Stack overflow

TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Stack overflow

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

Stack overflow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in...

Stack overflow

TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

Stack overflow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in...

Stack overflow

TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The f...

CVE-2022-36015

TensorFlow CVE-2022-36015 describes an integer overflow in RangeSize: if the range value cannot fit in int64_t, the operation crashes. The issue is fixed in commit 37e64539cd29fcfb814c4451152a60f5d107b0f0 and will be included in TensorFlow 2.10.0; it will also be cherry-picked to TensorFlow 2.9.1...

CVE-2022-36015 Integer overflow in math ops in TensorFlow

TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...

CVE-2022-36012 Assertion fail on MLIR empty edge names in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

CVE-2022-36012 Assertion fail on MLIR empty edge names in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

CVE-2022-36012

TensorFlow vulnerability CVE-2022-36012: when mlir::tfg::ConvertGenericFunctionToFunctionDef processes empty function attributes, TensorFlow crashes. A patch (commit ad069af92392efee1418c48ff561fd3070a03d7b) fixes the issue and will be included in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2....

CVE-2022-35996 Floating point exception in `Conv2D` in TensorFlow

TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue ...

CVE-2022-35996

TensorFlow’s CVE-2022-35996 describes a DoS due to a division-by-zero in Conv2D when given an empty input with valid filter/padding, producing all-zeros output. The issue was patched in the GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9, and the fix is scheduled for TensorFlow 2.10.0. Mai...

CVE-2022-36027 Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

CVE-2022-36027

TensorFlow's CVE-2022-36027 affects the TFLite/TensorFlow converter path for per-channel quantized transposed convolutions, where converting these ops can segfault and crash the Python process. The issue has been patched in commit aa0b852a4588cea4d36b74feb05d93055540b450, with the fix slated for ...

CVE-2022-36014

TensorFlow vulnerability CVE-2022-36014: a null dereference in mlir::tfg::TFOp::nameAttr when provided a null type list, causing a crash (denial of service potential). Fixed in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The patch will be ...

CVE-2022-36014 Null-dereference in `mlir::tfg::TFOp::nameAttr` in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

CVE-2022-36000 Null dereference on MLIR on empty function attributes in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in...

CVE-2022-36000

CVE-2022-36000 describes a null pointer dereference in TensorFlow when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes. Affected TF versions include 2.7.2, 2.8.1, 2.9.1 (and beyond) within the supported range; the issue has been patched in commit aed36912609fc072...

CVE-2022-36011

CVE-2022-36011 affects TensorFlow: a null dereference when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes. Root cause: empty attributes lead to a null dereference in MLIR/TFG import. Remediation per sources: fix landed in TensorFlow 2.10.0 and will be cherry-pic...