The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10014-1 advisory.
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26266)
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26267)
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26268)
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of- death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26270)
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26271)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a49953118 25ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. We have patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37635)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseDenseCwiseDiv
is vulnerable to a division by 0 error. The [implementa tion](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/co re/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37636)
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement
. The [implem entation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflo w/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. We have patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37637)
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for row_partition_types
of tf.raw_ops.RaggedTensorToTensor
API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f3 81495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. We have patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37638)
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer.
Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorfl ow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc #L158-L159) retrieves the tensor list corresponding to the tensor_name
user controlled input and immediately retrieves the tensor at the restoration index (controlled via preferred_shard
argument).
This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37639)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseReshape
can be made to trigger an integral division by 0 exception.
The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f4969 8/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6 abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected version. (CVE-2021-37640)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.raw_ops.RaggedGather
don’t determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow /blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits
is not an empty list of tensors. We have patched the issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37641)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.ResourceScatterDiv
is vulnerable to a division by 0 error. The [implementat ion](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/cor e/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37642)
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp
, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](ht tps://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kerne ls/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37643)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to num_elements
list argument of tf.raw_ops.TensorListReserve
causes the runtime to abort the process due to reallocating a std::vector
to have a negative number of elements. The [implemen tation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/ core/kernels/list_kernels.cc#L312) calls std::vector.resize()
with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37644)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad
is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14 f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the axis
value as the size argument to absl::InlinedVector
constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also affected and still in supported range. (CVE-2021-37645)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.StringNGrams
is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [ implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/ten sorflow/core/kernels/string_ngrams_op.cc#L184) calls reserve
on a tstring
with a value that sometimes can be negative if user supplies negative ngram_widths
. The reserve
method calls TF_TString_Reserve
which has an unsigned long
argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37646)
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset
implementation can be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/ 8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L2 40-L251) has some argument validation but fails to consider the case when either indices
or values
are provided for an empty sparse tensor when the other is not. If indices
is empty, then [code that performs validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorf low/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If indices
as provided by the user is empty, then indices
in the C++ code above is backed by an empty std::vector
, hence calling indices->dim_size(0)
results in null pointer dereferencing (same as calling std::vector::at()
on an empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37647)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.raw_ops.SaveV2
does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2 e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses ValidateInputs
to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses OP_REQUIRES
which translates to setting the Status
object of the current OpKernelContext
to an error status, followed by an empty return
statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the next line in Compute
that follows the call to ValidateInputs
. This is equivalent to lacking the validation. We have patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37648)
TensorFlow is an end-to-end open source platform for machine learning. The code for tf.raw_ops.UncompressElement
can be made to trigger a null pointer dereference. The [implementation](htt ps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernel s/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a CompressedElement
from a Variant
tensor and then proceeds to dereference it for decompressing. There is no check that the Variant
tensor contained a CompressedElement
, so the pointer is actually nullptr
. We have patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37649)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord
and tf.raw_ops.DatasetToTFRecord
can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/te nsorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_rec ord_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. We have patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37650)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.FractionalAvgPoolGrad
can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad3 1a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty EigenDoubleMatrixMap
and then accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37651)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.BoostedTreesCreateEnsemble
can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorfl ow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55 ) uses a reference counted resource and decrements the refcount if the initialization fails, as it should.
However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent free
-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37652)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather
. The [implementation](ht tps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kerne ls/resource_variable_ops.cc#L725-L731) computes the value of a value, batch_size
, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37653)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK
-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather
or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementat ion](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/cor e/kernels/resource_variable_ops.cc#L660-L668) does not check that the batch_dims
value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of tensor
, this results in reading data from outside the bounds of heap allocated buffer backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37654)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.raw_ops.ResourceScatterUpdate
. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24 faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of indices
and updates
: instead of checking that the shape of indices
is a prefix of the shape of updates
(so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. We have patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37655)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse
.
The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1dde b/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. We have patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37656)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV*
. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8 0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of k
is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37657)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixSetDiagV*
. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187 cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of k
is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37658)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don’t require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://gith ub.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_o ps_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37659)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8 0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if x
and v
are empty but the code uses ||
instead of &&
. We have patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37660)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource
by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b 61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that num_streams
only contains non-negative numbers. In turn, [this results in using this value to allocate m emory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c ore/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, reserve
receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned.
This results in a crash from the standard library. We have patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37661)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature
and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2
. The [implementation](https://github.com/tensorflow/tensorflow/b lob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. We have patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37662)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.raw_ops.QuantizeV2
, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implement ation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c ore/kernels/quantize_op.cc#L59) has some validation but does not check that min_range
and max_range
both have the same non-zero number of elements. If axis
is provided (i.e., not -1
), then validation should check that it is a value in range for the rank of input
tensor and then the lengths of min_range
and max_range
inputs match the axis
dimension of the input
tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37663)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit
. The [implementation](https://github.com/tensorflow/tensorfl ow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in stats_summary_indices
is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37664)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays.
The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f 4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the input
tensor. A similar issue occurs in MklRequantizePerChannelOp
. The [implementation](https:/ /github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mk l/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37665)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant
. The [implementation](https://github.com/tensorflow/tensorflow/blob/460 e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. We have patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37666)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode
. The [i mplementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens orflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the input_splits
tensor before validating that this tensor is not empty. We have patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37667)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex
by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a 16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by dims
is not empty. Hence, if one element of dims
is 0, the implementation does a division by 0. We have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37668)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5
by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a 83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a std::vector
. However, as std::vector::resize
takes the size argument as a size_t
and output_size
is an int
, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in CombinedNonMaxSuppression
. We have patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit [b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37669)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.UpperBound
. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a832 78fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of sorted_input
argument. A similar issue occurs in tf.raw_ops.LowerBound
. We have patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37670)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map*
and tf.raw_ops.OrderedMap*
operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/46 0e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that indices
is in ascending order, but does not check that indices
is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37671)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2
. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de 3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of example_labels
is the same as the number of examples. We have patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37672)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK
-fail in tf.raw_ops.MapStage
. The [implementation](https:// github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map
_stage_op.cc#L513) does not check that the key
input is a valid non-empty tensor. We have patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37673)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad
caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d 161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the orig_input
and orig_output
tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37674)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference [implementation](https://gith ub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/commo n_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. We have patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37675)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows
.
The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61 a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. We have patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37676)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.raw_ops.Dequantize
has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.
com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L 2999-L3014) uses axis
to select between two different values for minmax_rank
which is then used to retrieve tensor dimensions. However, code assumes that axis
can be either -1
or a value greater than -1
, with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37677)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b 1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses yaml.unsafe_load
which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37678)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.map_fn
within another tf.map_fn
call. However, if the input tensor is a RaggedTensor
and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The t
and z
outputs should be identical, however this is not the case. The last row of t
contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a Variant
tensor to a RaggedTensor
. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te nsorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. We have patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37679)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://git hub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_ connected.cc#L226). We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37680)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/ten sorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The [GetVariableInput
function](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161 b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but GetTensorData
assumes that the argument is always a valid tensor. Furthermore, because GetVariableInput
calls [GetMut ableInput
](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorf low/lite/kernels/kernel_util.cc#L82-L90) which might return nullptr
, the tensor->is_variable
expression can also trigger a null pointer exception. We have patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37681)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/t ensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.
cc#L198-L200). The issue stems from the fact that quantization.params
is only valid if quantization.type
is different that kTfLiteNoQuantization
. However, these checks are missing in large parts of the code. We have patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37682)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflo w/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37683)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 . The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37684)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite’s [exp and_dims.cc
](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tenso rflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis
is a large negative value (e.g., -100000
), then after the first if
it would still be negative. The check following the if
statement will pass and the for
loop would read one element before the start of input_dims.data
(when i = 0
). We have patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37685)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop.
This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/ tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103- L122). An attacker can craft a model such that ellipsis_end_idx
is smaller than i
(e.g., always negative). In this case, the inner loop does not increase i
and the continue
statement causes execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.
(CVE-2021-37686)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite’s [GatherNd
implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d00 5b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in indices
. Similar issue exists in [Gather
implementation](https://githu b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.c c). We have patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37687)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80d f1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. We have patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37688)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis
operator. The [imple mentation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorfl ow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. We have patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37689)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as MutableHashTableShape
) produce extra output information in the form of a ShapeAndType
struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. ShapeRefiner
is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37690)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://githu b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_proj ection.cc#L118). We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37691)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc
is called during garbage collection within a finalizer function. However, tensor structure isn’t checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until NewTensor
returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. (CVE-2021-37692)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2022:10014-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(162400);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");
script_cve_id(
"CVE-2020-26266",
"CVE-2020-26267",
"CVE-2020-26268",
"CVE-2020-26270",
"CVE-2020-26271",
"CVE-2021-37635",
"CVE-2021-37636",
"CVE-2021-37637",
"CVE-2021-37638",
"CVE-2021-37639",
"CVE-2021-37640",
"CVE-2021-37641",
"CVE-2021-37642",
"CVE-2021-37643",
"CVE-2021-37644",
"CVE-2021-37645",
"CVE-2021-37646",
"CVE-2021-37647",
"CVE-2021-37648",
"CVE-2021-37649",
"CVE-2021-37650",
"CVE-2021-37651",
"CVE-2021-37652",
"CVE-2021-37653",
"CVE-2021-37654",
"CVE-2021-37655",
"CVE-2021-37656",
"CVE-2021-37657",
"CVE-2021-37658",
"CVE-2021-37659",
"CVE-2021-37660",
"CVE-2021-37661",
"CVE-2021-37662",
"CVE-2021-37663",
"CVE-2021-37664",
"CVE-2021-37665",
"CVE-2021-37666",
"CVE-2021-37667",
"CVE-2021-37668",
"CVE-2021-37669",
"CVE-2021-37670",
"CVE-2021-37671",
"CVE-2021-37672",
"CVE-2021-37673",
"CVE-2021-37674",
"CVE-2021-37675",
"CVE-2021-37676",
"CVE-2021-37677",
"CVE-2021-37678",
"CVE-2021-37679",
"CVE-2021-37680",
"CVE-2021-37681",
"CVE-2021-37682",
"CVE-2021-37683",
"CVE-2021-37684",
"CVE-2021-37685",
"CVE-2021-37686",
"CVE-2021-37687",
"CVE-2021-37688",
"CVE-2021-37689",
"CVE-2021-37690",
"CVE-2021-37691",
"CVE-2021-37692"
);
script_name(english:"openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2022:10014-1 advisory.
- In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized
values during code execution. This is caused by having tensor buffers be filled with the default value of
the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed
in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26266)
- In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the
src_format and dst_format attributes. The code assumes that these two arguments define a permutation of
NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is
fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26267)
- In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor
created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an
integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If
the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what
is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes
a segmentation fault. This is because the allocator used to return the buffer data is not marked as
returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions
1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26268)
- In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input
with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-
death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in
versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26270)
- In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing
uninitialized memory while building the computation graph. The MakeEdge function creates an edge between
one output tensor of the src node (given by output_index) and the input slot of the dst node (given by
input_index). This is only possible if the types of the tensors on both sides coincide, so the function
begins by obtaining the corresponding DataType values and comparing these for equality. However, there is
no check that the indices point to inside of the arrays they index into. Thus, this can result in
accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can
manifest as unitialized data access, but if the index points far away from the boundaries of the arrays
this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3,
2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26271)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap
allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a49953118
25ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each
reduction group does not overflow and that each corresponding index does not point to outside the bounds
of the input tensor. We have patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37635)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementa
tion](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/co
re/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails
to treat the division by 0 case separately. We have patched the issue in GitHub commit
d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37636)
- TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null
pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implem
entation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflo
w/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a
separate function call before validating that said buffer is valid. We have patched the issue in GitHub
commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37637)
- TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for
`row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and
undefined behavior. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f3
81495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first
element of a user supplied list of values without validating that the provided list is not empty. We have
patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37638)
- TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw
APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer.
Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some
tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorfl
ow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc
#L158-L159) retrieves the tensor list corresponding to the `tensor_name` user controlled input and
immediately retrieves the tensor at the restoration index (controlled via `preferred_shard` argument).
This occurs without validating that the provided list has enough values. If the list is empty this results
in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the
restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub
commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37639)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception.
The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f4969
8/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at
least an index in the input but does not check that shape of the input or the target shape have both a
non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6
abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the
dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We
have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected
version. (CVE-2021-37640)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the
arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from
outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow
/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly
reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e.,
it is not a scalar). Furthermore, the implementation does not check that the list given by
`params_nested_splits` is not an empty list of tensors. We have patched the issue in GitHub commit
a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37641)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementat
ion](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/cor
e/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat
the division by 0 case separately. We have patched the issue in GitHub commit
4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37642)
- TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid
padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if
input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](ht
tps://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kerne
ls/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that
the tensor has values to read from. We have patched the issue in GitHub commit
482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37643)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a
negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to
abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implemen
tation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/
core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input
given by the user, without checking that this input is valid. We have patched the issue in GitHub commit
8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37644)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue
caused by converting a signed integer value to an unsigned one and then allocating memory based on this
value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14
f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size
argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the
argument, so the implicit conversion transforms the negative value to a large integer. We have patched the
issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also
affected and still in supported range. (CVE-2021-37645)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by
converting a signed integer value to an unsigned one and then allocating memory based on this value. The [
implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/ten
sorflow/core/kernels/string_ngrams_op.cc#L184) calls `reserve` on a `tstring` with a value that sometimes
can be negative if user supplies negative `ngram_widths`. The `reserve` method calls `TF_TString_Reserve`
which has an `unsigned long` argument for the size of the buffer. Hence, the implicit conversion
transforms the negative value to a large integer. We have patched the issue in GitHub commit
c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37646)
- TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply
arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can
be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/
8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L2
40-L251) has some argument validation but fails to consider the case when either `indices` or `values` are
provided for an empty sparse tensor when the other is not. If `indices` is empty, then [code that performs
validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorf
low/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are
monotonically increasing) results in a null pointer dereference. If `indices` as provided by the user is
empty, then `indices` in the C++ code above is backed by an empty `std::vector`, hence calling
`indices->dim_size(0)` results in null pointer dereferencing (same as calling `std::vector::at()` on an
empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The
fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37647)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for
`tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer
dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2
e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses `ValidateInputs` to check that the
input arguments are valid. This validation would have caught the illegal state represented by the
reproducer above. However, the validation uses `OP_REQUIRES` which translates to setting the `Status`
object of the current `OpKernelContext` to an error status, followed by an empty `return` statement which
just terminates the execution of the function it is present in. However, this does not mean that the
kernel execution is finalized: instead, execution continues from the next line in `Compute` that follows
the call to `ValidateInputs`. This is equivalent to lacking the validation. We have patched the issue in
GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in TensorFlow 2.6.0. We
will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are
also affected and still in supported range. (CVE-2021-37648)
- TensorFlow is an end-to-end open source platform for machine learning. The code for
`tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](htt
ps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernel
s/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a `CompressedElement` from a
`Variant` tensor and then proceeds to dereference it for decompressing. There is no check that the
`Variant` tensor contained a `CompressedElement`, so the pointer is actually `nullptr`. We have patched
the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37649)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can
trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/te
nsorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_rec
ord_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check
for that, and the example given above uses numeric types. We have patched the issue in GitHub commit
e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37650)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds
of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad3
1a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate
that the input tensor is non-empty. Thus, code constructs an empty `EigenDoubleMatrixMap` and then
accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub
commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37651)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an
attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorfl
ow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55
) uses a reference counted resource and decrements the refcount if the initialization fails, as it should.
However, when the code was written, the resource was represented as a naked pointer but later refactoring
has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of
the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the
resource has been already freed. During this double-free process, members of the resource object are
accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue
in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range. (CVE-2021-37652)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](ht
tps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kerne
ls/resource_variable_ops.cc#L725-L731) computes the value of a value, `batch_size`, and then divides by it
without checking that this value is not 0. We have patched the issue in GitHub commit
ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37653)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or
a read from outside the bounds of heap allocated data in the same API in a release build. The [implementat
ion](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/cor
e/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value that the user
supplies is less than the rank of the input tensor. Since the implementation uses several for loops over
the dimensions of `tensor`, this results in reading data from outside the bounds of heap allocated buffer
backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37654)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to
`tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24
faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an
incomplete validation of the relationship between the shapes of `indices` and `updates`: instead of
checking that the shape of `indices` is a prefix of the shape of `updates` (so that broadcasting can
happen), code only checks that the number of elements in these two tensors are in a divisibility
relationship. We have patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37655)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`.
The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1dde
b/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the
splits values: it does not check that they are in increasing order. We have patched the issue in GitHub
commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37656)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in all operations of type
`tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8
0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation
that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but
there is no check for the number of elements. If this is an empty tensor, then code that accesses the
first element of the tensor is wrong. We have patched the issue in GitHub commit
f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37657)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in all operations of type
`tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187
cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete
validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a
vector, but there is no check for the number of elements. If this is an empty tensor, then code that
accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit
ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37658)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that
don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://gith
ub.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_o
ps_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check
that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to
binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37659)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause a floating point exception by calling inplace operations with crafted arguments that would
result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8
0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should
skip processing if `x` and `v` are empty but the code uses `||` instead of `&&`. We have patched the issue
in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range. (CVE-2021-37660)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative
arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b
61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that
`num_streams` only contains non-negative numbers. In turn, [this results in using this value to allocate m
emory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c
ore/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, `reserve` receives an
unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned.
This results in a crash from the standard library. We have patched the issue in GitHub commit
8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37661)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can generate undefined behavior via a reference binding to nullptr in
`BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in
`BoostedTreesCalculateBestFeatureSplitV2`. The [implementation](https://github.com/tensorflow/tensorflow/b
lob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not
validate the input values. We have patched the issue in GitHub commit
9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37662)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to
incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a
reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implement
ation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c
ore/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range`
both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation
should check that it is a value in range for the rank of `input` tensor and then the lengths of
`min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the
issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as
these are also affected and still in supported range. (CVE-2021-37663)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
`BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorfl
ow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs
to validate that each value in `stats_summary_indices` is in range. We have patched the issue in GitHub
commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37664)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to
incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior
via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays.
The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f
4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions
of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`. The [implementation](https:/
/github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mk
l/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have
patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit
203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37665)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in
`tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460
e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an
incomplete validation of the splits values, missing the case when the argument would be empty. We have
patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37666)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [i
mplementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens
orflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the `input_splits` tensor
before validating that this tensor is not empty. We have patched the issue in GitHub commit
2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37667)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a
division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a
16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed
by `dims` is not empty. Hence, if one element of `dims` is 0, the implementation does a division by 0. We
have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37668)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by
triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a
83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a
user controlled argument to resize a `std::vector`. However, as `std::vector::resize` takes the size
argument as a `size_t` and `output_size` is an `int`, there is an implicit conversion to unsigned. If the
attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in
`CombinedNonMaxSuppression`. We have patched the issue in GitHub commit
3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit [b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37669)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
`tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a832
78fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank
of `sorted_input` argument. A similar issue occurs in `tf.raw_ops.LowerBound`. We have patched the issue
in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0.
We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range. (CVE-2021-37670)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and
`tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/46
0e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in
place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We
have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37671)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
`tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de
3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that
the length of `example_labels` is the same as the number of examples. We have patched the issue in GitHub
commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37672)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://
github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map
_stage_op.cc#L513) does not check that the `key` input is a valid non-empty tensor. We have patched the
issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as
these are also affected and still in supported range. (CVE-2021-37673)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing
validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d
161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the `orig_input` and
`orig_output` tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub
commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37674)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions most
implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where
an attacker can trigger a denial of service via a crash. The shape inference [implementation](https://gith
ub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/commo
n_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. We have
patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37675)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`.
The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61
a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments
are not empty tensors. We have patched the issue in GitHub commit
578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37676)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape
inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via
a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.
com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L
2999-L3014) uses `axis` to select between two different values for `minmax_rank` which is then used to
retrieve tensor dimensions. However, code assumes that `axis` can be either `-1` or a value greater than
`-1`, with no validation for the other values. We have patched the issue in GitHub commit
da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37677)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and
Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML
format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b
1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can
perform arbitrary code execution on the input. Given that YAML format support requires a significant
amount of work, we have removed it for now. We have patched the issue in GitHub commit
23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37678)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible
to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor`
and there is no function signature provided, code assumes the output is a fully specified tensor and fills
output buffer with uninitialized contents from the heap. The `t` and `z` outputs should be identical,
however this is not the case. The last row of `t` contains data from the heap which can be used to leak
other memory information. The bug lies in the conversion from a `Variant` tensor to a `RaggedTensor`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te
nsorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes
match and this results in the additional dimensions. The same implementation can result in data loss, if
input tensor is tweaked. We have patched the issue in GitHub commit
4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37679)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://git
hub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_
connected.cc#L226). We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37680)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/ten
sorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The
[`GetVariableInput` function](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161
b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but `GetTensorData`
assumes that the argument is always a valid tensor. Furthermore, because `GetVariableInput` calls [`GetMut
ableInput`](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorf
low/lite/kernels/kernel_util.cc#L82-L90) which might return `nullptr`, the `tensor->is_variable`
expression can also trigger a null pointer exception. We have patched the issue in GitHub commit
5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37681)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite
operations that use quantization can be made to use unitialized values. [For example](https://github.com/t
ensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.
cc#L198-L200). The issue stems from the fact that `quantization.params` is only valid if
`quantization.type` is different that `kTfLiteNoQuantization`. However, these checks are missing in large
parts of the code. We have patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887,
4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3,
and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37682)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflo
w/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no
check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit
1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37683)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for
divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695
](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695). The fix will
be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37684)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`exp
and_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tenso
rflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element
outside of bounds of heap allocated data. If `axis` is a large negative value (e.g., `-100000`), then
after the first `if` it would still be negative. The check following the `if` statement will pass and the
`for` loop would read one element before the start of `input_dims.data` (when `i = 0`). We have patched
the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37685)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided
slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop.
This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/
tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-
L122). An attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always
negative). In this case, the inner loop does not increase `i` and the `continue` statement causes
execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub
commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.
(CVE-2021-37686)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's
[`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d00
5b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no
checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting
a model with negative values in `indices`. Similar issue exists in [`Gather` implementation](https://githu
b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.c
c). We have patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and
eb921122119a6b6e470ee98b89e65d721663179d. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37687)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and
denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80d
f1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally
dereferences a pointer. We have patched the issue in GitHub commit
15691e456c7dc9bd6be203b09765b063bf4a380c. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37688)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and
denial of service. This is caused by the MLIR optimization of `L2NormalizeReduceAxis` operator. The [imple
mentation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorfl
ow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an
iterator to a vector without checking that the vector has elements. We have patched the issue in GitHub
commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in TensorFlow 2.6.0. We will
also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. (CVE-2021-37689)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running
shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the
form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that
is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can
trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus
putting the newly created shape under ownership of an inference context that will not die), but we were
not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes
and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37690)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://githu
b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_proj
ection.cc#L118). We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The
fix will be included in TensorFlow 2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
(CVE-2021-37691)
- TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain
conditions, Go code can trigger a segfault in string deallocation. For string tensors,
`C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor
structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc
assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding
failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is
deferred until `NewTensor` returns and, if encoding failed for a string tensor, deallocs are determined
based on bytes written. We have patched the issue in GitHub commit
8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also
cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. (CVE-2021-37692)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178564");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181864");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186860");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189423");
# https://lists.opensuse.org/archives/list/[email protected]/thread/U25ZU2T5T4LOLSIYIMGC5PLU4PQQMJE5/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a4d9e5f4");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26266");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26267");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26268");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26270");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26271");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37635");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37636");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37637");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37638");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37639");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37640");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37641");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37642");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37643");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37644");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37645");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37646");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37647");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37648");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37649");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37650");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37651");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37652");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37653");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37654");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37655");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37656");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37657");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37658");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37659");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37660");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37661");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37662");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37663");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37664");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37665");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37666");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37667");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37668");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37669");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37670");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37671");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37672");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37673");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37674");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37675");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37676");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37677");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37678");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37679");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37680");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37681");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37682");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37683");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37684");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37685");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37686");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37687");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37688");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37689");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37690");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37691");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37692");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37690");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-37678");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bazel-skylib1.0.3-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bazel3.7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-lite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-lite-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-hpc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-openmpi2-hpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-openmpi2-hpc-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'bazel-skylib1.0.3-source-1.0.3-bp153.2.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bazel3.7-3.7.2-bp153.4.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bazel3.7-3.7.2-bp153.4.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiomp5-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiomp5-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiomp5-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bazel-skylib1.0.3-source / bazel3.7 / libiomp5 / libiomp5-gnu-hpc / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37649
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37692
www.nessus.org/u?a4d9e5f4
bugzilla.suse.com/1173128
bugzilla.suse.com/1173314
bugzilla.suse.com/1178287
bugzilla.suse.com/1178564
bugzilla.suse.com/1179455
bugzilla.suse.com/1181864
bugzilla.suse.com/1186860
bugzilla.suse.com/1189423
www.suse.com/security/cve/CVE-2020-26266
www.suse.com/security/cve/CVE-2020-26267
www.suse.com/security/cve/CVE-2020-26268
www.suse.com/security/cve/CVE-2020-26270
www.suse.com/security/cve/CVE-2020-26271
www.suse.com/security/cve/CVE-2021-37635
www.suse.com/security/cve/CVE-2021-37636
www.suse.com/security/cve/CVE-2021-37637
www.suse.com/security/cve/CVE-2021-37638
www.suse.com/security/cve/CVE-2021-37639
www.suse.com/security/cve/CVE-2021-37640
www.suse.com/security/cve/CVE-2021-37641
www.suse.com/security/cve/CVE-2021-37642
www.suse.com/security/cve/CVE-2021-37643
www.suse.com/security/cve/CVE-2021-37644
www.suse.com/security/cve/CVE-2021-37645
www.suse.com/security/cve/CVE-2021-37646
www.suse.com/security/cve/CVE-2021-37647
www.suse.com/security/cve/CVE-2021-37648
www.suse.com/security/cve/CVE-2021-37649
www.suse.com/security/cve/CVE-2021-37650
www.suse.com/security/cve/CVE-2021-37651
www.suse.com/security/cve/CVE-2021-37652
www.suse.com/security/cve/CVE-2021-37653
www.suse.com/security/cve/CVE-2021-37654
www.suse.com/security/cve/CVE-2021-37655
www.suse.com/security/cve/CVE-2021-37656
www.suse.com/security/cve/CVE-2021-37657
www.suse.com/security/cve/CVE-2021-37658
www.suse.com/security/cve/CVE-2021-37659
www.suse.com/security/cve/CVE-2021-37660
www.suse.com/security/cve/CVE-2021-37661
www.suse.com/security/cve/CVE-2021-37662
www.suse.com/security/cve/CVE-2021-37663
www.suse.com/security/cve/CVE-2021-37664
www.suse.com/security/cve/CVE-2021-37665
www.suse.com/security/cve/CVE-2021-37666
www.suse.com/security/cve/CVE-2021-37667
www.suse.com/security/cve/CVE-2021-37668
www.suse.com/security/cve/CVE-2021-37669
www.suse.com/security/cve/CVE-2021-37670
www.suse.com/security/cve/CVE-2021-37671
www.suse.com/security/cve/CVE-2021-37672
www.suse.com/security/cve/CVE-2021-37673
www.suse.com/security/cve/CVE-2021-37674
www.suse.com/security/cve/CVE-2021-37675
www.suse.com/security/cve/CVE-2021-37676
www.suse.com/security/cve/CVE-2021-37677
www.suse.com/security/cve/CVE-2021-37678
www.suse.com/security/cve/CVE-2021-37679
www.suse.com/security/cve/CVE-2021-37680
www.suse.com/security/cve/CVE-2021-37681
www.suse.com/security/cve/CVE-2021-37682
www.suse.com/security/cve/CVE-2021-37683
www.suse.com/security/cve/CVE-2021-37684
www.suse.com/security/cve/CVE-2021-37685
www.suse.com/security/cve/CVE-2021-37686
www.suse.com/security/cve/CVE-2021-37687
www.suse.com/security/cve/CVE-2021-37688
www.suse.com/security/cve/CVE-2021-37689
www.suse.com/security/cve/CVE-2021-37690
www.suse.com/security/cve/CVE-2021-37691
www.suse.com/security/cve/CVE-2021-37692