SUSE CVE-2022-23558

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

SUSE CVE-2022-23557

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

SUSE CVE-2022-23561

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

SUSE CVE-2022-23562

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

SUSE CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

SUSE CVE-2022-23564

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

SUSE CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

SUSE CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

SUSE CVE-2022-23566

Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...

SUSE CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

SUSE CVE-2022-23569

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

SUSE CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

SUSE CVE-2022-23571

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

SUSE CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

SUSE CVE-2022-23573

Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...

SUSE CVE-2022-23574

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

SUSE CVE-2022-23575

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

SUSE CVE-2022-23577

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

SUSE CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

SUSE CVE-2022-23579

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...