3086 matches found
CVE-2021-29515
The CVE-2021-29515 issue affects TensorFlow MatrixDiag* ops: input tensors are not validated to be non-empty, which can lead to a null pointer dereference. The root cause is in MatrixDiagV2/V3 path handling inputs, and patches fix the issue (commit a7116dd39…) with the fix slated for TensorFlow 2...
CVE-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
CVE-2021-29516
TensorFlow CVE-2021-29516 describes a null pointer dereference in tf.raw_ops.RaggedTensorToVariant when provided with an invalid ragged tensor. The issue arises because batched_ragged.splits(0) is dereferenced without validating non-emptiness. Affected: TensorFlow and related entries indicate the...
CVE-2021-29516 Null pointer dereference via invalid Ragged Tensors
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
CVE-2021-29517
CVE-2021-29517 affects TensorFlow Conv3D: division-by-zero in the Conv3D kernel caused by a modulo on user input (fifth filter dimension), potentially triggering an Eigen assertion and a crash. The issue is addressed by a TensorFlow fix in 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4...
CVE-2021-29518
CVE-2021-29518 describes a vulnerability in TensorFlow where, in eager mode, session operations can dereference a null session_state pointer, leading to undefined behavior. Concrete details from connected documents show the root cause in tensor flow core/kernels/session_ops.cc, where ctx->sess...
CVE-2021-29520
TensorFlow CVE-2021-29520 concerns a heap buffer overflow in Conv3DBackprop* due to missing validation that assumes input, filter_sizes, and out_backprop have identical shapes. Multiple sources (OSV entries and GHSA advisory) corroborate the issue and patch lineage. The vulnerability affects Conv...
CVE-2021-29521
TensorFlow CVE-2021-29521: A bug in tf.raw_ops.SparseCountSparseOutput triggers a segmentation fault when dense_shape contains negative values. Root cause is the implementation assuming the first element of dense_shape is positive to initialize BatchedMap; with multi-element shapes, num_batches d...
CVE-2021-29523
CVE-2021-29523 : TensorFlow vulnerability where a crafted input for AddManySparseToTensorsMap can trigger a denial-of-service via a CHECK failure in TensorShapeInitDims when sparse_shape values overflow. Root cause: legacy TensorShapeBase constructor multiplies dimensions with potential overflow,...
CVE-2021-29524 Division by 0 in `Conv2DBackpropFilter`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...
CVE-2021-29524
TensorFlow (Conv2DBackpropFilter) suffers a division-by-zero vulnerability caused by a modulus operation in conv_grad_shape_utils.cc where the divisor is supplied by the caller. The concrete issue has been tracked as CVE-2021-29524 and is documented across multiple sources (OSV and Ghsa advisorie...
CVE-2021-29585
TensorFlow/TFLite padding compute path has a division-by-zero in ComputeOutSize when stride is 0, enabling a potential denial-of-service scenario via crafted models. The issue affects padding logic in TF Lite; patches were applied in commit 49847ae and a fix is planned for TensorFlow 2.5.0 with c...
CVE-2021-29585 Division by zero in padding computation in TFLite
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
CVE-2021-29586
CVE-2021-29586 affects TensorFlow (TFLite pooling) where optimized pooling implementations fail to validate stride values, allowing params->stride_height/width to be zero and cause a division by zero in ComputePaddingHeightWidth. Practically, this is a vulnerability in the pooling path of Tens...
CVE-2021-29586 Division by zero in optimized pooling implementations in TFLite
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...
CVE-2021-29615
CVE-2021-29615 affects TensorFlow and involves a stack overflow in the ParseAttrValue implementation caused by recursive parsing of nested attributes. Connected sources (OSV/GHSA/CNVD/NVD entries) consistently describe this as a vulnerability in TensorFlow’s attribute parsing path, with the fix s...
CVE-2021-29616
CVE-2021-29616 affects TensorFlow: the TrySimplify path in Grappler dereferences a null pointer in corner cases (optimizing a node with no inputs). This is a null-dereference vulnerability in the TensorFlow optimization code, not a user-facing attack surface description. The issue has been fixed ...
CVE-2021-29618
TensorFlow vulnerability CVE-2021-29618: a crash can occur when calling tf.transpose with conjugate=True and a complex input. Affected TF releases include 2.1.x–2.4.x in the supported range; the fix is planned for TensorFlow 2.5.0 with cherry-picks to 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Concrete tech...
CVE-2021-29619
CVE-2021-29619 affects TensorFlow via tf.raw_ops.SparseCountSparseOutput, where passing invalid arguments (including fuzzing-derived inputs) can cause a segfault. Connected sources confirm this is a TensorFlow in-tree issue with a fix planned for TensorFlow 2.5.0 and cherry-picks in supported 2.x...
CVE-2021-29587
TensorFlow/TFLite SpaceToDepth has a division-by-zero flaw in the Prepare step when block_size can be zero. This is triggered by crafted inputs/models and can lead to instability/DoS. The issue is mitigated by a patch in TensorFlow 2.5.0 (and cherry-picks to 2.4.2, 2.3.3, 2.2.3, 2.1.4). Remediati...