14326 matches found
SUSE CVE-2022-23576
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...
SUSE CVE-2022-23580
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
SUSE CVE-2022-23583
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...
SUSE CVE-2022-23581
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
SUSE CVE-2022-23582
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...
SUSE CVE-2022-23584
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...
SUSE CVE-2022-23585
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
SUSE CVE-2022-23587
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...
SUSE CVE-2022-23589
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...
SUSE CVE-2022-23590
Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...
SUSE CVE-2022-23591
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...
SUSE CVE-2022-23594
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...
SUSE CVE-2022-23595
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...
SUSE CVE-2022-23592
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...
SUSE CVE-2022-23593
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...
SUSE CVE-2022-29191
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
SUSE CVE-2022-29192
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
SUSE CVE-2022-29193
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
SUSE CVE-2022-29194
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
SUSE CVE-2022-29195
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...