SUSE CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

SUSE CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

SUSE CVE-2021-37644

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

SUSE CVE-2021-41226

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included ...

SUSE CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

SUSE CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

SUSE CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

SUSE CVE-2022-23591

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

SUSE CVE-2022-36017

TensorFlow is an open source platform for machine learning. If Requantize is given inputmin, inputmax, requestedoutputmin, requestedoutputmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

GHSA-FRQP-WP83-QGGV Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

GHSA-66VQ-54FQ-6JVV Segfault in `tf.raw_ops.TensorListConcat`

Impact If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.TensorListConcat inputhandle=tf.data.experimental.tovarianttf.data.Dataset.fromtensorslices1, 2, 3,...

GHSA-JQ6X-99HJ-Q636 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

CVE-2022-41888

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included i...

CVE-2022-36014

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

CVE-2022-36003

TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

GHSA-FV43-93GV-VM8F TensorFlow vulnerable to null dereference on MLIR on empty function attributes

Impact When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. cpp // Import the function attributes with a tf. prefix to match the current // infrastructure expectations. for const auto& namedAttr : func.attr const std::string& name =...

GHSA-JJM6-4VF7-CJH4 Integer overflow in `SpaceToBatchND`

Impact The implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: python import tensorflow as tf input = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32 blockshape = tf.constant-1879048192, shape=2, dtype=tf.int64...

GHSA-C582-C96P-R5CQ Memory exhaustion in Tensorflow

Impact The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory: python import tensorflow as tf y = tf.rawops.ThreadPoolHandlenumthreads=0x60000000,displayname='tf' This is because the numthreads argument is only checked to not be...

GHSA-QJ5R-F9MV-RFFH `CHECK`-fails when building invalid tensor shapes in Tensorflow

Impact Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 CVE-2021-41197 and has similar fixes. Patches We have patched the reported issues in multiple GitHub commits. It is possible that other...

GHSA-9PX9-73FG-3FQP Null pointer dereference in Grappler's `IsConstant`

Impact Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same dereference in the second place: First, during...