFlow's sparse matrix multiplication allows attackers to trigger undefined behavior and potential heap out-of-bounds access by providing zero or negative dimensions. This affects all users running vulnerable TensorFlow versions for machine learning workloads. Successful exploitation could lead to crashes, memory corruption, or arbitrary code execution.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.4.0 to 2.4.3, 2.5.0 to 2.5.1, 2.6.0, and earlier affected versions
Operating Systems: All operating systems running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when sparse matrix multiplication operations receive zero or negative dimension inputs.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or denial of service in ML inference services.

🟠

Likely Case

Application crashes, denial of service in ML pipelines, or memory corruption leading to unstable behavior.

🟢

If Mitigated

Minimal impact if proper input validation and sandboxing are implemented, though crashes may still occur.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires control over input dimensions to sparse matrix operations, which may be accessible via user inputs in ML applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.7.0, 2.6.1, 2.5.2, 2.4.4

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x

Restart Required: Yes

Instructions:

1. Identify current TensorFlow version. 2. Upgrade to patched version: pip install tensorflow==2.7.0 (or appropriate version). 3. Restart all services using TensorFlow. 4. Test ML applications for compatibility.

🔧 Temporary Workarounds

Input validation wrapper

all

Add validation to reject zero or negative dimensions in sparse matrix operations

Implement input validation in application code before calling sparse matrix multiplication functions

🧯 If You Can't Patch

  • Implement strict input validation for all user-provided matrix dimensions
  • Isolate TensorFlow processes with sandboxing/containerization to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' and compare with affected versions

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.7.0, 2.6.1, 2.5.2, or 2.4.4 or higher

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow crashes with segmentation faults
  • Memory access violation errors in application logs
  • Unexpected process termination during matrix operations

Network Indicators:

  • Sudden service unavailability of ML inference endpoints
  • Increased error rates in ML API responses

SIEM Query:

source="tensorflow" AND ("segmentation fault" OR "memory violation" OR "heap corruption")

📊 Metadata

CVE ID: CVE-2021-41219
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-824
Published: November 5, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41219, you might also want to check these:

CVE-2020-11138 9.8

This vulnerability allows attackers to exploit uninitialized pointers during music playback in Qualc...

Same vulnerability type (CWE-824)
CVE-2022-44451 9.8

This vulnerability allows arbitrary code execution through a use of uninitialized pointer in Open Ba...

Same vulnerability type (CWE-824)
CVE-2025-66588 9.8

An uninitialized pointer vulnerability in AzeoTech DAQFactory allows attackers to execute arbitrary ...

Same vulnerability type (CWE-824)