CVE-2022-29207

CVE-2022-29207 affects TensorFlow. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations can misbehave in eager mode when the provided resource handle is invalid, binding a reference to a null pointer and causing undefined behavior. In graph mode, these API calls were n...

CVE-2022-29200

TensorFlow CVE-2022-29200 affects tf.raw_ops.LSTMBlockCell where input argument ranks were not fully validated, causing CHECK failures that can trigger denial of service. Affected versions are before 2.9.0 and also including 2.8.1, 2.7.2, and 2.6.4; a patch exists in 2.9.0 and was backported to t...

CVE-2021-37650

CVE-2021-37650 affects TensorFlow where the implementations tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger a heap-based buffer overflow and segmentation fault because records are assumed to be strings but may be numeric. The GNOTO advisory in the Connected d...

CVE-2023-25672

CVE-2023-25672: TensorFlow vulnerability in tf.raw_ops.LookupTableImportV2 causes a NULL pointer dereference when values is scalar, enabling denial of service. Fixes are in TensorFlow 2.12.0 and 2.11.1; IBM/partner advisories reference remediation guidance and affected IBM products may require up...

CVE-2021-37645

TensorFlow CVE-2021-37645 affects affected TF versions prior to 2.6.0 and is caused by an integer overflow in tf.raw_ops.QuantizeAndDequantizeV4Grad when converting a signed axis to unsigned for the absl::InlinedVector constructor, leading to memory allocation based on a large value. A GitHub com...

CVE-2021-37657

TensorFlow CVE-2021-37657 affects MatrixDiagV* operations where the implementation fails to validate the number of elements in k (tensor), allowing undefined behavior from a null pointer dereference. The issue is fixed in commit f2a673bd34f0d64b8e40a551ac78989d16daad09 and will be included in Ten...

CVE-2023-25667

TensorFlow contains an integer overflow in the vulnerability CVE-2023-25667, affecting versions prior to 2.12.0 and 2.11.1 when 2^31 <= num_frames * height * width * channels

CVE-2021-37658

CVE-2021-37658 affects TensorFlow and is tied to a null-pointer binding issue in tf.raw_ops.MatrixSetDiagV* due to incomplete validation of the tensor k. The vulnerability allows undefined behavior when an empty tensor is passed for k, as code accesses the first element without proper checks. The...

CVE-2023-25665

TensorFlow CVE-2023-25665 affects SparseSparseMaximum: inputting invalid sparse tensors can cause a NULL pointer dereference. Public docs list affected releases as pre-2.12.0 and pre-2.11.1, with fixes shipped in TensorFlow 2.12 and 2.11.1 respectively. IBM and partner advisories corroborate this...

CVE-2023-25668

TensorFlow CVE-2023-25668 affects TensorFlow prior to 2.12.0 and the 2.11.1 branch, where attackers can access heap memory outside user control, leading to a crash or remote code execution. The fix is to upgrade to TensorFlow 2.12.0 or cherry-pick the relevant commit onto TensorFlow 2.11.1. Affec...

CVE-2023-27579

CVE-2023-27579 : TensorFlow contains a denial of service/ Floating Point Exception when constructing a tflite model with a parameter filter_input_channel

CVE-2023-25669

TensorFlow CVE-2023-25669 affects TensorFlow before versions 2.12.0 and 2.11.1, where a non-positive stride or window in tf.raw_ops.AvgPoolGrad can trigger a floating point exception. A fix is included in TensorFlow 2.12.0 and 2.11.1. Mitigation consists of upgrading to these versions or later. I...

CVE-2023-25658

CVE-2023-25658 affects TensorFlow due to an out-of-bounds read in GRUBlockCellGrad. Vulnerable in versions prior to 2.12.0 and 2.11.1; a fix is included in TensorFlow 2.12.0 and 2.11.1. Impact: potential denial of service via memory access errors. Remediation: upgrade to TensorFlow 2.12.0 or 2.11...

CVE-2023-25801

CVE-2023-25801 — TensorFlow double-free in fractional pooling : Connected sources confirm a vulnerability in nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 where the first and fourth elements of pooling_ratio must be 1.0 for batch/channel pooling to be supported. The issue is tri...

CVE-2023-25674

CVE-2023-25674 affects TensorFlow: a null pointer dereference in RandomShuffle when XLA is enabled. Affected are TensorFlow versions prior to 2.12.0 and 2.11.1. The vulnerability is fixed in TensorFlow 2.12.0 and 2.11.1. Remediate by upgrading to one of those fixed releases; no exploit details ar...

CVE-2023-25675

CVE-2023-25675 affects TensorFlow releases prior to 2.12.0 and 2.11.1 with XLA enabled. The vulnerability is a segfault in tf.raw_ops.Bincount when weights is neither the same shape as arr nor length-0, caused by an out-of-spec input handling. Impact is a crash (denial of service risk operational...

CVE-2023-25671

TensorFlow vulnerability CVE-2023-25671: out-of-bounds access due to mismatched integer type sizes. Affected: TensorFlow 2.x releases prior to 2.11.1 and 2.x releases prior to 2.12.0. Impact is denial of service via out-of-bounds read; no exploitation details provided in the sources. Remediation:...

CVE-2023-25666

TensorFlow AudioSpectrogram in versions prior to 2.12.0 and 2.11.1 is affected by a floating point exception that can cause a Denial of Service. The fix is included in TensorFlow 2.12.0 and in 2.11.1. Recommended action: upgrade to TensorFlow 2.12.0 or 2.11.1 (or newer) to remediate.

CVE-2021-29519

TensorFlow vulnerability CVE-2021-29519 arises from a type-confusion in tf.raw_ops.SparseCross where a tstring input is treated as int64, enabling a CHECK-fail and potential DoS. The issue is rooted in SparseCross_op.cc logic that mishandles dtype, returning a fingerprint from a string when value...

CVE-2023-25664

TensorFlow CVE-2023-25664 is a heap-based buffer overflow in TAvgPoolGrad, affecting TensorFlow versions prior to 2.12.0 and 2.11.1. A fix is included in TensorFlow 2.12.0 and 2.11.1. Connected documents corroborate the vulnerability class and affected versions, and note remediation via upgrading...

CVE-2023-25662

CVE-2023-25662 affects TensorFlow with an integer overflow in EditDistance in versions prior to 2.12.0 and 2.11.1. A fix is included in TensorFlow 2.12.0 and 2.11.1. The issue is documented with CVSS v3.1 base score 7.5 (HIGH), network attack vector, no user interaction required. Connected source...

CVE-2023-25673

CVE-2023-25673 affects TensorFlow prior to 2.12.0 and 2.11.1, caused by a Floating Point Exception in TensorListSplit when using XLA. The vulnerability impacts TensorFlow’s ability to process TensorListSplit under XLA, with the cited impact being a denial of service type failure (availability imp...

CVE-2020-15210

CVE-2020-15210 affects TensorFlow/TFLite where a saved model reuses the same tensor as input and output for an operator, causing a segmentation fault or memory corruption depending on the operator. The issue has a patch in commit d58c96946b2880991d63d1dacacb32f0a4dfa453 and is addressed in patch ...

CVE-2021-29513

TensorFlow vulnerability CVE-2021-29513 arises when calling TF operations with tensors of non-numeric types, causing a null pointer dereference due to a type confusion in the Python-to-C++ array conversion (ndarray_tensor.cc). Root cause: PyArray_DESCR_to_TF_DataType path can dereference NULL in ...

CVE-2023-25676

CVE-2023-25676 : TensorFlow versions prior to 2.12.0 and 2.11.1 with XLA exhibit a NULL pointer dereference in tf.raw_ops.ParallelConcat when shape.rank

CVE-2020-15209

Observation: CVE-2020-15209 affects TensorFlow Lite. A crafted TFLite flatbuffer can flip a tensor’s buffer index, turning a read-only tensor into read-write, which the runtime may treat as writable and initialize with a null buffer, causing a null pointer dereference. The issue has a concrete ro...

CVE-2023-25660

CVE-2023-25660 affects TensorFlow where the parameter summarize of tf.raw_ops.Print, when zero, makes SummarizeArray reference a nullptr, causing a segfault. Affected versions are prior to 2.12.0 and 2.11.1. The issue is triggered by an out-of-bounds-like condition in a debug/print path and is mi...

CVE-2020-15202

CVE-2020-15202 : TensorFlow Shard API truncation bug affects multiple releases (1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1). A lambda taking int/int32 instead of int64 in work-parallelization can cause integer truncation, leading to segfaults, out-of-bounds reads/writes, stack overflows, or data corrupti...

CVE-2020-15211

CVE-2020-15211 : In TensorFlow Lite (before 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1), a negative -1 tensor index used for optional inputs can be treated as a valid index during validation, allowing out-of-bounds reads/writes in some operators. The root cause is the double indexing scheme for tensors i...

CVE-2023-25663

TensorFlow CVE-2023-25663: In affected versions prior to 2.12.0 and 2.11.1, Lookup in TensorArray/ctx handling can dereference a null pointer (ctx->step_containter()), enabling a denial of service. The issue is due to a null pointer dereference in the Lookup function when the context is not in...

CVE-2020-15203

CVE-2020-15203 is a TensorFlow format-string vulnerability in tf.strings.as_string triggered by the fill argument. The issue can cause segmentation faults and is fixed in TensorFlow releases 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 (commit 33be22c65d86256e6826666662e40dbdfe70ee83). Public reference...

CVE-2023-25670

TensorFlow contains a null pointer dereference in QuantizedMatMulWithBiasAndDequantize when MKL is enabled, affecting prior releases. The issue affects TensorFlow versions before 2.12.0 and before 2.11.1, with a fix included in TensorFlow 2.12.0 and 2.11.1. Remediation is to upgrade to one of the...

CVE-2023-25659

CVE-2023-25659 : TensorFlow prior to 2.12.0 and 2.11.1 is vulnerable to an out-of-bounds read in DynamicStitch when the input indices shape does not match data. This can enable denial of service. The fix is included in TensorFlow 2.12.0 (and 2.11.1). Affected products/versions referenced in multi...

CVE-2020-15207

CVE-2020-15207 affects TensorFlow Lite: negative indexing support uses ResolveAxis and only debug builds validate the converted index, allowing out-of-bounds access that can cause segfaults/data corruption. Affected: TensorFlow Lite before 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1. Root cause: insuffici...

CVE-2021-29614

CVE-2021-29614 affects TensorFlow: the tf.io.decode_raw path (padded version) mishandles fixed_length with wider datatypes, advancing the output pointer by fixed_length bytes even when only fixed_length bytes are copied. This causes parts of input not to be decoded and can lead to out-of-bounds w...

CVE-2020-15194

CVE-2020-15194 (TensorFlow) affects TensorFlow before 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. The SparseFillEmptyRowsGrad implementation has incomplete validation of argument shapes; while reverse_index_map_t is validated, grad_values_t is not, enabling an attacker to pass a bad grad_values_t and ...

CVE-2020-15206

CVE-2020-15206 affects TensorFlow: changing SavedModel protocol buffers and required key names can cause segfaults and data corruption while loading models, leading to a denial of service in inference deployments. The vulnerability was addressed with fixes committed in TF, and TensorFlow versions...

CVE-2020-26266

CVE-2020-26266 (TensorFlow) arises from use of uninitialized Eigen quantized floating point types during code execution, triggered by saved-model handling. Affected TensorFlow versions include 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0; fixes are in those same branches as indicated. The issue ...

CVE-2020-15205

CVE-2020-15205 affects TensorFlow: the data_splits parameter of tf.raw_ops.StringNGrams lacks validation, allowing crafted input that can cause heap overflow and memory leakage, potentially leaking memory contents and aiding ASLR defeat. Affected TF versions include 1.15.4 and 2.x releases up to ...

CVE-2020-15190

TensorFlow CVE-2020-15190 is a vulnerability in tf.raw_ops.Switch where, in eager mode, the runtime binds a reference to a nullptr when one of the two outputs is undefined. This causes undefined behavior and can segfault when compiled with -fsanitize=null. The issue affects TensorFlow versions 1....

CVE-2020-15208

The CVE-2020-15208 issue affects TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1. A debug-only DCHECK used to determine the common tensor dimension returns the first tensor’s size, which can be larger than the second tensor’s, allowing reads/writes outside bounds. This is a...

CVE-2020-15204

CVE-2020-15204 affects TensorFlow in eager mode where a missing session_state leads to a null pointer dereference in tf.raw_ops.GetSessionHandle/GetSessionHandleV2, causing a segmentation fault (denial of service). The issue is fixed in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1 and releases...

CVE-2020-15191

CVE-2020-15191 is a TensorFlow vulnerability affecting dlpack.to_dlpack. In TF versions prior to 2.2.1 and 2.3.1, passing an invalid argument to to_dlpack allows the code to bind references to null pointers due to improper status handling, leading to undefined behavior when compiled with -fsaniti...

CVE-2020-15195

TensorFlow vulnerability CVE-2020-15195: SparseFillEmptyRowsGrad uses a double indexing pattern where reverse_index_map(i) can reference grad_values out of bounds, causing a heap-based buffer overflow. Affected releases include 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1. A fix was committed (390611e0...

CVE-2020-15193

CVE-2020-15193 in TensorFlow arises from dlpack.to_dlpack handling where a non-tensor Python object can lead to uninitialized memory and memory corruption due to an improper reinterpret_cast in pybind11 glue code. The issue is fixed in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and released ...

CVE-2022-21727

CVE-2022-21727 : TensorFlow’s Dequantize shape inference is vulnerable to an integer overflow because the axis bound is not checked before computing axis+1. The fix is to be included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Remediation guidance across connected sources i...

CVE-2020-15192

CVE-2020-15192 affects TensorFlow and is a memory leak in the dlpack.to_dlpack path when a list of strings is passed. Root cause: the status argument used during validation failures isn’t checked, allowing a potentially failing status to be ignored and leading to memory leakage. Affected: TensorF...

CVE-2022-41900

TensorFlow CVE-2022-41900 affects FractionalMax(AVG)Pool due to an illegal pooling_ratio, potentially allowing access to heap memory and causing a crash or remote code execution. The issue has been patched in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48, with the fix scheduled for Tenso...

CVE-2022-23570

CVE-2022-23570 concerns TensorFlow, where decoding a tensor from protobuf may trigger a null-dereference when attributes of mutable arguments are missing. The issue is guarded by a DCHECK, which is a no-op in production and triggers an assertion in debug builds, potentially leading to a crash. Th...

CVE-2020-5215

CVE-2020-5215 affects TensorFlow before 1.15.2 and 2.0.1, where converting a Python string to tf.float16 in eager mode can trigger a segmentation fault. The issue arises because format checks for this use case exist only in graph mode, potentially enabling denial of service during inference/train...