diff --git a/CVE-2021-29540.patch b/CVE-2021-29540.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ad661e111a801043ce4ee95099f5864ca4ea5399
--- /dev/null
+++ b/CVE-2021-29540.patch
@@ -0,0 +1,42 @@
+From c570e2ecfc822941335ad48f6e10df4e21f11c96 Mon Sep 17 00:00:00 2001
+From: Mihai Maruseac <mihaimaruseac@google.com>
+Date: Wed, 21 Apr 2021 17:50:10 -0700
+Subject: [PATCH] Fix issues in Conv2DBackpropFilter.
+
+PiperOrigin-RevId: 369772454
+Change-Id: I49b465f2ae2ce91def61b56cea8000197d5177d8
+---
+ tensorflow/core/kernels/conv_grad_filter_ops.cc | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/tensorflow/core/kernels/conv_grad_filter_ops.cc b/tensorflow/core/kernels/conv_grad_filter_ops.cc
+index fb48e3e285a27..2645d850ab7cf 100644
+--- a/tensorflow/core/kernels/conv_grad_filter_ops.cc
++++ b/tensorflow/core/kernels/conv_grad_filter_ops.cc
+@@ -495,6 +495,14 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
+     const int filter_total_size = dims.spatial_dims[0].filter_size *
+                                   dims.spatial_dims[1].filter_size *
+                                   dims.in_depth;
++    OP_REQUIRES(
++        context,
++        filter_total_size * dims.out_depth == filter_backprop->NumElements(),
++        errors::InvalidArgument(
++            "filter_size does not have enough elements, requested ",
++            filter_total_size * dims.out_depth, ", got ",
++            filter_backprop->NumElements()));
++
+     // The output image size is the spatial size of the output.
+     const int output_image_size =
+         dims.spatial_dims[0].output_size * dims.spatial_dims[1].output_size;
+@@ -518,6 +526,11 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
+ 
+     const size_t work_unit_size = size_A + size_B + size_C;
+ 
++    OP_REQUIRES(
++        context, work_unit_size != 0,
++        errors::InvalidArgument(
++            "Work size for convolution would be 0, which is not acceptable"));
++
+     const size_t shard_size =
+         (target_working_set_size + work_unit_size - 1) / work_unit_size;
+ 
diff --git a/tensorflow.spec b/tensorflow.spec
index 452938e2afcd6d078cdb306f1e7bf45a09fcae48..c724ed9e25bb0e945e44f5bd5c6fc60ce37f8f6b 100644
--- a/tensorflow.spec
+++ b/tensorflow.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		tensorflow
 Version:	2.3.1
-Release:	3
+Release:	4
 Summary:	An Open Source Machine Learning Framework for Everyone
 License:	Apache License 2.0
 URL:		https://www.tensorflow.org/
@@ -13,6 +13,7 @@ Patch0001:      0001-Add-arm-source-file-into-aws-checksums.patch
 Patch0002:      CVE-2021-29538.patch
 Patch0003:      CVE-2021-29535.patch
 Patch0004:      CVE-2021-29566.patch
+Patch0005:      CVE-2021-29540.patch
 Requires:	python3-future
 Requires:	python3-numpy
 
@@ -59,6 +60,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
 %{_bindir}/*
 
 %changelog
+* Sat Jun 26 2021 wss1235<2115994138@qq.com> - 2.3.1-4
+- Fix CVE-2021-29540.patch
+  
 * Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3
 - Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566