CVE-2021-29607

CVE-2021-29607 is tied to TensorFlow’s SparseAdd validation. The issue arises from incomplete validation of sparse tensor inputs (not checking emptiness or second-dimension_matches size), enabling potential undefined behavior such as null pointer dereferences and heap-out-of-bounds writes. The vu...

CVE-2021-29608

TensorFlow CVE-2021-29608 maps to a RaggedTensorToTensor validation flaw: input checks only ensure one tensor is non-empty, enabling potential heap out-of-bounds/NULL dereference undefined behavior in release builds. Multiple sources (NVD, OSV/GHSA advisories) describe a local-attack surface lead...

CVE-2021-29609

TensorFlow SparseAdd (CVE-2021-29609) has incomplete validation for sparse tensor inputs, allowing invalid tensor triples to slip through valid code paths. The vulnerability arises from not validating that inputs are non-empty and that the second dimension of *_indices matches the corresponding *...

CVE-2021-29610 Invalid validation in `QuantizeAndDequantizeV2`

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

CVE-2021-29610

CVE-2021-29610: TensorFlow QuantizeAndDequantizeV2 accepts axis values

CVE-2021-29611

TensorFlow vulnerability CVE-2021-29611: In SparseReshape, input validation is incomplete, allowing a denial-of-service via a CHECK failure. The issue affects multiple TF releases (notably the 2.3.3, 2.4.2 and 2.5.0 lines are mentioned for fixes/patches). The patch is referenced as commit 1d04d7d...

CVE-2021-29612

TensorFlow CVE-2021-29612 describes a heap-based buffer overflow in the Eigen-based tf.raw_ops.BandedTriangularSolve path. Root cause: ValidateInputTensors fails to check for empty inputs, and OP_REQUIRES validation may not propagate status, making the validation ineffective. Impact: potential co...

CVE-2021-29613

CVE-2021-29613 covers TensorFlow CTCLoss: the vulnerability is caused by incomplete validation in tf.raw_ops.CTCLoss that can trigger an out-of-bounds read from the heap (and related heap buffer overflow/null-pointer dereference conditions) as described in multiple sources. Affected: TensorFlow r...

CVE-2021-29614

CVE-2021-29614 affects TensorFlow: the tf.io.decode_raw path (padded version) mishandles fixed_length with wider datatypes, advancing the output pointer by fixed_length bytes even when only fixed_length bytes are copied. This causes parts of input not to be decoded and can lead to out-of-bounds w...

CVE-2021-29555

TensorFlow CVE-2021-29555 describes a denial-of-service vulnerability in tf.raw_ops.FusedBatchNorm caused by a division operation based on the last tensor dimension, which can be triggered by user-provided input. The issue affects the FusedBatchNorm path and has been patched; TensorFlow 2.5.0 wil...

CVE-2021-29556

CVE-2021-29556 affects TensorFlow cores with a Denial of Service via a division-by-first-dimension in tf.raw_ops.Reverse. The vulnerability arises because N = input.dim_size(0) is used to compute cost_per_unit, enabling a user-controlled trigger (through the tensor’s first dimension) to cause a F...

CVE-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

CVE-2021-29558

TensorFlow SparseSplit heap overflow (CVE-2021-29558) : Multiple security records (OSV, GHSA, CNVD, NVD) describe a heap-based overflow in tf.raw_ops.SparseSplit caused by accessing an array element using a user-controlled offset in SparseTensor.h. The vulnerability can lead to denial of service ...

CVE-2021-29559

The CVE-2021-29559 case concerns TensorFlow’s UnicodeEncode in tf.raw_ops, where heap-out-of-bounds access can occur if input_value/input_splits do not form a valid sparse tensor. Root cause: implementation assumes a valid sparse tensor, enabling data access outside heap bounds. The issue is fixe...

CVE-2021-29560

TensorFlow RaggedTensorToTensor heap-based overflow vulnerability (CVE-2021-29560) arises when the code uses the same index to access two arrays in parallel during ragged tensor to tensor conversion. An attacker-controlled input can trigger a heap OOB access when parent_output_index is shorter th...

CVE-2021-29560 Heap buffer overflow in `RaggedTensorToTensor`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

CVE-2021-29561

CVE-2021-29561 (TensorFlow) describes a denial-of-service via a CHECK-fail in LoadAndRemapMatrix caused by assuming ckpt_path is a valid scalar; attackers can send a non-scalar tensor as the first argument. Connected docs confirm the same issue and note fixes will be applied in TensorFlow 2.5.0 w...

CVE-2021-29562

TensorFlow TF IRFFT CHECK-fail vulnerability (CVE-2021-29562) can cause denial of service via a CHECK failure in tf.raw_ops.IRFFT. Public details in OSV/GHSA entries confirm impact and patch strategy: fix in TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4. IBM CVE coverage an...

CVE-2021-29563

CVE-2021-29563 affects TensorFlow via a CHECK-fail in tf.raw_ops.RFFT that can trigger a denial of service when Eigen code operates on an empty matrix. The issue arises from a CHECK/ASSERT path and causes program termination rather than a traditional memory corruption exploit. The affected behavi...

CVE-2021-29564 Null pointer dereference in `EditDistance`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...