BIT-TENSORFLOW-2020-26268 Write to immutable memory region in TensorFlow

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

BIT-TENSORFLOW-2020-26269 Heap out of bounds read in filesystem glob matching in TensorFlow

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

BIT-TENSORFLOW-2020-26270 CHECK-fail in LSTM with zero-length input in TensorFlow

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer...

BIT-TENSORFLOW-2020-26271 Heap out of bounds access in MakeEdge in TensorFlow

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node...

BIT-TENSORFLOW-2020-5215 Segmentation faultin TensorFlow when converting a Python string to tf.float16

In TensorFlow before 1.15.2 and 2.0.1, converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker c...

BIT-TENSORFLOW-2021-29512 Heap buffer overflow in `RaggedBinCount`

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

BIT-TENSORFLOW-2021-29513 Type confusion during tensor casts lead to dereferencing null pointers

TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++...

BIT-TENSORFLOW-2021-29514 Heap out of bounds write in `RaggedBinCount`

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

BIT-TENSORFLOW-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

BIT-TENSORFLOW-2021-29516 Null pointer dereference via invalid Ragged Tensors

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

BIT-TENSORFLOW-2021-29517 Division by zero in `Conv3D`

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...

BIT-TENSORFLOW-2021-29518 Session operations in eager mode lead to null pointer dereferences

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

BIT-TENSORFLOW-2021-29519 CHECK-fail in SparseCross due to type confusion

TensorFlow is an end-to-end open source platform for machine learning. The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the...

BIT-TENSORFLOW-2021-29520 Heap buffer overflow in `Conv3DBackprop*`

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

BIT-TENSORFLOW-2021-29521 Segfault in SparseCountSparseOutput

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

BIT-TENSORFLOW-2021-29522 Division by 0 in `Conv3DBackprop*`

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

BIT-TENSORFLOW-2021-29523 CHECK-fail in AddManySparseToTensorsMap

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...

BIT-TENSORFLOW-2021-29524 Division by 0 in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

BIT-TENSORFLOW-2021-29525 Division by 0 in `Conv2DBackpropInput`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

BIT-TENSORFLOW-2021-29526 Division by 0 in `Conv2D`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...