BIT-TENSORFLOW-2021-29556 Division by 0 in `Reverse`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...

BIT-TENSORFLOW-2021-29557 Division by 0 in `SparseMatMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

BIT-TENSORFLOW-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

BIT-TENSORFLOW-2021-29559 Heap OOB access in unicode ops

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

BIT-TENSORFLOW-2021-29560 Heap buffer overflow in `RaggedTensorToTensor`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

BIT-TENSORFLOW-2021-29561 CHECK-fail in `LoadAndRemapMatrix`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix. This is because the...

BIT-TENSORFLOW-2021-29562 CHECK-fail in `tf.raw_ops.IRFFT`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...

BIT-TENSORFLOW-2021-29563 CHECK-fail in `tf.raw_ops.RFFT`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

BIT-TENSORFLOW-2021-29564 Null pointer dereference in `EditDistance`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

BIT-TENSORFLOW-2021-29565 Null pointer dereference in `SparseFillEmptyRows`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

BIT-TENSORFLOW-2021-29566 Heap OOB access in `Dilation2DBackpropInput`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...

BIT-TENSORFLOW-2021-29567 Lack of validation in `SparseDenseCwiseMul`

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...

BIT-TENSORFLOW-2021-29568 Reference binding to null in `ParameterizedTruncatedNormal`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

BIT-TENSORFLOW-2021-29569 Heap out of bounds read in `RequantizationRange`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

BIT-TENSORFLOW-2021-29570 Heap out of bounds read in `MaxPoolGradWithArgmax`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

BIT-TENSORFLOW-2021-29571 Memory corruption in `DrawBoundingBoxesV2`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

BIT-TENSORFLOW-2021-29572 Reference binding to nullptr in `SdcaOptimizer`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

BIT-TENSORFLOW-2021-29573 Division by 0 in `MaxPoolGradWithArgmax`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

BIT-TENSORFLOW-2021-29574 Undefined behavior in `MaxPool3DGradGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

BIT-TENSORFLOW-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...