PYSEC-2021-648

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

PYSEC-2021-218

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

CVE-2021-29515

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

CVE-2021-29516

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

CVE-2021-29522

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

CVE-2021-29589

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

CVE-2021-29590

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

CVE-2021-29608

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

CVE-2021-29612

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

CVE-2021-29557

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

CVE-2021-29565

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

CVE-2021-29568

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

CVE-2021-29569

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

CVE-2021-29574

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

CVE-2021-29580

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

CVE-2021-29581

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

CVE-2021-29583

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

CVE-2021-29531

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

CVE-2021-29533

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

CVE-2021-29535 Heap buffer overflow in `QuantizedMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...