PYSEC-2022-133

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-21739 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-21739

TensorFlow’s QuantizedMaxPool has an undefined behavior that can trigger a reference binding to a null pointer when handling user-controlled inputs. The patch is planned for TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (still in supported range). Remediation: upgrade to TensorFl...

CVE-2022-21739 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-21739

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-21734 `CHECK`-failures in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

CVE-2022-21734

TensorFlow CVE-2022-21734: The MapStage kernel is vulnerable to a CHECK-fail when the key tensor is non-scalar, potentially allowing a denial of service. The reported fix is included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected, supported releases. Recommend upgr...

CVE-2022-21734 `CHECK`-failures in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

CVE-2022-21734 `CHECK`-failures in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

CVE-2022-21734

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

CVE-2022-21735 Division by zero in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

CVE-2022-21735

TensorFlow vulnerability CVE-2022-21735 involves the FractionalMaxPool implementation where a division-by-zero can crash the TensorFlow process. The issue is documented across multiple sources, noting the root cause in FractionalMaxPool and that a patch fixes it in TensorFlow 2.8.0, with cherry-p...

CVE-2022-21735 Division by zero in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

CVE-2022-21735 Division by zero in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

CVE-2022-21735

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569

TensorFlow/CVE-2022-23569: Denial‑of‑service via CHECK‑fails (assertion failures) across multiple ops in TensorFlow/TFLite, caused by invalid tensor shapes and related checks. Root cause: assertion failures in core paths; fixes released as patches implemented in GitHub commits. Remediation: upgra...

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

CVE-2022-23569

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...