PYSEC-2022-86

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

PYSEC-2022-74

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

CVE-2022-23561

CVE-2022-23561 affects TensorFlow’s TFLite, enabling out-of-bounds writes by crafting a TFLite model that can corrupt the memory allocator’s linked list. This vulnerability allows an arbitrary write primitive under certain conditions as described in the CVE description. Affected details in connec...

CVE-2022-23557

TensorFlow/TFLite BiasAndClamp vulnerability: a crafted TFLite model can trigger a division by zero due to missing non-zero bias_size checks in BiasAndClamp. The issue affects TFLite in TensorFlow and will be fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2....

CVE-2022-23557 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

CVE-2022-23558

CVE-2022-23558 describes an integer overflow in TensorFlow’s TFLite path: TfLiteIntArrayCreate alloc_size is derived from TfLiteIntArrayGetSizeInBytes(size), which returns an int instead of a size_t, enabling an attacker-controlled input to overflow computed_size. Affected: TensorFlow/TFLite mode...

CVE-2022-23558 Integer overflow in TFLite array creation

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

CVE-2022-23570 Null-dereference in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

CVE-2022-23564 Reachable Assertion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

CVE-2022-23564

CVE-2022-23564 (TensorFlow) : The issue is a denial-of-service in TensorFlow caused by an invalidated CHECK assertion when decoding a resource handle tensor from protobuf, triggered by user-controlled arguments. Affected: TensorFlow (TF) processes; root cause is an assertion failure path during r...

CVE-2022-23564 Reachable Assertion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

CVE-2022-23565

CVE-2022-23565 : TensorFlow contains a denial-of-service risk caused by an assertion failure when a SavedModel on disk has duplicated AttrDef entries for an operation. The issue’s root cause is described across connected sources as a SavedModel mismatch that can trigger a crash under certain on-d...

CVE-2022-23562 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

CVE-2022-23562

TensorFlow vulnerability CVE-2022-23562 concerns the Range implementation: integer overflows in Range can cause undefined behavior or extremely large allocations. Public notes indicate a fix will be included in TensorFlow 2.8.0, with cherry-picks to affected supported releases (2.7.1, 2.6.3, 2.5....

CVE-2022-23563

TensorFlow (CVE-2022-23563) describes a TOCTOU race caused by tempfile.mktemp usage, where a temporary file could be created by another process between the check and the actual creation. Several connected sources confirm this insecure temporary-file pattern and note that the fix replaces mktemp w...

CVE-2022-23559

TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...

CVE-2022-23560

CVE-2022-23560 affects TensorFlow/TFLite: a vulnerability in converting sparse tensors to dense tensors allows limited reads/writes outside array bounds due to missing validation in sparsity_format_converter. The issue is addressed with the TensorFlow 2.8.0 fix, with cherry-picks to 2.7.1, 2.6.3,...

CVE-2022-23574

CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...

CVE-2022-23571

CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....

CVE-2022-23566

CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...