CVE-2022-41890 `CHECK` fail in `BCast` overflow in Tensorflow

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...

CVE-2022-41894 Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of inp...

PT-2022-26115 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue arises when a numpy array is created with a shape such that one element is zero and the others sum to a large...

PT-2022-26120 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: TensorFlow is an open source platform for machine learning. If a list of quantiz...

CVE-2022-41896

CVE-2022-41896 affects TensorFlow: a crash occurs when ThreadUnsafeUnigramCandidateSampler receives filterbank_channel_count beyond the allowed max size. The issue has been patched in commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860 and will be included in TensorFlow 2.11, with backport cherrypick...

PT-2022-26127 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 Description: TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbank channel count greater tha...

CVE-2022-41901

CVE-2022-41901 affects TensorFlow. The issue is a CHECK fail in tf.raw_ops.SparseMatrixNNZ triggered when input tensor is not a rank-0 matrix, which can cause a crash (denial of service). Fixed in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693; the fix will be included in TensorFlow 2.11 ...

PT-2022-26114 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue occurs when ops with specified input sizes receive a differing number of inputs, causing the executor to cras...

CVE-2022-41894

CVE-2022-41894 affects TensorFlow/TFLite CONV_3D_TRANSPOSE reference kernel. The bug increments data_ptr by num_channels instead of output_num_channels, enabling an out-of-bounds write to the bias buffer when input channels exceed output channels. Attack requires using the reference kernel resolv...

CVE-2022-41880

TensorFlow CVE-2022-41880 describes a heap-based out-of-bounds read in BaseCandidateSamplerOp when true_classes contains a value greater than range_max. A patch was committed (b389f5c944cadfdfe599b3f1e4026e036f30d2d4) and the fix is scheduled for TensorFlow 2.11, with cherry-picks to 2.10.1, 2.9....

CVE-2022-41909 Segfault in `CompositeTensorVariantToComponents` in Tensorflow

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

PT-2022-26142 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.0 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The issue arises when printing a tensor, as the data is retrieved as a const...

PT-2022-26122 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The issue results in a segmentation fault when tf.raw ops.TensorListConcat is...

CVE-2022-41895

TensorFlow CVE-2022-41895 describes a heap-out-of-bounds read in MirrorPadGrad when input paddings are out of range. The issue is fixed in commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92 and will be included in TensorFlow 2.11; a cherry-pick will be applied to 2.10.1, 2.9.3, and 2.8.4 for affecte...

CVE-2022-41891

CVE-2022-41891 (TensorFlow) : A segmentation fault occurs in tf.raw_ops.TensorListConcat when element_shape is []; this can trigger a denial-of-service. A patch was committed (fc33f3dc4c14051a83eec6535b608abe1d355fde) and will be included in TensorFlow 2.11. TensorFlow 2.10.1, 2.9.3, and 2.8.4 wi...

CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-41900

TensorFlow CVE-2022-41900 affects FractionalMax(AVG)Pool due to an illegal pooling_ratio, potentially allowing access to heap memory and causing a crash or remote code execution. The issue has been patched in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48, with the fix scheduled for Tenso...

PT-2022-26112 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 Description: The issue occurs when the BaseCandidateSamplerOp function receives a value in true classes larger than range max, resulting in a heap out-of-bounds...

CVE-2022-41911

CVE-2022-41911 affects TensorFlow; root cause is an undefined char-to-bool conversion when printing a tensor, leading to sanitizer/fuzzer crashes. Patch is in GitHub commit 1be74370327 and will be included in TensorFlow 2.11.0, with backports to 2.10.1, 2.9.3, and 2.8.4. Public detail confirms im...