Stack overflow

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-36016 `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow

TensorFlow is an open source platform for machine learning. When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. We have patched the issue in GitHub commit...

CVE-2022-36016 `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow

TensorFlow is an open source platform for machine learning. When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. We have patched the issue in GitHub commit...

CVE-2022-36016

TensorFlow CVE-2022-36016: A CHECK failure in tensorflow::full_type::SubstituteFromAttrs triggers when FullTypeDef& t has not exactly three args. This can cause a denial-of-service-like impact via a crash. A patch is committed (6104f0d4091c260ce9352f9155f7e9b725eab012) and will be included in Ten...

CVE-2022-36005 `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-36005

TensorFlow vulnerability CVE-2022-36005: a CHECK failure in tf.quantization.fake_quant_with_min_max_vars_gradient when min or max inputs are non-scalar can trigger a denial of service. A patch is committed (f3cf67ac5705f4f04721d15e485e192bb319feed) and will be included in TensorFlow 2.10.0; the f...

CVE-2022-36005 `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-36004

CVE-2022-36004 affects TensorFlow. When using tf.random.gamma with large input shapes and rates, a CHECK failure can cause a denial of service. The issue was patched in commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3 and the fix will be included in TensorFlow 2.10.0; it will be cherry-picked to T...

CVE-2022-36004 `CHECK` fail in `tf.random.gamma` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

CVE-2022-36002

CVE-2022-36002 affects TensorFlow: Unbatch can trigger a denial of service when given a nonscalar id input, due to a CHECK failure. The issue has been patched in commit 4419d10d576adefa36b0e0a9425d2569f7c0189f and will be included in TensorFlow 2.10.0; affected releases will also receive a cherry...

CVE-2022-36002 `CHECK` fail in `Unbatch` in TensorFlow

TensorFlow is an open source platform for machine learning. When Unbatch receives a nonscalar input id, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow...

CVE-2022-36026

TensorFlow vulnerability CVE-2022-36026: A non-scalar num_bits input to QuantizeAndDequantizeV3 triggers a CHECK failure, enabling denial of service. The issue is fixed in commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713 and the fix will be in TensorFlow 2.10.0; cherry-picks are planned for 2.9.1,...

CVE-2022-36018

TensorFlow CVE-2022-36018 describes a denial-of-service risk in RaggedTensorToVariant when rt_nested_splits contains tensors with ranks other than one. The issue triggers a CHECK failure that can be exploited remotely to disrupt service. A fix was committed (88f93dfe691563baa4ae1e80ccde2d5c7a1438...

CVE-2022-36019

CVE-2022-36019 affects TensorFlow: a CHECK failure in FakeQuantWithMinMaxVarsPerChannel when min/max tensors are not rank-1 can trigger a denial of service. Patched in commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0; fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1, and 2.7.2. ...

CVE-2022-35990

TensorFlow vulnerability CVE-2022-35990 affects the tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient function. When input min or max tensors have rank other than 1, a CHECK failure can trigger a denial of service. The issue has been patched in commit f3cf67ac5705f4f04721d15e485e1...

CVE-2022-35990 `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35986

TensorFlow vulnerability CVE-2022-35986 affects RaggedBincount: if an empty input tensor for splits is provided, a segfault can trigger a denial of service. The issue is fixed via GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8, with the fix slated for TensorFlow 2.10.0 and cherry-picked b...

CVE-2022-35984 `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35989

CVE-2022-35989 affects TensorFlow, where MaxPool on GPU can trigger a denial of service when a ksize window is larger than the input tensor. Root cause: a GPU kernel CHECK failure in MaxPool. Mitigation/fix: patch committed (32d7bd3defd134f21a4e344c8dfd40099aaf6b18); fix to be included in TensorF...

CVE-2022-35988

TensorFlow CVE-2022-35988 is a denial-of-service issue triggered when tf.linalg.matrix_rank receives an empty input; the GPU kernel can fail with a CHECK error. A patch was committed (c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a) and the fix is slated for TensorFlow 2.10.0, with cherry-picks to 2.9.1...