Lucene search

K
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2022-10014-1.NASL
HistoryJun 19, 2022 - 12:00 a.m.

openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)

2022-06-1900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10014-1 advisory.

  • In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26266)

  • In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26267)

  • In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26268)

  • In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of- death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26270)

  • In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26271)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a49953118 25ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. We have patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37635)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The [implementa tion](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/co re/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37636)

  • TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The [implem entation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflo w/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. We have patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37637)

  • TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f3 81495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. We have patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37638)

  • TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer.
    Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorfl ow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc #L158-L159) retrieves the tensor list corresponding to the tensor_name user controlled input and immediately retrieves the tensor at the restoration index (controlled via preferred_shard argument).
    This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37639)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f4969 8/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6 abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected version. (CVE-2021-37640)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.raw_ops.RaggedGather don’t determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow /blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by params_nested_splits is not an empty list of tensors. We have patched the issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37641)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The [implementat ion](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/cor e/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37642)

  • TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](ht tps://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kerne ls/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37643)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The [implemen tation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/ core/kernels/list_kernels.cc#L312) calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37644)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14 f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the axis value as the size argument to absl::InlinedVector constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also affected and still in supported range. (CVE-2021-37645)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [ implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/ten sorflow/core/kernels/string_ngrams_op.cc#L184) calls reserve on a tstring with a value that sometimes can be negative if user supplies negative ngram_widths. The reserve method calls TF_TString_Reserve which has an unsigned long argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37646)

  • TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/ 8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L2 40-L251) has some argument validation but fails to consider the case when either indices or values are provided for an empty sparse tensor when the other is not. If indices is empty, then [code that performs validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorf low/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If indices as provided by the user is empty, then indices in the C++ code above is backed by an empty std::vector, hence calling indices->dim_size(0) results in null pointer dereferencing (same as calling std::vector::at() on an empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37647)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2 e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses ValidateInputs to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses OP_REQUIRES which translates to setting the Status object of the current OpKernelContext to an error status, followed by an empty return statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the next line in Compute that follows the call to ValidateInputs. This is equivalent to lacking the validation. We have patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37648)

  • TensorFlow is an end-to-end open source platform for machine learning. The code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The [implementation](htt ps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernel s/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressing. There is no check that the Variant tensor contained a CompressedElement, so the pointer is actually nullptr. We have patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37649)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/te nsorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_rec ord_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. We have patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37650)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad3 1a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty EigenDoubleMatrixMap and then accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37651)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorfl ow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55 ) uses a reference counted resource and decrements the refcount if the initialization fails, as it should.
    However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent free-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37652)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The [implementation](ht tps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kerne ls/resource_variable_ops.cc#L725-L731) computes the value of a value, batch_size, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37653)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementat ion](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/cor e/kernels/resource_variable_ops.cc#L660-L668) does not check that the batch_dims value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of tensor, this results in reading data from outside the bounds of heap allocated buffer backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37654)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.raw_ops.ResourceScatterUpdate. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24 faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of indices and updates: instead of checking that the shape of indices is a prefix of the shape of updates (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. We have patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37655)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1dde b/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. We have patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37656)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV*. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8 0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of k is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37657)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixSetDiagV*. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187 cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of k is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37658)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don’t require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://gith ub.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_o ps_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37659)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8 0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if x and v are empty but the code uses || instead of &&. We have patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37660)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b 61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that num_streams only contains non-negative numbers. In turn, [this results in using this value to allocate m emory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c ore/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned.
    This results in a crash from the standard library. We have patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37661)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The [implementation](https://github.com/tensorflow/tensorflow/b lob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. We have patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37662)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implement ation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c ore/kernels/quantize_op.cc#L59) has some validation but does not check that min_range and max_range both have the same non-zero number of elements. If axis is provided (i.e., not -1), then validation should check that it is a value in range for the rank of input tensor and then the lengths of min_range and max_range inputs match the axis dimension of the input tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37663)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The [implementation](https://github.com/tensorflow/tensorfl ow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in stats_summary_indices is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37664)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f 4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the input tensor. A similar issue occurs in MklRequantizePerChannelOp. The [implementation](https:/ /github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mk l/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37665)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The [implementation](https://github.com/tensorflow/tensorflow/blob/460 e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. We have patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37666)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The [i mplementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens orflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the input_splits tensor before validating that this tensor is not empty. We have patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37667)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a 16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by dims is not empty. Hence, if one element of dims is 0, the implementation does a division by 0. We have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37668)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a 83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a std::vector. However, as std::vector::resize takes the size argument as a size_t and output_size is an int, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in CombinedNonMaxSuppression. We have patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit [b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37669)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.UpperBound. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a832 78fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of sorted_input argument. A similar issue occurs in tf.raw_ops.LowerBound. We have patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37670)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and tf.raw_ops.OrderedMap* operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/46 0e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that indices is in ascending order, but does not check that indices is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37671)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.raw_ops.SdcaOptimizerV2. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de 3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of example_labels is the same as the number of examples. We have patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37672)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The [implementation](https:// github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map
    _stage_op.cc#L513) does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37673)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d 161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the orig_input and orig_output tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37674)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference [implementation](https://gith ub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/commo n_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. We have patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37675)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows.
    The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61 a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. We have patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37676)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.
    com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L 2999-L3014) uses axis to select between two different values for minmax_rank which is then used to retrieve tensor dimensions. However, code assumes that axis can be either -1 or a value greater than -1, with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37677)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b 1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses yaml.unsafe_load which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37678)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The t and z outputs should be identical, however this is not the case. The last row of t contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a Variant tensor to a RaggedTensor. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te nsorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. We have patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37679)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://git hub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_ connected.cc#L226). We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37680)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/ten sorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The [GetVariableInput function](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161 b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but GetTensorData assumes that the argument is always a valid tensor. Furthermore, because GetVariableInput calls [GetMut ableInput](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorf low/lite/kernels/kernel_util.cc#L82-L90) which might return nullptr, the tensor->is_variable expression can also trigger a null pointer exception. We have patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37681)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/t ensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.
    cc#L198-L200). The issue stems from the fact that quantization.params is only valid if quantization.type is different that kTfLiteNoQuantization. However, these checks are missing in large parts of the code. We have patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37682)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflo w/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37683)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 . The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37684)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite’s [exp and_dims.cc](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tenso rflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value (e.g., -100000), then after the first if it would still be negative. The check following the if statement will pass and the for loop would read one element before the start of input_dims.data (when i = 0). We have patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37685)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop.
    This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/ tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103- L122). An attacker can craft a model such that ellipsis_end_idx is smaller than i (e.g., always negative). In this case, the inner loop does not increase i and the continue statement causes execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.
    (CVE-2021-37686)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite’s [GatherNd implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d00 5b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in indices. Similar issue exists in [Gather implementation](https://githu b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.c c). We have patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37687)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80d f1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. We have patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37688)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The [imple mentation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorfl ow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. We have patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37689)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. ShapeRefiner is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37690)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://githu b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_proj ection.cc#L118). We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37691)

  • TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc is called during garbage collection within a finalizer function. However, tensor structure isn’t checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until NewTensor returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. (CVE-2021-37692)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2022:10014-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(162400);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");

  script_cve_id(
    "CVE-2020-26266",
    "CVE-2020-26267",
    "CVE-2020-26268",
    "CVE-2020-26270",
    "CVE-2020-26271",
    "CVE-2021-37635",
    "CVE-2021-37636",
    "CVE-2021-37637",
    "CVE-2021-37638",
    "CVE-2021-37639",
    "CVE-2021-37640",
    "CVE-2021-37641",
    "CVE-2021-37642",
    "CVE-2021-37643",
    "CVE-2021-37644",
    "CVE-2021-37645",
    "CVE-2021-37646",
    "CVE-2021-37647",
    "CVE-2021-37648",
    "CVE-2021-37649",
    "CVE-2021-37650",
    "CVE-2021-37651",
    "CVE-2021-37652",
    "CVE-2021-37653",
    "CVE-2021-37654",
    "CVE-2021-37655",
    "CVE-2021-37656",
    "CVE-2021-37657",
    "CVE-2021-37658",
    "CVE-2021-37659",
    "CVE-2021-37660",
    "CVE-2021-37661",
    "CVE-2021-37662",
    "CVE-2021-37663",
    "CVE-2021-37664",
    "CVE-2021-37665",
    "CVE-2021-37666",
    "CVE-2021-37667",
    "CVE-2021-37668",
    "CVE-2021-37669",
    "CVE-2021-37670",
    "CVE-2021-37671",
    "CVE-2021-37672",
    "CVE-2021-37673",
    "CVE-2021-37674",
    "CVE-2021-37675",
    "CVE-2021-37676",
    "CVE-2021-37677",
    "CVE-2021-37678",
    "CVE-2021-37679",
    "CVE-2021-37680",
    "CVE-2021-37681",
    "CVE-2021-37682",
    "CVE-2021-37683",
    "CVE-2021-37684",
    "CVE-2021-37685",
    "CVE-2021-37686",
    "CVE-2021-37687",
    "CVE-2021-37688",
    "CVE-2021-37689",
    "CVE-2021-37690",
    "CVE-2021-37691",
    "CVE-2021-37692"
  );

  script_name(english:"openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2022:10014-1 advisory.

  - In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized
    values during code execution. This is caused by having tensor buffers be filled with the default value of
    the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed
    in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26266)

  - In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the
    src_format and dst_format attributes. The code assumes that these two arguments define a permutation of
    NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is
    fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26267)

  - In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor
    created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an
    integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If
    the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what
    is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes
    a segmentation fault. This is because the allocator used to return the buffer data is not marked as
    returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions
    1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26268)

  - In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input
    with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-
    death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in
    versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26270)

  - In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing
    uninitialized memory while building the computation graph. The MakeEdge function creates an edge between
    one output tensor of the src node (given by output_index) and the input slot of the dst node (given by
    input_index). This is only possible if the types of the tensors on both sides coincide, so the function
    begins by obtaining the corresponding DataType values and comparing these for equality. However, there is
    no check that the indices point to inside of the arrays they index into. Thus, this can result in
    accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can
    manifest as unitialized data access, but if the index points far away from the boundaries of the arrays
    this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3,
    2.2.2, 2.3.2, and 2.4.0. (CVE-2020-26271)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap
    allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a49953118
    25ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each
    reduction group does not overflow and that each corresponding index does not point to outside the bounds
    of the input tensor. We have patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37635)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementa
    tion](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/co
    re/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails
    to treat the division by 0 case separately. We have patched the issue in GitHub commit
    d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37636)

  - TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null
    pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implem
    entation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflo
    w/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a
    separate function call before validating that said buffer is valid. We have patched the issue in GitHub
    commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37637)

  - TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for
    `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and
    undefined behavior. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f3
    81495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first
    element of a user supplied list of values without validating that the provided list is not empty. We have
    patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be included in
    TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37638)

  - TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw
    APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer.
    Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some
    tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorfl
    ow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc
    #L158-L159) retrieves the tensor list corresponding to the `tensor_name` user controlled input and
    immediately retrieves the tensor at the restoration index (controlled via `preferred_shard` argument).
    This occurs without validating that the provided list has enough values. If the list is empty this results
    in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the
    restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub
    commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37639)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f4969
    8/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at
    least an index in the input but does not check that shape of the input or the target shape have both a
    non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6
    abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the
    dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We
    have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included
    in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected
    version. (CVE-2021-37640)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the
    arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from
    outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow
    /blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly
    reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e.,
    it is not a scalar). Furthermore, the implementation does not check that the list given by
    `params_nested_splits` is not an empty list of tensors. We have patched the issue in GitHub commit
    a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37641)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementat
    ion](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/cor
    e/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat
    the division by 0 case separately. We have patched the issue in GitHub commit
    4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37642)

  - TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid
    padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if
    input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](ht
    tps://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kerne
    ls/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that
    the tensor has values to read from. We have patched the issue in GitHub commit
    482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37643)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a
    negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to
    abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implemen
    tation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/
    core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input
    given by the user, without checking that this input is valid. We have patched the issue in GitHub commit
    8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37644)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue
    caused by converting a signed integer value to an unsigned one and then allocating memory based on this
    value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14
    f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size
    argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the
    argument, so the implicit conversion transforms the negative value to a large integer. We have patched the
    issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow
    2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also
    affected and still in supported range. (CVE-2021-37645)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by
    converting a signed integer value to an unsigned one and then allocating memory based on this value. The [
    implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/ten
    sorflow/core/kernels/string_ngrams_op.cc#L184) calls `reserve` on a `tstring` with a value that sometimes
    can be negative if user supplies negative `ngram_widths`. The `reserve` method calls `TF_TString_Reserve`
    which has an `unsigned long` argument for the size of the buffer. Hence, the implicit conversion
    transforms the negative value to a large integer. We have patched the issue in GitHub commit
    c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37646)

  - TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply
    arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can
    be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/
    8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L2
    40-L251) has some argument validation but fails to consider the case when either `indices` or `values` are
    provided for an empty sparse tensor when the other is not. If `indices` is empty, then [code that performs
    validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorf
    low/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are
    monotonically increasing) results in a null pointer dereference. If `indices` as provided by the user is
    empty, then `indices` in the C++ code above is backed by an empty `std::vector`, hence calling
    `indices->dim_size(0)` results in null pointer dereferencing (same as calling `std::vector::at()` on an
    empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The
    fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37647)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for
    `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer
    dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2
    e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses `ValidateInputs` to check that the
    input arguments are valid. This validation would have caught the illegal state represented by the
    reproducer above. However, the validation uses `OP_REQUIRES` which translates to setting the `Status`
    object of the current `OpKernelContext` to an error status, followed by an empty `return` statement which
    just terminates the execution of the function it is present in. However, this does not mean that the
    kernel execution is finalized: instead, execution continues from the next line in `Compute` that follows
    the call to `ValidateInputs`. This is equivalent to lacking the validation. We have patched the issue in
    GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in TensorFlow 2.6.0. We
    will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are
    also affected and still in supported range. (CVE-2021-37648)

  - TensorFlow is an end-to-end open source platform for machine learning. The code for
    `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](htt
    ps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernel
    s/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a `CompressedElement` from a
    `Variant` tensor and then proceeds to dereference it for decompressing. There is no check that the
    `Variant` tensor contained a `CompressedElement`, so the pointer is actually `nullptr`. We have patched
    the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix will be included in
    TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37649)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can
    trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/te
    nsorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_rec
    ord_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check
    for that, and the example given above uses numeric types. We have patched the issue in GitHub commit
    e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37650)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds
    of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad3
    1a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate
    that the input tensor is non-empty. Thus, code constructs an empty `EigenDoubleMatrixMap` and then
    accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub
    commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37651)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an
    attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorfl
    ow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55
    ) uses a reference counted resource and decrements the refcount if the initialization fails, as it should.
    However, when the code was written, the resource was represented as a naked pointer but later refactoring
    has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of
    the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the
    resource has been already freed. During this double-free process, members of the resource object are
    accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue
    in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
    are also affected and still in supported range. (CVE-2021-37652)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](ht
    tps://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kerne
    ls/resource_variable_ops.cc#L725-L731) computes the value of a value, `batch_size`, and then divides by it
    without checking that this value is not 0. We have patched the issue in GitHub commit
    ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37653)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or
    a read from outside the bounds of heap allocated data in the same API in a release build. The [implementat
    ion](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/cor
    e/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value that the user
    supplies is less than the rank of the input tensor. Since the implementation uses several for loops over
    the dimensions of `tensor`, this results in reading data from outside the bounds of heap allocated buffer
    backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37654)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to
    `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24
    faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an
    incomplete validation of the relationship between the shapes of `indices` and `updates`: instead of
    checking that the shape of `indices` is a prefix of the shape of `updates` (so that broadcasting can
    happen), code only checks that the number of elements in these two tensors are in a divisibility
    relationship. We have patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f. The fix
    will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
    2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37655)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1dde
    b/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the
    splits values: it does not check that they are in increasing order. We have patched the issue in GitHub
    commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37656)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in all operations of type
    `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8
    0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation
    that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but
    there is no check for the number of elements. If this is an empty tensor, then code that accesses the
    first element of the tensor is wrong. We have patched the issue in GitHub commit
    f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37657)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in all operations of type
    `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187
    cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete
    validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a
    vector, but there is no check for the number of elements. If this is an empty tensor, then code that
    accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit
    ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37658)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that
    don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://gith
    ub.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_o
    ps_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check
    that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to
    binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37659)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause a floating point exception by calling inplace operations with crafted arguments that would
    result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb8
    0d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should
    skip processing if `x` and `v` are empty but the code uses `||` instead of `&&`. We have patched the issue
    in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
    are also affected and still in supported range. (CVE-2021-37660)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative
    arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b
    61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that
    `num_streams` only contains non-negative numbers. In turn, [this results in using this value to allocate m
    emory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c
    ore/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, `reserve` receives an
    unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned.
    This results in a crash from the standard library. We have patched the issue in GitHub commit
    8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37661)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can generate undefined behavior via a reference binding to nullptr in
    `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in
    `BoostedTreesCalculateBestFeatureSplitV2`. The [implementation](https://github.com/tensorflow/tensorflow/b
    lob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not
    validate the input values. We have patched the issue in GitHub commit
    9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix
    will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
    2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37662)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to
    incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a
    reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implement
    ation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/c
    ore/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range`
    both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation
    should check that it is a value in range for the rank of `input` tensor and then the lengths of
    `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the
    issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow
    2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as
    these are also affected and still in supported range. (CVE-2021-37663)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
    `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorfl
    ow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs
    to validate that each value in `stats_summary_indices` is in range. We have patched the issue in GitHub
    commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37664)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to
    incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior
    via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays.
    The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f
    4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions
    of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`. The [implementation](https:/
    /github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mk
    l/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have
    patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit
    203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37665)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in
    `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460
    e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an
    incomplete validation of the splits values, missing the case when the argument would be empty. We have
    patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in
    TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37666)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [i
    mplementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens
    orflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the `input_splits` tensor
    before validating that this tensor is not empty. We have patched the issue in GitHub commit
    2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37667)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a
    division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a
    16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed
    by `dims` is not empty. Hence, if one element of `dims` is 0, the implementation does a division by 0. We
    have patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix will be included
    in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37668)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by
    triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a
    83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a
    user controlled argument to resize a `std::vector`. However, as `std::vector::resize` takes the size
    argument as a `size_t` and `output_size` is an `int`, there is an implicit conversion to unsigned. If the
    attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in
    `CombinedNonMaxSuppression`. We have patched the issue in GitHub commit
    3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit [b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58. The fix
    will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
    2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37669)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
    `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a832
    78fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank
    of `sorted_input` argument. A similar issue occurs in `tf.raw_ops.LowerBound`. We have patched the issue
    in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0.
    We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
    are also affected and still in supported range. (CVE-2021-37670)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and
    `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/46
    0e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in
    place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We
    have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included
    in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37671)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to
    `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de
    3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that
    the length of `example_labels` is the same as the number of examples. We have patched the issue in GitHub
    commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37672)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://
    github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map
    _stage_op.cc#L513) does not check that the `key` input is a valid non-empty tensor. We have patched the
    issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow
    2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as
    these are also affected and still in supported range. (CVE-2021-37673)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing
    validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d
    161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the `orig_input` and
    `orig_output` tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub
    commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37674)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions most
    implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where
    an attacker can trigger a denial of service via a crash. The shape inference [implementation](https://gith
    ub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/commo
    n_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. We have
    patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in
    TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37675)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`.
    The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61
    a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments
    are not empty tensors. We have patched the issue in GitHub commit
    578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37676)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape
    inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via
    a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.
    com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L
    2999-L3014) uses `axis` to select between two different values for `minmax_rank` which is then used to
    retrieve tensor dimensions. However, code assumes that `axis` can be either `-1` or a value greater than
    `-1`, with no validation for the other values. We have patched the issue in GitHub commit
    da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37677)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and
    Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML
    format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b
    1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can
    perform arbitrary code execution on the input. Given that YAML format support requires a significant
    amount of work, we have removed it for now. We have patched the issue in GitHub commit
    23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37678)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible
    to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor`
    and there is no function signature provided, code assumes the output is a fully specified tensor and fills
    output buffer with uninitialized contents from the heap. The `t` and `z` outputs should be identical,
    however this is not the case. The last row of `t` contains data from the heap which can be used to leak
    other memory information. The bug lies in the conversion from a `Variant` tensor to a `RaggedTensor`. The 
    [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te
    nsorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes
    match and this results in the additional dimensions. The same implementation can result in data loss, if
    input tensor is tweaked. We have patched the issue in GitHub commit
    4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37679)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://git
    hub.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_
    connected.cc#L226). We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.
    The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37680)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/ten
    sorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The
    [`GetVariableInput` function](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161
    b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but `GetTensorData`
    assumes that the argument is always a valid tensor. Furthermore, because `GetVariableInput` calls [`GetMut
    ableInput`](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorf
    low/lite/kernels/kernel_util.cc#L82-L90) which might return `nullptr`, the `tensor->is_variable`
    expression can also trigger a null pointer exception. We have patched the issue in GitHub commit
    5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37681)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite
    operations that use quantization can be made to use unitialized values. [For example](https://github.com/t
    ensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.
    cc#L198-L200). The issue stems from the fact that `quantization.params` is only valid if
    `quantization.type` is different that `kTfLiteNoQuantization`. However, these checks are missing in large
    parts of the code. We have patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887,
    4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538. The fix will be
    included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3,
    and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37682)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflo
    w/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no
    check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit
    1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37683)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the
    implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for
    divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695
    ](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695). The fix will
    be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
    2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37684)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`exp
    and_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tenso
    rflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element
    outside of bounds of heap allocated data. If `axis` is a large negative value (e.g., `-100000`), then
    after the first `if` it would still be negative. The check following the `if` statement will pass and the
    `for` loop would read one element before the start of `input_dims.data` (when `i = 0`). We have patched
    the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix will be included in
    TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and
    TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37685)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided
    slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop.
    This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/
    tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-
    L122). An attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always
    negative). In this case, the inner loop does not increase `i` and the `continue` statement causes
    execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub
    commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.
    (CVE-2021-37686)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's
    [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d00
    5b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no
    checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting
    a model with negative values in `indices`. Similar issue exists in [`Gather` implementation](https://githu
    b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.c
    c). We have patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and
    eb921122119a6b6e470ee98b89e65d721663179d. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37687)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and
    denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80d
    f1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally
    dereferences a pointer. We have patched the issue in GitHub commit
    15691e456c7dc9bd6be203b09765b063bf4a380c. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37688)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and
    denial of service. This is caused by the MLIR optimization of `L2NormalizeReduceAxis` operator. The [imple
    mentation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorfl
    ow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an
    iterator to a vector without checking that the vector has elements. We have patched the issue in GitHub
    commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in TensorFlow 2.6.0. We will
    also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
    affected and still in supported range. (CVE-2021-37689)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running
    shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the
    form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that
    is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can
    trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus
    putting the newly created shape under ownership of an inference context that will not die), but we were
    not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes
    and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix
    will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
    2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. (CVE-2021-37690)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker
    can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://githu
    b.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_proj
    ection.cc#L118). We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The
    fix will be included in TensorFlow 2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1,
    TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
    (CVE-2021-37691)

  - TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain
    conditions, Go code can trigger a segfault in string deallocation. For string tensors,
    `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor
    structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc
    assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding
    failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is
    deferred until `NewTensor` returns and, if encoding failed for a string tensor, deallocs are determined
    based on bytes written. We have patched the issue in GitHub commit
    8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also
    cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. (CVE-2021-37692)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173128");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173314");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178287");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178564");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179455");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181864");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186860");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189423");
  # https://lists.opensuse.org/archives/list/[email protected]/thread/U25ZU2T5T4LOLSIYIMGC5PLU4PQQMJE5/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a4d9e5f4");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26266");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26267");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26268");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26270");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26271");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37635");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37636");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37637");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37638");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37639");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37640");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37641");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37642");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37643");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37644");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37645");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37646");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37647");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37648");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37649");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37650");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37651");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37652");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37653");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37654");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37655");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37656");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37657");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37658");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37659");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37660");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37661");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37662");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37663");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37664");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37665");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37666");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37667");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37668");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37669");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37670");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37671");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37672");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37673");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37674");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37675");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37676");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37677");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37678");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37679");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37680");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37681");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37682");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37683");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37684");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37685");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37686");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37687");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37688");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37689");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37690");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37691");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37692");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37690");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-37678");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bazel-skylib1.0.3-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bazel3.7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libiomp5-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow2-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_cc2-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtensorflow_framework2-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-lite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2-lite-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-hpc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-openmpi2-hpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tensorflow2_2_6_0-gnu-openmpi2-hpc-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);

var pkgs = [
    {'reference':'bazel-skylib1.0.3-source-1.0.3-bp153.2.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'bazel3.7-3.7.2-bp153.4.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'bazel3.7-3.7.2-bp153.4.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libiomp5-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libiomp5-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libiomp5-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2-lite-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var cpu = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bazel-skylib1.0.3-source / bazel3.7 / libiomp5 / libiomp5-gnu-hpc / etc');
}

References

Related for OPENSUSE-2022-10014-1.NASL