3086 matches found
CVE-2022-23563
TensorFlow (CVE-2022-23563) describes a TOCTOU race caused by tempfile.mktemp usage, where a temporary file could be created by another process between the check and the actual creation. Several connected sources confirm this insecure temporary-file pattern and note that the fix replaces mktemp w...
CVE-2022-23559
TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...
CVE-2022-23560
CVE-2022-23560 affects TensorFlow/TFLite: a vulnerability in converting sparse tensors to dense tensors allows limited reads/writes outside array bounds due to missing validation in sparsity_format_converter. The issue is addressed with the TensorFlow 2.8.0 fix, with cherry-picks to 2.7.1, 2.6.3,...
CVE-2022-23574
CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...
CVE-2022-23571
CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....
CVE-2022-23566
CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...
CVE-2022-23566 Out of bounds write in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-23566 Out of bounds write in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-23577
CVE-2022-23577 : TensorFlow contains a null-pointer dereference in GetInitOp that can crash. The issue is documented with a fix in TensorFlow 2.8.0 and cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected lines and patch are described in linked advisories (GitHub commit 4f38b1ac…, security advisorie...
CVE-2022-23578
TensorFlow vulnerability CVE-2022-23578 describes a memory leak: if a graph node is invalid, ImmutableExecutorState::Initialize can leak the previously allocated memory when item->kernel is reset to nullptr. The issue affects TensorFlow; the fix is planned for TensorFlow 2.8.0, with cherry-pic...
CVE-2022-23572 Crash when type cannot be specialized in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2022-23572
TensorFlow CVE-2022-23572 concerns a crash/denial of service caused by failure to specialize a type during shape inference. Root cause: DCHECK(ret.status()) is a no-op in production and asserts in debug builds, allowing execution to proceed to ValueOrDie with an error Status, causing an assertion...
CVE-2022-23573 Uninitialized variable access in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
CVE-2022-23573
TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
CVE-2022-23580
Summary: CVE-2022-23580 affects TensorFlow; during shape inference, TensorFlow may allocate a very large vector based on a user-controlled tensor value. This can lead to resource exhaustion. The issue has a fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected support...
CVE-2022-23581
CVE-2022-23581 concerns the Grappler optimizer in TensorFlow. The vulnerability arises when a SavedModel is altered in a way that triggers a CHECK failure in IsSimplifiableReshape, enabling a denial of service. Technical details in the connected documents specify the affected component as the Gra...
CVE-2022-23576 Integer overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...
CVE-2022-23588
CVE-2022-23588 affects TensorFlow: a malicious SavedModel can trigger Grappler optimizer to build a tensor using a reference dtype, causing a crash via a CHECK-fail in the Tensor constructor. The issue is fixed in TensorFlow 2.8.0; commits are cherry-picked to 2.7.1, 2.6.3, and 2.5.3 for affected...