CVE-2021-41197

CVE-2021-41197 concerns TensorFlow where treating large tensor shapes can overflow int64, causing a CHECK-failure abort during shape construction (notably in operations like tf.math.segment_, SparseCwise , and depthwise-related paths). The issue is addressed by upstream fixes, with the primary pa...

CVE-2021-41198

CVE-2021-41198 affects TensorFlow where calling tf.tile with very large inputs can trigger a CHECK failure due to int64 overflow, crashing the process. The issue is rooted in the tile operation’s handling of output size and overflow detection. Remediation is available: TensorFlow 2.7.0 includes t...

CVE-2021-41198 Overflow/crash in `tf.tile` when tiling tensor is large

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

CVE-2021-41199

CVE-2021-41199 refers to an overflow crash in TensorFlow’s tf.image.resize when the output size is very large. Affected TF versions up to 2.7.0 (and cherry-picks for 2.6.1, 2.5.2, 2.4.4) abort the process via a CHECK failure due to int64 overflow while computing the output tensor size. Connected ...

CVE-2021-41196

CVE-2021-41196 affects TensorFlow (Keras pooling layers). In affected builds, pooling operations can segfault when pool size is 0 or a dimension is negative because values in the sliding window are not checked to be strictly positive. The issue is tied to TensorFlow’s pooling implementation, with...

CVE-2021-41195

TensorFlow CVE-2021-41195 affects tf.math.segment_* implementations; large segment_ids can trigger a CHECK failure and abort due to int64 overflow when computing output shapes. Vulnerable CPU/GPU paths use AddDim, with AddDimWithStatus needed to prevent overflow. The fix is planned for TensorFlow...

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

CVE-2021-41127

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

PYSEC-2021-381

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

CVE-2021-41127

CVE-2021-41127 affects Rasa open source framework. A vulnerability exists in the model-loading path for trained archives (model.tar.gz) that can be crafted to overwrite or replace bot files in the bot directory. Root cause: arbitrary file write via crafted model archives during load. Impact per s...

Using Machine Learning to Guess PINs from Video

Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and...

Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in Spring Framework version used by IBM Watson Machine Learning Accelerator. Spring framework upgrade to version 5.2.15 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Sprin...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09855)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the inability of the ""tf.rawops.RaggedGather"" parameter in the software to determine a valid ragged tensor code,...

SharpML - Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...

Monitoring Our Hay Storage with Edge Connect and Machine Learning

What do hay storage, Akamai’s Edge Connect solution, and machine learning have in common? We use the serverless machine learning system to keep our hay storage safe and secure...

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

After more than 20 years of underwhelming results, security leaders have accepted their intrusion detection system IDS programs as no more than a compliance checkoff. It’s no secret that IDS’s reliance on bi-modal signatures is brittle, easily evaded and often referred to as an “alert cannon.” Ti...

Security Bulletin: A vulnerability in Bouncy Castle affect IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in the Bouncy Castle version used by IBM Watson Machine Learning Accelerator. Bouncy Castle upgrade to version 1.69 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2020-15522 DESCRIPTION: Bouncy Castle BC Java,...

Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29538 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by division by zero in Conv2DBackpropFilter. By sending a specially-crafted request, a...

Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-33194)

Summary Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-33194 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop in...

Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-31525)

Summary Golang Go is vulnerable to a denial of service, caused by a flaw in net/http on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header ...