7040 matches found
CVE-2021-29580
The CVE covers TensorFlow tf.raw_ops.FractionalMaxPoolGrad with undefined behavior when an input tensor is empty and a_CHECK failure that can abort the process, per multiple sources in the Initial document. The issue arises from input/output validation (empty tensors and rank checks) in fractiona...
CVE-2021-29581
CVE-2021-29581 describes a denial-of-service vulnerability in TensorFlow’s tf.raw_ops.CTCBeamSearchDecoder, where lack of input validation on empty tensors allows a local attacker to trigger a segfault by reading from a null buffer. The issue affects TensorFlow versions in scope (2.x) and is addr...
CVE-2021-29582
TensorFlow CVE-2021-29582 describes a heap-out-of-bounds read in tf.raw_ops.Dequantize caused by a shape mismatch between min_range and max_range tensors. The vulnerability allows a local attacker to trigger reads outside heap data. The remediation is a patch, with fixes targeted for TensorFlow 2...
CVE-2021-29583
TensorFlow CVE-2021-29583 / GHSA-9XH4-23Q4-V6WR describe a heap buffer overflow and undefined behavior in tf.raw_ops.FusedBatchNorm when inputs like scale, offset, mean, or variance have mismatched shapes or are empty. Root cause: missing validation that these tensors match the number of channels...
CVE-2021-29512
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
PYSEC-2021-440
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
CVE-2021-29525
TensorFlow CVE-2021-29525: Division by zero in tf.raw_ops.Conv2DBackpropInput. Root cause is division by a caller-controlled quantity in conv_grad_input_ops.h. Patched in TensorFlow 2.5.0, with cherrypicks back to 2.4.2, 2.3.3, 2.2.3 and 2.1.4. Upgrading to 2.5.0 or applying the cherry-picked pat...
CVE-2021-29525 Division by 0 in `Conv2DBackpropInput`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
CVE-2021-29526 Division by 0 in `Conv2D`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...
CVE-2021-29526
Summary: CVE-2021-29526 affects TensorFlow’s Conv2D path, where the division by a caller-controlled quantity in tf.raw_ops.Conv2D can trigger a division by zero. This vulnerability is supported by multiple sources in connected documents (OSV entries and NVD/CVE references) that describe the under...
CVE-2021-29527
CVE-2021-29527 is a TensorFlow division-by-zero vulnerability in tf.raw_ops.QuantizedConv2D caused by a caller-controlled quantity in quantized_conv_ops.cc (lines 257–259). The fix is expected in TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4; multiple related advisories (GH...
CVE-2021-29527 Division by 0 in `QuantizedConv2D`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...
CVE-2021-29528
CVE-2021-29528 is a TensorFlow vulnerability in the QuantizedMul path that can trigger a division by zero. The issue arises because the implementation divides by a quantity controlled by the caller, per the cited code path in quantized_mul_op.cc. Public details confirm affected TensorFlow release...
CVE-2021-29528 Division by 0 in `QuantizedMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...
CVE-2021-29529
CVE-2021-29529 affects TensorFlow’s QuantizedResizeBilinear in tf.raw_ops.QuantizedResizeBilinear, where rounding of floating input can cause interpolation bounds to produce an out-of-bounds access, leading to a heap buffer overflow. The vulnerability arises because lower/upper interpolation boun...
CVE-2021-29529 Heap buffer overflow caused by rounding
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...
CVE-2021-29530
CVE-2021-29530 concerns TensorFlow’s SparseMatrixSparseCholesky: passing an invalid permutation could trigger a null pointer dereference due to incomplete input validation in the underlying code, allowing continuation after a failed check. Public sources (NVD, OSV, GHSA) describe the issue in Ten...
CVE-2021-29530 Invalid validation in `SparseMatrixSparseCholesky`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...
CVE-2021-29531
CVE-2021-29531 affects TensorFlow and relates to a denial-of-service risk in PNG encoding when an attacker supplies an empty input tensor for pixel data. The issue stems from encode_png_op.cc validating only total pixel count and passing image data to png::WriteImageToBuffer, which calls CHECK_NO...
CVE-2021-29532
Summary: CVE-2021-29532 affects TensorFlow and describes a heap out-of-bounds read in RaggedCross when processing tensors, due to missing validation of user-supplied indices in ragged/dense/sparse paths. The vulnerability arises from code that uses list indices (e.g., next_ragged/next_sparse/next...