45 matches found
EUVD-2021-0423
Malware in sbrugna...
CVE-2022-36026
TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...
BIT-TENSORFLOW-2022-35979 Segfault in `QuantizedRelu` and `QuantizedRelu6`
TensorFlow is an open source platform for machine learning. If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
SUSE CVE-2021-41200
TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...
SUSE CVE-2022-21734
Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...
SUSE CVE-2022-35952
TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...
SUSE CVE-2022-35997
TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The f...
SUSE CVE-2022-36005
TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
Reachable Assertion
Overview Affected versions of this package are vulnerable to Reachable Assertion when tf.rawops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack. Remediation Upgrade tensorflow-lite to version 2.12....
AZL-11531 CVE-2022-41893 affecting package tensorflow for versions less than 2.11.0-1
TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56...
CVE-2022-41893
TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function in batchkernels.cc because Unbatch Op kernel doesn't properly check if the input argument is a scalar which allows an attacker to send non-scalar input IDs causing an application crash...
CVE-2022-35997
TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The f...
GHSA-H5VQ-GW2C-PQ47 TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`
Impact The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. python import numpy as np import tensorflow as tf id is not scalar tf.rawops.UnbatchGradoriginalinput= tf.constant1,batchindex=tf.constant0,0,0 ...
CVE-2022-36005
TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-36005 `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow
TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...
CVE-2022-36026
TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...
GHSA-R26C-679W-MRJM TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
Impact When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=2, 2, shape=2, 2, dtype=tf.float...
CVE-2022-35935
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. This issue has been patched in GitHub commit...
GHSA-P7HR-F446-X6QF TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Impact If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string Patches We have patched the issue ...