BIT-TENSORFLOW-2022-41889 Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

BIT-TENSORFLOW-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

BIT-TENSORFLOW-2022-41893 `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56...

BIT-TENSORFLOW-2022-41894 Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of inp...

BIT-TENSORFLOW-2022-41895 `MirrorPadGrad` heap out of bounds read in Tensorflow

TensorFlow is an open source platform for machine learning. If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also...

BIT-TENSORFLOW-2022-41896 `tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

BIT-TENSORFLOW-2022-41898 `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi...

BIT-TENSORFLOW-2022-41899 `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow

TensorFlow is an open source platform for machine learning. Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

BIT-TENSORFLOW-2022-41900 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...

BIT-TENSORFLOW-2022-41901 `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow

TensorFlow is an open source platform for machine learning. An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in...

BIT-TENSORFLOW-2022-41902 Out of bounds write in grappler in Tensorflow

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...

BIT-TENSORFLOW-2022-41907 Overflow in `ResizeNearestNeighborGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

BIT-TENSORFLOW-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

BIT-TENSORFLOW-2022-41909 Segfault in `CompositeTensorVariantToComponents` in Tensorflow

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

BIT-TENSORFLOW-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...

BIT-TENSORFLOW-2023-25658 TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...

BIT-TENSORFLOW-2023-25659 TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

BIT-TENSORFLOW-2023-25660 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version...

BIT-TENSORFLOW-2023-25661 Denial of Service in TensorFlow

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

BIT-TENSORFLOW-2023-25662 TensorFlow vulnerable to integer overflow in EditDistance

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...