3086 matches found
CVE-2022-36011 Null dereference on MLIR on empty function attributes in TensorFlow
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in...
CVE-2022-36013
TensorFlow CVE-2022-36013 describes a null-dereference crash in mlir::tfg::GraphDefImporter::ConvertNodeDef when converting NodeDefs without an op name. A fix is present in commit a0f0b9a21c9270930457095092f558fbad4c03e5 and will be included in TensorFlow 2.10.0; the patch will also beCherry-pick...
CVE-2022-35994
CVE-2022-35994 is a denial-of-service issue in TensorFlow’s CollectiveGather when given a scalar input. Root cause: a CHECK failure in CollectiveGather. A patch was committed (c1f491817dec39a26be3c574e86a88c30f3c4770) and will be included in TensorFlow 2.10.0; the fix will also be cherry-picked t...
CVE-2022-35992 `CHECK` fail in `TensorListFromTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
CVE-2022-35992
TensorFlow’s CVE-2022-35992 affects TensorListFromTensor when element_shape has rank > 1, triggering a CHECK failure that can lead to denial of service. The issue is addressed by GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee and will be fixed in TensorFlow 2.10.0; Red Hat and IBM advi...
CVE-2022-35991
TensorFlow CVE-2022-35991 affects TensorListScatter and TensorListScatterV2 when element_shape has rank greater than one, triggering a CHECK failure that can lead to a denial of service. The issue is documented in OSV entries (BIT-TENSORFLOW-2022-35991) and related advisories, which confirm a pat...
CVE-2022-35998
CVE-2022-35998 affects TensorFlow. When EmptyTensorList receives an input element_shape with more than one dimension, a CHECK failure can be triggered, potentially enabling a denial of service. The issue is fixed in commit c8ba76d48567aed347508e0552a257641931024d and will be included in TensorFlo...
CVE-2022-35997
TensorFlow CVE-2022-35997 affects tf.sparse.cross where an input separator that is not a scalar triggers a CHECK failure, enabling a denial-of-service condition. The issue is mitigated by patch commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf, with the fix slated for TensorFlow 2.10.0 and cherry-p...
CVE-2022-35995
CVE-2022-35995 affects TensorFlow. The issue occurs in the AudioSummaryV2 path when an input sample_rate has more than one element, causing a CHECK failure that can be used to trigger a denial of service. A fix is implemented in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f and will be i...
CVE-2022-35983
TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...
CVE-2022-35988
TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...
CVE-2022-35982
TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-35989
TensorFlow is an open source platform for machine learning. When MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub comm...
CVE-2022-35986
TensorFlow is an open source platform for machine learning. If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will b...
CVE-2022-35990
TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
Stack overflow
TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...
Stack overflow
TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
Stack overflow
TensorFlow is an open source platform for machine learning. If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
Stack overflow
TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
Stack overflow
TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...