CVE-2022-29210 Heap buffer overflow due to incorrect hash function in TensorFlow

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

CVE-2022-29209

TensorFlow has a documented vulnerability (CVE-2022-29209) due to incorrect logic when comparing size_t and int in assertion macros. Affected versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 may trigger the issue; a patch is included in 2.9.0 and is backported to 2.8.1, 2.7.2, and 2.6.4. Impact r...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

CVE-2022-29211 Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

CVE-2022-29211 Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

CVE-2022-29211

CVE-2022-29211 (TensorFlow) : The CPU implementation of tf.histogram_fixed_width crashes when the values array contains NaN. Specifically, casting NaN divisions to int32 can trigger a crash, affecting TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue is CPU-only and arises fr...

CVE-2022-29211 Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...

CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2,...

CVE-2022-29203

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: The result of this integer overflow is used to...

CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...

CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...

CVE-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

CVE-2022-29212 Core dump when loading TFLite models with quantization in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...

CVE-2022-29212 Core dump when loading TFLite models with quantization in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...

CVE-2022-29212

TensorFlow vulnerability CVE-2022-29212 affects TFLite model loading due to quantization scale handling. During quantization, values can have a scale > 1, but code assumed sub-unit scaling; this triggers a TFLITE_CHECK_LT assertion when QuantizeMultiplierSmallerThanOneExp is used, causing a cr...

CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...