BIT-TENSORFLOW-2021-29584 CHECK-fail due to integer overflow

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

BIT-TENSORFLOW-2021-29587 Division by zero in TFLite's implementation of `SpaceToDepth`

TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...

BIT-TENSORFLOW-2021-29588 Division by zero in TFLite's implementation of `TransposeConv`

TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that strideh,w values are 0. Code calling this function must validate these...

BIT-TENSORFLOW-2021-29589 Division by zero in TFLite's implementation of `GatherNd`

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29592 Null pointer dereference in TFLite's `Reshape` operator

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

BIT-TENSORFLOW-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29595 Division by zero in TFLite's implementation of `DepthToSpace`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29598 Division by zero in TFLite's implementation of `SVDF`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

BIT-TENSORFLOW-2021-29599 Division by zero in TFLite's implementation of `Split`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

BIT-TENSORFLOW-2021-29601 Integer overflow in TFLite concatentation

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

BIT-TENSORFLOW-2021-29603 Heap OOB write in TFLite

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

BIT-TENSORFLOW-2021-29605 Integer overflow in TFLite memory allocation

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

BIT-TENSORFLOW-2021-29607 Incomplete validation in `SparseSparseMinimum`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

BIT-TENSORFLOW-2021-29610 Invalid validation in `QuantizeAndDequantizeV2`

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

BIT-TENSORFLOW-2021-29611 Incomplete validation in `SparseReshape`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

BIT-TENSORFLOW-2021-29612 Heap buffer overflow in `BandedTriangularSolve`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

BIT-TENSORFLOW-2021-29613 Incomplete validation in `tf.raw_ops.CTCLoss`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

BIT-TENSORFLOW-2021-29614 Interpreter crash from `tf.io.decode_raw`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

BIT-TENSORFLOW-2021-29617 Crash in `tf.strings.substr` due to `CHECK`-fail

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

BIT-TENSORFLOW-2021-29618 Crash in `tf.transpose` with complex inputs

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...