GHSA-XXCJ-RHQG-M46G Segfault via invalid attributes in `pywrap_tfe_src.cc`

Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...

CVE-2022-41899 `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow

TensorFlow is an open source platform for machine learning. Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

GHSA-X989-Q2PQ-4Q5X TensorFlow vulnerable to Int overflow in `RaggedRangeOp`

Impact The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program. python...

CVE-2022-36018 `CHECK` fail in `RaggedTensorToVariant` in TensorFlow

TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

OPENSUSE-SU-2022:10014-1 Security update for tensorflow2

This update for tensorflow fixes the following issues: Update to TF2 2.6.0 which fixes multiple CVEs boo1189423. - Introduction of bazel6.3 and basel-skylib1.0.3 as build dependencies. The latter has been adapted to all a version in its package name if %setversuffix is set to 1. This allows...

GHSA-HRG5-737C-2P56 Missing validation causes denial of service via `UnsortedSegmentJoin`

Impact The implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.UnsortedSegmentJoin inputs=tf.constant"this", shape=12,...

GHSA-H5G4-PPWX-48Q2 Missing validation causes denial of service via `DeleteSessionTensor`

Impact The implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

GHSA-H2WQ-PRV9-2F56 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

GHSA-8CXV-76P7-JXWR Null-dereference in Tensorflow

Impact The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer: cc const auto& initopsigit = metagraphdef.signaturedef.findkSavedModelInitOpSignatureKey; if initopsigit != sigdefmap.end initopname = initopsigit-second.outputs...

GHSA-24X4-6QMH-88QG Use after free in `DecodePng` kernel

Impact A malicious user can cause a use after free behavior when decoding PNG images: cc if / ... error conditions ... / png::CommonFreeDecode&decode; OPREQUIREScontext, false, errors::InvalidArgument"PNG size too large for int: ", decode.width, " by ", decode.height; After...

GHSA-WC4G-R73W-X8MM Insecure temporary file in Tensorflow

Impact In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in mktemp and the actual creation of the file by a...

CVE-2022-23560 Read and Write outside of bounds in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a security vulnerability that could be exploited by an attacker to cause a denial of service by changing SavedModel...

GHSA-FR77-RRX3-CP7G Heap OOB read in `tf.ragged.cross`

Impact The shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def test: y = tf.rawops.RaggedCrossraggedvalues=, raggedrowsplits=, sparseindices=5, sparsevalues=, sparseshape=5, denseinputs='a',...

GHSA-F54P-F6JP-4RHR Heap OOB in `FusedBatchNorm` kernels

Impact The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: python import tensorflow as tf tf.rawops.FusedBatchNormGrad ybackprop=tf.constanti for i in range9,shape=1,1,3,3,dtype=tf.float32 x=tf.constanti for i in range2,shape=1,1,1,2,dtype=tf.float32 scale=1,1,...

GHSA-9W2P-5MGW-P94C Integer overflow due to conversion to unsigned

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad...

GHSA-M7FM-4JFH-JRG6 Use after free in boosted trees creation

Impact The implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments: python import tensorflow as tf v= tf.Variable0.0 tf.rawops.BoostedTreesCreateEnsemble treeensemblehandle=v.handle, stamptoken=0,...

GHSA-2R8P-FG3C-WCJ4 Heap OOB and CHECK fail in `ResourceGather`

Impact An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build: python import tensorflow as tf tensor =...