BIT-TENSORFLOW-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow

TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of listkernels.cc because the it doesn't properly handle the size of numelements which allows an attacker to provide more than one element causing an application crash...

CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow

TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...

CVE-2021-37644 `std::abort` raised from `TensorListReserve` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

CVE-2017-5994

Heap-based buffer overflow in the vrendcreatevertexelementsstate function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and crash via the numelements parameter...