CVE-2021-37636

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-37642

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

PYSEC-2021-573

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

PYSEC-2021-555

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

PYSEC-2021-549

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

PYSEC-2021-566

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

CVE-2021-37649

CVE-2021-37649 describes a null pointer dereference in tf.raw_ops.UncompressElement within TensorFlow. The issue arises when a Variant tensor does not actually contain a CompressedElement, leading to a nullptr dereference during decompression. A patch has been applied in GitHub commit 7bdf50bb4f5...

CVE-2021-37649 Null pointer dereference in `UncompressElement` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

CVE-2021-37647 Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

CVE-2021-37647

CVE-2021-37647 describes a null pointer dereference in TensorFlow’s tf.raw_ops.SparseTensorSliceDataset when creating an empty sparse tensor with mismatched indices/values. The description specifies that validation exists but can dereference a null pointer if indices are empty, leading to a crash...

CVE-2021-37643 Null pointer dereference in `MatrixDiagPartOp` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

CVE-2021-37643

CVE-2021-37643 affects TensorFlow’s MatrixDiagPartOp. The issue arises when a user does not supply a valid padding value, causing a NULL pointer dereference (if input is empty) or invalid behavior that ignores subsequent values. The root cause is reading the first value from a tensor buffer witho...

CVE-2021-37639 Null pointer dereference and heap OOB read in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...

CVE-2021-37639

TensorFlow has a local, impactful vulnerability CVE-2021-37639 where restoring tensors via raw APIs can dereference a null pointer or read outside the heap bounds when tensor_name is not provided. The root cause is reading the tensor list from user-controlled input without validating its length, ...

CVE-2021-37638 Null pointer dereference in `RaggedTensorToTensor` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

CVE-2021-37638

CVE-2021-37638 : TensorFlow vulnerable to a NULL pointer dereference in the RaggedTensorToTensor path caused by sending an empty row_partition_types list. The issue stems from accessing the first element of a user-supplied list without validating non-emptiness. A patch was applied in GitHub commi...

CVE-2021-37660 Division by 0 in inplace operations in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

CVE-2021-37660

CVE-2021-37660 describes a division-by-zero flaw in TensorFlow’s inplace operations due to a logic error in inplace_ops.cc. The faulty condition uses || instead of &&, allowing a floating-point exception when crafted inputs are provided. The issue has been patched in the GitHub commit e86605c0a33...

CVE-2021-37653

TensorFlow Cortex: CVE-2021-37653 affects TensorFlow’s tf.raw_ops.ResourceGather. The issue stems from computing batch_size and dividing by it without validating 0, causing a local crash (denial of service). A patch exists in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11 and should be in...