CVE-2022-23589

CVE-2022-23589 affects the Grappler component of TensorFlow. The vulnerability is a null pointer dereference that can occur during constant folding when SavedModel nodes are missing, and similarly in IsIdentityConsumingSwitch. The fix is in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and...

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

CVE-2022-23586

TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...

CVE-2022-23583

TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

CVE-2022-23582

CVE-2022-23582 affects TensorFlow: a malicious SavedModel can trigger a denial of service via TensorByteSize CHECK failures caused by shape handling in TensorShape/PartialTensorShape (shape partials or large element counts). Root cause is TensorShape throwing on partial/large shapes; PartialTenso...

CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

CVE-2022-23584

TensorFlow PNG decoding contains a use-after-free in png::CommonFreeDecode(&decode) where, after the call, decode.width and decode.height are in an unspecified state. This TF vulnerability (CVE-2022-23584) affects the TensorFlow PNG decode path and can lead to memory corruption or crashes when de...

CVE-2022-23584 Use after free in `DecodePng` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

CVE-2022-23587

CVE-2022-23587 concerns TensorFlow, specifically the Grappler cost-estimator path. The vulnerability is an integer overflow in the cost estimation for crop and resize within Grappler, triggered by user-controlled cropping parameters, which can lead to undefined behavior. The patch is committed (c...

CVE-2022-23592

CVE-2022-23592 : TensorFlow’s type inference can trigger a heap out-of-bounds read when input_idx controls ix, risking access beyond node_t.args. This occurs because bounds checks run via DCHECK (no-op in production). The issue affects the TensorFlow release line noted as the only affected versio...

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

CVE-2022-23595

TensorFlow (CVE-2022-23595) is a vulnerability caused by a null pointer dereference when building the XLA compilation cache under default settings, where flr->config_proto may be nullptr. The issue affects TensorFlow releases up to 2.8.0, with cherry-picks planned for 2.7.1, 2.6.3, and 2.5.3. ...

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

CVE-2022-23590

CVE-2022-23590 affects TensorFlow. A maliciously altered GraphDef from a SavedModel can trigger a crash by calling ValueOrDie on an error StatusOr, crashing the TensorFlow process. Patches exist in GitHub commits and will be included in TensorFlow 2.8.0 and 2.7.1; remediation in practice is to up...

CVE-2022-23591 Stack overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

CVE-2022-23591

TensorFlow’s GraphDef format allows self-recursive functions, which can cause a stack overflow when loading a SavedModel. Multiple sources (CVE-2022-23591 and related OSV/GHSA entries) describe the underlying issue as a self-recursive function in GraphDef leading to unbounded resolution of NodeDe...

CVE-2022-23593

TensorFlow CVE-2022-23593 affects the MLIR-TFRT simplifyBroadcast path. When shapes are scalar, maxRank becomes 0 and an empty SmallVector is built, leading to a segfault (denial of service). The fix is planned for TensorFlow 2.8.0; upgrading to that version (or newer) is the remediation if appli...

CVE-2022-23593 Segfault in `simplifyBroadcast` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...