CVE-2021-37690 Use after free and segfault in shape inference functions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

CVE-2021-37690

CVE-2021-37690 concerns a denial-of-service/segfault risk in TensorFlow’s shape inference, arising when shape information in a ShapeAndType struct is accessed after an inference context is cleaned up. The core issue was that shapes and types were not cloned under ownership like other outputs, lea...

CVE-2021-37678

CVE-2021-37678 affects TensorFlow (and Keras) where deserializing a Keras model from YAML can lead to arbitrary code execution due to use of yaml.unsafe_load. The issue is fixed in TensorFlow 2.6.0 and will be cherry-picked to 2.5.1, 2.4.3, and 2.3.4; patch deployment in affected releases is expe...

CVE-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692

CVE-2021-37692 affects TensorFlow and centers on a segfault in string tensor deallocation during garbage collection when the encoding of a string tensor fails (e.g., mismatched dimensions). The root cause is an assumption that encoding succeeded, leading to use of the finalizer of the tensor with...

CVE-2021-37673

TensorFlow maps-stage DoS (CVE-2021-37673). The issue arises from tf.raw_ops.MapStage not validating non-empty key tensors, enabling a local attacker to trigger a denial-of-service via a CHECK-fail. Patches were committed and the fix is expected in TensorFlow 2.6.0, with backports to 2.5.1, 2.4.3...

CVE-2021-37663

CVE-2021-37663 arises from incomplete validation in tf.raw_ops.QuantizeV2 in TensorFlow. Affected: TensorFlow versions before 2.6.0 (patch committed 6da6620...). The issue can trigger undefined behavior via binding a null pointer or out-of-bounds access; if axis is provided, min_range/max_range l...

CVE-2021-37682 Use of unitialized value in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

CVE-2021-37682

CVE-2021-37682 concerns TensorFlow/TFLite quantization paths where quantization.params may be used without validating quantization.type, allowing potential use of uninitialized values in affected TFLite operations. Connected sources confirm the root cause (missing checks in depthwise conv quantiz...

CVE-2021-37674 Incomplete validation in `MaxPoolGrad` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

CVE-2021-37674

Summary (CVE-2021-37674) TensorFlow’s tf.raw_ops.MaxPoolGrad had insufficient validation for orig_input/orig_output, enabling a local attacker to trigger a denial-of-service via a segmentation fault. The issue is tied to CVE-2021-29579 and is addressed by patch 136b51f10903e044308cf77117c0ed98713...

CVE-2021-37665 Incomplete validation in MKL requantization in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

CVE-2021-37665

CVE-2021-37665 : TensorFlow vulnerable due to incomplete validation in MKL requantization (range per-channel and per-channel ops). The root cause is insufficient validation of input dimensions/arguments, allowing undefined behavior (binding a null pointer, heap out-of-bounds access). A patch was ...

CVE-2021-37677

CVE-2021-37677 describes a vulnerability in TensorFlow where the shape inference for tf.raw_ops.Dequantize can segfault and cause a denial of service if invalid arguments are provided. The root cause is missing validation of the axis value used to compute minmax_rank in the shape inference code. ...

CVE-2021-37677 Missing validation in shape inference for `Dequantize` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

CVE-2021-37683 Division by zero in TensorFlow Lite division operations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

CVE-2021-37683

TensorFlow (TFLite division) vulnerability (CVE-2021-37683): In affected builds, division in TFLite can produce a division-by-zero error because there is no check that the divisor tensor contains zero. The issue was addressed in commit 1e206baedf8bef0334cca3eb92bab134ef525a28 and the fix is plann...

CVE-2021-37684 Division by zero in TensorFlow Lite pooling operations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

CVE-2021-37668

CVE-2021-37668 affects TensorFlow, specifically the tf.raw_ops.UnravelIndex path. The vulnerability arises when dims is empty and an element of dims is 0, leading to an division-by-zero in the implementation and enabling a denial-of-service in model-serving applications. The issue was patched in ...

CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...