14324 matches found
CVE-2022-29207
CVE-2022-29207 affects TensorFlow. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations can misbehave in eager mode when the provided resource handle is invalid, binding a reference to a null pointer and causing undefined behavior. In graph mode, these API calls were n...
CVE-2022-29207 Undefined behavior when users supply invalid resource handles in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
CVE-2022-29207 Undefined behavior when users supply invalid resource handles in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
CVE-2022-29195 Missing validation causes denial of service in TensorFlow via `StagePeek`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...
CVE-2022-29195 Missing validation causes denial of service in TensorFlow via `StagePeek`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...
CVE-2022-29195
TensorFlow CVE-2022-29195 concerns a denial-of-service via missing validation in tf.raw_ops.StagePeek. Affected are versions before patches: 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which patch the issue. The vulnerability stems from StagePeek assuming index is a scalar without validating input, leading t...
CVE-2022-29195
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...
CVE-2022-29195 Missing validation causes denial of service in TensorFlow via `StagePeek`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...
CVE-2022-29197 Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29197 Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29197
CVE-2022-29197 concerns TensorFlow UnsortedSegmentJoin with incomplete input validation that can trigger a denial of service via a CHECK failure when num_segments is not properly validated. Affected releases include TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The issue has been a...
CVE-2022-29197 Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...
CVE-2022-29196 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29196
CVE-2022-29196 applies to TensorFlow. Before versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, Conv3DBackpropFilterV2 does not fully validate input arguments, specifically not validating that filter_sizes is a vector. This triggers a CHECK failure and can be leveraged to cause a denial of service. The iss...
CVE-2022-29196 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29196
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29196 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29198 Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
CVE-2022-29198
CVE-2022-29198 concerns TensorFlow’s tf.raw_ops.SparseTensorToCSRSparseMatrix, where input validation is incomplete for dense_shape and indices. This can trigger a CHECK failure, potentially enabling a denial of service. The issue is documented to affect TensorFlow versions prior to 2.9.0, 2.8.1,...
CVE-2022-29198 Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...