3086 matches found
CVE-2021-37662
CVE-2021-37662 stems from a TensorFlow vulnerability where a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and BoostedTreesCalculateBestFeatureSplitV2 may trigger undefined behavior due to input not being validated in stats_ops.cc. GitHub patches 9c87c32c7... and 429f00...
CVE-2021-37656
TensorFlow CVE-2021-37656 affects RaggedTensorToSparse, caused by incomplete validation of splits values which can bind a reference to a null pointer, leading to undefined behavior. The issue is addressed by a patch in the cited commit and will be included in TensorFlow 2.6.0, with backports to 2...
CVE-2021-37657
TensorFlow CVE-2021-37657 affects MatrixDiagV* operations where the implementation fails to validate the number of elements in k (tensor), allowing undefined behavior from a null pointer dereference. The issue is fixed in commit f2a673bd34f0d64b8e40a551ac78989d16daad09 and will be included in Ten...
CVE-2021-37657 Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...
CVE-2021-37658
CVE-2021-37658 affects TensorFlow and is tied to a null-pointer binding issue in tf.raw_ops.MatrixSetDiagV* due to incomplete validation of the tensor k. The vulnerability allows undefined behavior when an empty tensor is passed for k, as code accesses the first element without proper checks. The...
CVE-2021-37658 Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...
CVE-2021-37644
TensorFlow CVE-2021-37644 involves a local issue where providing a negative value in the num_elements argument to tf.raw_ops.TensorListReserve triggers a runtime abort when std::vector.resize is called with an invalid size. The vulnerability details are supported by a GitHub advisory describing t...
CVE-2021-37654
CVE-2021-37654 (TensorFlow) is tied to a Heap OOB read and a CHECK-fail in tf.raw_ops.ResourceGather when batch_dims can exceed the input rank. The issue stems from not validating batch_dims, causing out-of-bounds reads via multiple loops over tensor dimensions. A patch was committed (bc9c546ce70...
CVE-2021-37641
No public technical details are provided in the supplied documents; monitor for updates.
CVE-2021-37635
CVE-2021-37635 affects TensorFlow: heap out-of-bounds access in sparse reduction operations due to missing validation of reduction groups/indices. Patch committed (87158f43f05f2720a374f3e6d22a7aaa3a33f750) and fixes planned for TensorFlow 2.6.0, with cherry-picks for 2.5.1, 2.4.3, and 2.3.4. Publ...
CVE-2021-37635 Heap out of bounds access in sparse reduction operations in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...
CVE-2021-37664
TensorFlow vulnerability CVE-2021-37664: a heap out-of-bounds read can be triggered in BoostedTreesSparseCalculateBestFeatureSplit by sending illegal values to stats_summary_indices. The issue stems from insufficient validation in the boosted trees code path. A patch was committed (e84c9753...) a...
CVE-2021-37664 Heap OOB in boosted trees in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...
CVE-2021-37659
Summary: CVE-2021-37659 affects TensorFlow. Affected: TensorFlow’s cwise operations may bind a reference to null pointer, causing heap out-of-bounds reads and undefined behavior when inputs have mismatched element counts. The issue is documented with a GitHub patch (commit 93f428fd1768df147171ed6...
CVE-2021-37655
CVE-2021-37655 describes a heap-based read out of bounds in TensorFlow caused by incomplete validation when updating a resource with tf.raw_ops.ResourceScatterUpdate. The issue stems from validating the relationship between the shapes of indices and updates (only divisibility checked instead of p...
CVE-2021-37649
TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...
CVE-2021-37649
TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...
CVE-2021-37647
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...
CVE-2021-37637
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...
CVE-2021-37638
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...