CVE-2021-37674 Incomplete validation in `MaxPoolGrad` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

CVE-2021-37674

Summary (CVE-2021-37674) TensorFlow’s tf.raw_ops.MaxPoolGrad had insufficient validation for orig_input/orig_output, enabling a local attacker to trigger a denial-of-service via a segmentation fault. The issue is tied to CVE-2021-29579 and is addressed by patch 136b51f10903e044308cf77117c0ed98713...

CVE-2021-37665 Incomplete validation in MKL requantization in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

CVE-2021-37665

CVE-2021-37665 : TensorFlow vulnerable due to incomplete validation in MKL requantization (range per-channel and per-channel ops). The root cause is insufficient validation of input dimensions/arguments, allowing undefined behavior (binding a null pointer, heap out-of-bounds access). A patch was ...

CVE-2021-37677 Missing validation in shape inference for `Dequantize` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

CVE-2021-37677

CVE-2021-37677 describes a vulnerability in TensorFlow where the shape inference for tf.raw_ops.Dequantize can segfault and cause a denial of service if invalid arguments are provided. The root cause is missing validation of the axis value used to compute minmax_rank in the shape inference code. ...

CVE-2021-37683

TensorFlow (TFLite division) vulnerability (CVE-2021-37683): In affected builds, division in TFLite can produce a division-by-zero error because there is no check that the divisor tensor contains zero. The issue was addressed in commit 1e206baedf8bef0334cca3eb92bab134ef525a28 and the fix is plann...

CVE-2021-37683 Division by zero in TensorFlow Lite division operations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

CVE-2021-37684 Division by zero in TensorFlow Lite pooling operations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

CVE-2021-37668

CVE-2021-37668 affects TensorFlow, specifically the tf.raw_ops.UnravelIndex path. The vulnerability arises when dims is empty and an element of dims is 0, leading to an division-by-zero in the implementation and enabling a denial-of-service in model-serving applications. The issue was patched in ...

CVE-2021-37670

TensorFlow vulnerability CVE-2021-37670 involves a heap-based out-of-bounds read in tf.raw_ops.UpperBound (and LowerBound) caused by missing rank validation of the sorted_input argument. A patch was committed (commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38) and the fix is slated for TensorFlow 2...

CVE-2021-37691

CVE-2021-37691 affects TensorFlow (Lite) where a crafted TFLite model can trigger a division-by-zero error in the LSH projection implementation. The issue is mitigated by a patch in the GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9, with the fix slated for inclusion in TensorFlow 2.6.0 a...

CVE-2021-37679

TensorFlow CVE-2021-37679 concerns a vulnerability in nested tf.map_fn with RaggedTensor inputs. The root cause is in the conversion from a Variant tensor to a RaggedTensor: the implementation does not verify that all inner shapes match, which can produce extra dimensions and allow leakage of hea...

CVE-2021-37672

TensorFlow CVE-2021-37672 is a heap-based out-of-bounds read vulnerability in SdcaOptimizerV2 caused by not validating example_labels length against the number of examples. The issue is disclosed in GHSA-5HJ3-VJJF-F5M7 with a code example and fix details. Patches were applied in the GitHub commit...

CVE-2021-37672 Heap OOB in `SdcaOptimizerV2` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

CVE-2021-37687

CVE-2021-37687 describes a heap-based out-of-bounds read in TensorFlow Lite’s GatherNd and Gather, caused by missing index checks for negative values in indices. An attacker could read arbitrary heap data via crafted models. Patched in GitHub commits bb6a0383ed... and eb92112211..., with the fix ...

CVE-2021-37688

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

CVE-2021-37666

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

CVE-2021-37671

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...