7035 matches found
`CHECK` fail in `BCast` overflow
ImpactIf BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b.pythonimport tensorflow as tfvalue = tf.constantshape=2, 1024, 1024, 1024,...
Overflow in `tf.keras.losses.poisson`
Impacttf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.pythonimport numpy as npimport tensorflow as tftruevalue =...
FPE in `tf.image.generate_bounding_box_proposals`
ImpactWhen running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked.pythonimport tensorflow as tfa = tf.constantvalue=1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0b =...
FPE in `tf.image.generate_bounding_box_proposals`
ImpactWhen running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked.pythonimport tensorflow as tfa = tf.constantvalue=1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0b =...
`CHECK` fail in `BCast` overflow
ImpactIf BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b.pythonimport tensorflow as tfvalue = tf.constantshape=2, 1024, 1024, 1024,...
Overflow in `ImageProjectiveTransformV2`
ImpactWhen tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows.pythonimport tensorflow as tfinterpolation = "BILINEAR"fillmode = "REFLECT"images = tf.constant0.184634328, shape=2,5,8,3, dtype=tf.float32transforms = tf.constant0.378575385, shape=2,8,...
Overflow in `tf.keras.losses.poisson`
Impacttf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.pythonimport numpy as npimport tensorflow as tftruevalue =...
Segfault via invalid attributes in `pywrap_tfe_src.cc`
ImpactIf a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes.pythonimport numpy as npimport...
Out of bounds segmentation fault due to unequal op inputs in Tensorflow
Impact tf.rawops.DynamicStitch specifies input sizes when it is registered. cppREGISTEROP"DynamicStitch" .Input"indices: N int32" .Input"data: N T" .Output"merged: T" .Attr"N : int = 1" .Attr"T : type" .SetShapeFnDynamicStitchShapeFunction;When it receives a differing number of inputs, such as wh...
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
ImpactIf a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error:pythonnp.ones0, 231, 231An example of a proof of concept:pythonimport numpy as npimport tensorflow as tfinputval =...
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
ImpactIf a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error:pythonnp.ones0, 231, 231An example of a proof of concept:pythonimport numpy as npimport tensorflow as tfinputval =...
TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
ImpactIf Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tffilename = tf.constant""tensornames = tf.constant"" Savedata = tf.casttf.random.uniformshape=1, minval=-10000,...
Overflow in `FusedResizeAndPadConv2D`
ImpactWhen tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows.pythonimport tensorflow as tfmode = "REFLECT"strides = 1, 1, 1, 1padding = "SAME"resizealigncorners = Falseinput = tf.constant147, shape=3,3,1,1, dtype=tf.float16size = tf.constant1879048192,1879048192,...
Overflow in `ImageProjectiveTransformV2`
ImpactWhen tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows.pythonimport tensorflow as tfinterpolation = "BILINEAR"fillmode = "REFLECT"images = tf.constant0.184634328, shape=2,5,8,3, dtype=tf.float32transforms = tf.constant0.378575385, shape=2,8,...
Out of bounds segmentation fault due to unequal op inputs in Tensorflow
Impact tf.rawops.DynamicStitch specifies input sizes when it is registered. cppREGISTEROP"DynamicStitch" .Input"indices: N int32" .Input"data: N T" .Output"merged: T" .Attr"N : int = 1" .Attr"T : type" .SetShapeFnDynamicStitchShapeFunction;When it receives a differing number of inputs, such as wh...
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...
Overflow in `FusedResizeAndPadConv2D`
ImpactWhen tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows.pythonimport tensorflow as tfmode = "REFLECT"strides = 1, 1, 1, 1padding = "SAME"resizealigncorners = Falseinput = tf.constant147, shape=3,3,1,1, dtype=tf.float16size = tf.constant1879048192,1879048192,...
TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
ImpactWhen tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfa = tf.constant, shape=0, 1, 1, dtype=tf.float32tf.linalg.matrixranka=a PatchesWe have patched the issue in GitHub commi...
TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
ImpactWhen tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfa = tf.constant, shape=0, 1, 1, dtype=tf.float32tf.linalg.matrixranka=a PatchesWe have patched the issue in GitHub commi...
TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
ImpactIf LRNGrad is given an outputimage input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfdepthradius = 1bias = 1.59018219alpha = 0.117728651beta = 0.404427052inputgrads = tf.random.uniformshape=4, 4, 4, 4...
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
ImpactWhen MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinput = np.ones1, 1, 1, 1ksize = 1, 1, 2, 2strid...
TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
ImpactIf Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tffilename = tf.constant""tensornames = tf.constant"" Savedata = tf.casttf.random.uniformshape=1, minval=-10000,...
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
ImpactWhen MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinput = np.ones1, 1, 1, 1ksize = 1, 1, 2, 2strid...
TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
ImpactParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfseed = 1618seed2 = 0shape = tf.random.uniformshape=3, minval=-10000,...
TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
ImpactIf LRNGrad is given an outputimage input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfdepthradius = 1bias = 1.59018219alpha = 0.117728651beta = 0.404427052inputgrads = tf.random.uniformshape=4, 4, 4, 4...
TensorFlow vulnerable to segfault in `SparseBincount`
ImpactIf SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Trueindices = tf.random.uniformshape=, minval=-10000,...
TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
ImpactParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfseed = 1618seed2 = 0shape = tf.random.uniformshape=3, minval=-10000,...
TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange`
ImpactIf QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.quint8input = tf.constant1, shape=3, dtype=tf.qint32inputmin = tf.constant, shape=0,...
TensorFlow vulnerable to segfault in `SparseBincount`
ImpactIf SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Trueindices = tf.random.uniformshape=, minval=-10000,...
TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange`
ImpactIf QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.quint8input = tf.constant1, shape=3, dtype=tf.qint32inputmin = tf.constant, shape=0,...
TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
ImpactFractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack:pythonimport tensorflow as tfoverlapping = Trueoriginput = tf.constant.453409232,...
TensorFlow vulnerable to segfault in `QuantizedMatMul`
ImpactIf QuantizedMatMul is given nonscalar input for: - mina - maxa - minb - maxbIt gives a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfToutput = tf.qint32transposea = Falsetransposeb = FalseTactivation = tf.quint8a = tf.constant7, shape=3,4,...
TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`
ImpactIf QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.quint8features = tf.constant28, shape=4,2, dtype=tf.quint8minfeatures =...
TensorFlow vulnerable to segfault in `QuantizedMatMul`
ImpactIf QuantizedMatMul is given nonscalar input for: - mina - maxa - minb - maxbIt gives a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfToutput = tf.qint32transposea = Falsetransposeb = FalseTactivation = tf.quint8a = tf.constant7, shape=3,4,...
TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`
ImpactIf QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.quint8features = tf.constant28, shape=4,2, dtype=tf.quint8minfeatures =...
TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
ImpactFractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack:pythonimport tensorflow as tfoverlapping = Trueoriginput = tf.constant.453409232,...
TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
ImpactIf QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.qint32input = tf.constant85,170,255, shape=3, dtype=tf.quint8bias =...
TensorFlow vulnerable to segfault in `QuantizedBiasAdd`
ImpactIf QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfouttype = tf.qint32input = tf.constant85,170,255, shape=3, dtype=tf.quint8bias =...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
ImpactIf FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=2,3, dtype=tf.float32min = tf.constant0,...
TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
ImpactThe implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfstrides = 1, 1, 1, 1padding = "SAME"usecudnnongpu = Trueexplicitpaddings = dataformat =...
TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
ImpactThe implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfstrides = 1, 1, 1, 1padding = "SAME"usecudnnongpu = Trueexplicitpaddings = dataformat =...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
ImpactIf FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=2,3, dtype=tf.float32min = tf.constant0,...
TensorFlow vulnerable to segfault in `QuantizedInstanceNorm`
ImpactIf QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfoutputrangegiven = Falsegivenymin = 0givenymax = 0varianceepsilon = 1e-05minseparation = 0.001x =...
TensorFlow vulnerable to segfault in `QuantizedInstanceNorm`
ImpactIf QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfoutputrangegiven = Falsegivenymin = 0givenymax = 0varianceepsilon = 1e-05minseparation = 0.001x =...
TensorFlow vulnerable to segfault in `QuantizedAdd`
ImpactIf QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfToutput = tf.qint32x = tf.constant140, shape=1, dtype=tf.quint8y = tf.constant26, shape=10, dtype=tf.quint8mi...
TensorFlow vulnerable to segfault in `QuantizedAvgPool`
ImpactIf QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfksize = 1, 2, 2, 1strides = 1, 2, 2, 1padding = "SAME"input = tf.constant1, shape=1,4,4,2,...
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
ImpactWhen tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack.pythonimport tensorflow as tfarg0=tf.random.uniformshape=1,1, dtype=tf.float32,...
TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
ImpactWhen TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack.pythonimport tensorflow as tfarg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=Nonearg1=tf.random.uniformshape=2,...
TensorFlow vulnerable to segfault in `QuantizedAdd`
ImpactIf QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfToutput = tf.qint32x = tf.constant140, shape=1, dtype=tf.quint8y = tf.constant26, shape=10, dtype=tf.quint8mi...
TensorFlow vulnerable to segfault in `QuantizedAvgPool`
ImpactIf QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.pythonimport tensorflow as tfksize = 1, 2, 2, 1strides = 1, 2, 2, 1padding = "SAME"input = tf.constant1, shape=1,4,4,2,...