BIT-TENSORFLOW-2021-37677 Missing validation in shape inference for `Dequantize` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

BIT-TENSORFLOW-2021-37679 Heap OOB in nested `tf.map_fn` with `RaggedTensor`s in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

BIT-TENSORFLOW-2021-37686 Infinite loop in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

BIT-TENSORFLOW-2021-37687 Heap OOB in TensorFlow Lite's `Gather*` implementations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

BIT-TENSORFLOW-2021-37689 Null pointer dereference in TensorFlow Lite MLIR optimizations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

BIT-TENSORFLOW-2021-37690 Use after free and segfault in shape inference functions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

BIT-TENSORFLOW-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

BIT-TENSORFLOW-2021-41195 Crash in `tf.math.segment_*` operations

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

BIT-TENSORFLOW-2021-41196 Crash in `max_pool3d` when size argument is 0 or negative

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

BIT-TENSORFLOW-2021-41197 Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

BIT-TENSORFLOW-2021-41198 Overflow/crash in `tf.tile` when tiling tensor is large

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

BIT-TENSORFLOW-2021-41199 Overflow/crash in `tf.image.resize` when size is large

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

BIT-TENSORFLOW-2021-41200 Incomplete validation in `tf.summary.create_file_writer`

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

BIT-TENSORFLOW-2021-41201 Unitialized access in `EinsumHelper::ParseEquation`

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

BIT-TENSORFLOW-2021-41202 Overflow/crash in `tf.range`

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

BIT-TENSORFLOW-2021-41203 Missing validation during checkpoint loading

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

BIT-TENSORFLOW-2021-41204 Segfault while copying constant resource tensor

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

BIT-TENSORFLOW-2021-41205 Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

BIT-TENSORFLOW-2021-41206 Incomplete validation of shapes in multiple TF ops

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

BIT-TENSORFLOW-2021-41207 Division by zero in `ParallelConcat`

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...