SUSE CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

SUSE CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

SUSE CVE-2020-15192

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

SUSE CVE-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

SUSE CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

SUSE CVE-2020-15195

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...

SUSE CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

SUSE CVE-2020-15204

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

SUSE CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

SUSE CVE-2020-15205

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

SUSE CVE-2020-15206

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

SUSE CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

SUSE CVE-2020-15207

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

SUSE CVE-2020-15209

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one...

SUSE CVE-2020-26266

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...

SUSE CVE-2020-26267

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

SUSE CVE-2020-26268

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

SUSE CVE-2020-26271

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node...

SUSE CVE-2020-26270

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer...

SUSE CVE-2021-29512

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...