BIT-TENSORFLOW-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

BIT-TENSORFLOW-2021-29538 Division by zero in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

BIT-TENSORFLOW-2021-29539 Segfault in tf.raw_ops.ImmutableConst

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...

BIT-TENSORFLOW-2021-29540 Heap buffer overflow in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

BIT-TENSORFLOW-2021-29541 Null pointer dereference in `StringNGrams`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

BIT-TENSORFLOW-2021-29543 CHECK-fail in `CTCGreedyDecoder`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

BIT-TENSORFLOW-2021-29544 CHECK-fail in `QuantizeAndDequantizeV4Grad`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...

BIT-TENSORFLOW-2021-29545 Heap buffer overflow in `SparseTensorToCSRSparseMatrix`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

BIT-TENSORFLOW-2021-29546 Division by 0 in `QuantizedBiasAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

BIT-TENSORFLOW-2021-29547 Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

BIT-TENSORFLOW-2021-29548 Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

BIT-TENSORFLOW-2021-29549 Division by 0 in `QuantizedAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

BIT-TENSORFLOW-2021-29551 OOB read in `MatrixTriangularSolve`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolvehttps://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrixtriangularsolveopimpl.hL160-L240 fails to terminate kernel...

BIT-TENSORFLOW-2021-29552 CHECK-failure in `UnsortedSegmentJoin`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...

BIT-TENSORFLOW-2021-29553 Heap OOB in `QuantizeAndDequantizeV3`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

BIT-TENSORFLOW-2021-29555 Division by 0 in `FusedBatchNorm`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...

BIT-TENSORFLOW-2021-29556 Division by 0 in `Reverse`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...

BIT-TENSORFLOW-2021-29557 Division by 0 in `SparseMatMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

BIT-TENSORFLOW-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

BIT-TENSORFLOW-2021-29559 Heap OOB access in unicode ops

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...