CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...

CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...

CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

CVE-2022-29212

TensorFlow vulnerability CVE-2022-29212 affects TFLite model loading due to quantization scale handling. During quantization, values can have a scale > 1, but code assumed sub-unit scaling; this triggers a TFLITE_CHECK_LT assertion when QuantizeMultiplierSmallerThanOneExp is used, causing a cr...

CVE-2022-29212 Core dump when loading TFLite models with quantization in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...

Design/Logic Flaw

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

Stack overflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29201 Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-29201 Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-29201

TensorFlow CVE-2022-29201 concerns a missing input validation in tf.raw_ops.QuantizedConv2D that can bind references to nullptr when arguments are empty. Affected versions include 2.6.4, 2.7.2, 2.8.1, and 2.9.0. Patches exist in 2.9.0 and are cherrypicked to the older supported branches (2.8.1, 2...

CVE-2022-29202

TensorFlow tf.ragged.constant contains a lack of input validation that can lead to denial of service via memory exhaustion. Affected products/versions include TensorFlow prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue was patched in 2.9.0 and back-ported to the earlier supported branches (2.8....

CVE-2022-29202 Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29203 Integer overflow in `SpaceToBatchND` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...

CVE-2022-29203

CVE-2022-29203 describes an integer overflow in TensorFlow’s tf.raw_ops.SpaceToBatchND across backends (XLA and handwritten kernels) that can cause a denial of service via a CHECK failure when allocating the output tensor. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The documen...

CVE-2022-29204

TensorFlow CVE-2022-29204 affects the tf.raw_ops.UnsortedSegmentJoin implementation in multiple pre-2.9.0 releases (2.9.0, 2.8.1, 2.7.2, 2.6.4). The issue arises from incomplete validation of input arguments, specifically num_segments, which is treated as a positive scalar and used to allocate th...