256 matches found
SUSE CVE-2021-37675
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...
SUSE CVE-2021-37677
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...
SUSE CVE-2021-41205
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...
SUSE CVE-2021-41211
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...
SUSE CVE-2021-41210
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...
SUSE CVE-2021-41212
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
SUSE CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
SUSE CVE-2021-41215
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...
SUSE CVE-2021-41221
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...
SUSE CVE-2022-21727
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...
SUSE CVE-2022-21731
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...
SUSE CVE-2022-23572
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
SUSE CVE-2022-23580
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
Google TensorFlow buffer overflow vulnerability (CNVD-2022-11507)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability, which stems from the implementation of ReverseSequence's shape inference does not fully validate the value of batch dim, and an attacker can...
Type confusion leading to segfault in Tensorflow
Impact The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion: python import tensorflow as tf @tf.function def test: y = tf.rawops.ConcatV2 values=1,2,3,4,5,6, axis = 0xb500005b return y test The axis argument...
GHSA-M4HF-J54P-P353 Type confusion leading to segfault in Tensorflow
Impact The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion: python import tensorflow as tf @tf.function def test: y = tf.rawops.ConcatV2 values=1,2,3,4,5,6, axis = 0xb500005b return y test The axis argument...
GHSA-5QW5-89MW-WCG2 Out of bounds write in Tensorflow
Impact TensorFlow is vulnerable to a heap OOB write in Grappler: cc Status SetUnknownShapeconst NodeDef node, int outputport shapeinference::ShapeHandle shape = GetUnknownOutputShapenode, outputport; InferenceContext ctx = GetContextnode; if ctx == nullptr return errors::InvalidArgument"Missing...
Crash when type cannot be specialized in Tensorflow
Impact Under certain scenarios, TensorFlow can fail to specialize a type during shape inference: cc void InferenceContext::PreInputInit const OpDef& opdef, const std::vector& inputtensors, const std::vector& inputtensorsasshapes const auto ret = fulltype::SpecializeTypeattrs, opdef;...
GHSA-RWW7-2GPW-FV6J Crash when type cannot be specialized in Tensorflow
Impact Under certain scenarios, TensorFlow can fail to specialize a type during shape inference: cc void InferenceContext::PreInputInit const OpDef& opdef, const std::vector& inputtensors, const std::vector& inputtensorsasshapes const auto ret = fulltype::SpecializeTypeattrs, opdef;...
GHSA-6GMV-PJP9-P8W8 Out of bounds read in Tensorflow
Impact The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read: python import tensorflow as tf @tf.function def test: y = tf.rawops.ReverseSequence input = 'aaa','bbb', seqlengths = 1,1,1, seqdim = -10, batchdim = -...