CVE-2021-41216

TensorFlow CVE-2021-41216 describes a heap buffer overflow in the shape inference for Transpose when perm contains negative elements. The shape inference function does not validate that perm indices are within range, leading to potential overflow. The fix is stated for TensorFlow 2.7.0, with cher...

CVE-2021-41213

TensorFlow vulnerability CVE-2021-41213 involves deadlock in mutually recursive tf.function objects caused by a non-reentrant Lock. Affected: TensorFlow releases with tf.function recursion support. Impact: potential denial of service by loading models containing mutually recursive tf.function fun...

CVE-2021-41218

CVE-2021-41218 affects TensorFlow: the AllToAll shape-inference code can perform a division by zero when split_count is 0. This is concrete in multiple sources (NVD entry and OSV listings) and tied to TF’s tensor shape inference path for AllToAll. The documented remediation is upgrading to Tensor...

CVE-2021-41206 Incomplete validation of shapes in multiple TF ops

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

CVE-2021-41206

CVE-2021-41206 is described across multiple connected sources as a TensorFlow issue where several TF ops fail to validate the shapes of tensor arguments, potentially causing undefined behavior, crashes (segfaults or CHECK failures), and heap-related reads/writes. The issue affects TensorFlow’s co...

CVE-2021-41208

CVE-2021-41208 involves TensorFlow boosted trees code with missing validation. The root cause is incomplete validation in boosted trees APIs, enabling a local attacker to trigger denial of service (via dereferencing null pointers or CHECK failures) and to cause undefined behavior (binding referen...

CVE-2021-41208 Incomplete validation in boosted trees code

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

CVE-2021-41207 Division by zero in `ParallelConcat`

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

CVE-2021-41207

TensorFlow ParallelConcat vulnerability (CVE-2021-41207) arises from insufficient input validation in the ParallelConcat implementation, which can lead to a division by zero in affected TensorFlow versions. The issue affects multiple releases and is slated to be fixed in TensorFlow 2.7.0; Sony ch...

CVE-2021-41202

The CVE-2021-41202 family describes an overflow in TensorFlow's tf.range kernel caused by a conditional int64 = condition ? int64 : double, where implicit C++ casting to double truncates the result. Affected are TF releases in the 2.4.x–2.7.x range (including 2.7.0 and cherry-picks to 2.6.1, 2.5....

CVE-2021-41202 Overflow/crash in `tf.range`

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

CVE-2021-41209 FPE in convolutions with zero size filters

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

CVE-2021-41223

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

CVE-2021-41224

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

CVE-2021-41217

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

CVE-2021-41217

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

CVE-2021-41224

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

CVE-2021-41215

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

CVE-2021-41226

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included ...