Google TensorFlow Numeric Error Vulnerability (CNVD-2021-88254)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow versions prior to 2.7.0 suffer from a numeric error vulnerability that stems from the fact that TensorFlow's ParallelConcat loses some input validation and produces a divide by...

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92550)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from an overflow problem in TensorFlow when calculating the output size in the tf.range kernel. No detail...

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92553)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a security vulnerability that stems from an implementation of SplitV that can trigger a segment error, and no details of the vulnerability are currently available...

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92554)

A security vulnerability in Google TensorFlow, an end-to-end open source platform for machine learning from Google, stems from the use of uninitialized variables in the Grappler optimizer. If the trainnodes vector obtained from the saved optimization model does not contain Dequeue nodes, then...

Google TensorFlow resource management error vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow, which stems from the fact that when two tf.function-modified Python functions recurse on each other, the code behind the tf.functio...

Google TensorFlow heap allocation array out-of-bounds read vulnerability (CNVD-2021-85885)

Google TensorFlow is an end-to-end open source machine learning platform. An out-of-bounds read vulnerability exists in the shape inference code of tf.ragged.cross in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No details of the vulnerability are currently available...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-85888)

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a null pointer dereference in the shape inference code of DeserializeSparse in versions of TensorFlow prior to 2.7.0. The vulnerability stems from the shape inference function assuming that the serializespars...

Google TensorFlow heap allocation array out-of-bounds read vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. an out-of-bounds read vulnerability exists in the shape inference function of the QuantizeAndDequantizeV operation in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No detailed vulnerability details are...

Google TensorFlow heap allocation array out-of-bounds read vulnerability (CNVD-2021-85884)

Google TensorFlow is an end-to-end open source machine learning platform. an out-of-bounds read vulnerability exists in the shape inference function of SparseCountSparseOutput in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No detailed vulnerability details are currently availab...

Google TensorFlow heap out-of-bounds access vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. a heap out-of-bounds access vulnerability exists in the implementation of the FusedBatchNorm kernel in versions prior to TensorFlow 2.7.0. No details of the vulnerability are currently available...

Google TensorFlow Heap Out-of-Bounds Access Vulnerability (CNVD-2021-85882)

Google TensorFlow is an end-to-end open source machine learning platform. a heap out-of-bounds access vulnerability exists in the SparseFillEmptyRows implementation in versions prior to TensorFlow 2.7.0. No details of the vulnerability are currently available...

Google TensorFlow Heap Out-of-Bounds Access Vulnerability (CNVD-2021-85883)

Google TensorFlow, an end-to-end open source machine learning platform, suffers from a heap out-of-bounds access vulnerability in the SparseBinCount implementation in versions prior to TensorFlow 2.7.0. The vulnerability stems from missing validation between the elements of the values parameter a...

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

CVE-2021-41225

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

CVE-2021-41221

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

CVE-2021-41213

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

CVE-2021-41220

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...