CVE-2022-35995

TensorFlow is an open source platform for machine learning. When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35964

TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

CVE-2022-35999

TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. We have patched the issue in...

CVE-2022-35982

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35973

TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: mina, maxa, minb, or maxb It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. T...

CVE-2022-35991

TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35952

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

CVE-2022-35934

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit...

CVE-2022-35969

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35987

TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. We have...

CVE-2022-35996

TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue ...

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35970

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

CVE-2022-35941

TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...

CVE-2022-35983

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...

CVE-2022-35965

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2023-25669

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2023-25672

TensorFlow is an open source platform for machine learning. The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...