431 matches found
CVE-2021-37639
TensorFlow has a local, impactful vulnerability CVE-2021-37639 where restoring tensors via raw APIs can dereference a null pointer or read outside the heap bounds when tensor_name is not provided. The root cause is reading the tensor list from user-controlled input without validating its length, ...
CVE-2021-37685
CVE-2021-37685 affects TensorFlow’s TFLite expand_dims.cc, where a large negative axis can bypass the post-branch check and cause a read one element before the start of input_dims.data (heap OOB). The issue has been patched in commit d94ffe08a65400f898241c0374e9edc6fa8ed257, with the fix slated f...
CVE-2021-41227
TensorFlow CVE-2021-41227 concerns the ImmutableConst operation, which in affected versions can read arbitrary memory due to the tstring class having a special case for memory-mapped strings while the operation does not handle this datatype. The issue is rooted in the mismatch between memory-mapp...
CVE-2022-35971
CVE-2022-35971 affects TensorFlow: a denial-of-service risk when FakeQuantWithMinMaxVars receives min/max tensors of nonzero rank, causing a CHECK failure. Root cause: input validation in FakeQuantWithMinMaxVars leads to DoS. Known impact: remote attacker could trigger DoS via this path; exploita...
CVE-2022-35987
TensorFlow vulnerability CVE-2022-35987 affects DenseBincount: if weights shape does not match input (or is not length-0), a CHECK failure can be triggered, potentially allowing a denial-of-service. The issue is mitigated by applying the patch from commit bf4c14353c2328636a18bfad1e151052c81d5f43,...
CVE-2022-36013
TensorFlow CVE-2022-36013 describes a null-dereference crash in mlir::tfg::GraphDefImporter::ConvertNodeDef when converting NodeDefs without an op name. A fix is present in commit a0f0b9a21c9270930457095092f558fbad4c03e5 and will be included in TensorFlow 2.10.0; the patch will also beCherry-pick...
CVE-2022-36019
CVE-2022-36019 affects TensorFlow: a CHECK failure in FakeQuantWithMinMaxVarsPerChannel when min/max tensors are not rank-1 can trigger a denial of service. Patched in commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0; fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1, and 2.7.2. ...
CVE-2020-15214
CVE-2020-15214 affects TensorFlow Lite prior to 2.2.1 and 2.3.1. A write-out-of-bounds can occur when segment IDs are not sorted in segment_sum, due to memory allocation based on the last segment-id element, causing segmentation faults and potential memory corruption. The issue is patched in comm...
CVE-2021-29561
CVE-2021-29561 (TensorFlow) describes a denial-of-service via a CHECK-fail in LoadAndRemapMatrix caused by assuming ckpt_path is a valid scalar; attackers can send a non-scalar tensor as the first argument. Connected docs confirm the same issue and note fixes will be applied in TensorFlow 2.5.0 w...
CVE-2021-29593
The CVE-2021-29593 entry maps to a vulnerability in TensorFlow: the BatchToSpaceNd TFLite operator can trigger a division-by-zero when a model sets one dimension of the block input to 0, producing an unsafe block_shape value. Public documents corroborate this behavior and describe patches: the fi...
CVE-2021-29611
TensorFlow vulnerability CVE-2021-29611: In SparseReshape, input validation is incomplete, allowing a denial-of-service via a CHECK failure. The issue affects multiple TF releases (notably the 2.3.3, 2.4.2 and 2.5.0 lines are mentioned for fixes/patches). The patch is referenced as commit 1d04d7d...
CVE-2021-29613
CVE-2021-29613 covers TensorFlow CTCLoss: the vulnerability is caused by incomplete validation in tf.raw_ops.CTCLoss that can trigger an out-of-bounds read from the heap (and related heap buffer overflow/null-pointer dereference conditions) as described in multiple sources. Affected: TensorFlow r...
CVE-2021-37640
CVE-2021-37640 affects TensorFlow and relates to the SparseReshape path. The issue arises when tf.raw_ops.SparseReshape can trigger a division by zero due to the reshape functor not validating that both input and target shapes have a non-zero element count. This can lead to an integral division b...
CVE-2021-37681
CVE-2021-37681 affects TensorFlow (SVDF in TFLite); root cause is a potential null dereference where GetVariableInput can return nullptr and GetTensorData assumes a valid tensor. A fix was committed (5b048e87e4e55990dae6b547add4dae59f4e1c76) and will be included in TensorFlow 2.6.0, with cherry-p...
CVE-2021-41204
CVE-2021-41204 concerns TensorFlow. In affected builds, during Grappler optimizer constant folding, a deep copy of a resource tensor may be attempted, causing a segfault because such tensors should not change. The issue is addressed with a fix in TensorFlow 2.7.0, and a cherry-pick was applied to...
CVE-2022-21736
TensorFlow CVE-2022-21736: Undefined behavior in SparseTensorSliceDataset can dereference a nullptr under certain preconditions for sparse-tensor arguments. Affected in TensorFlow 2.5.x–2.7.x and fixed in 2.8.0; commits patch this behavior and are cherry-picked to 2.7.1, 2.6.3, and 2.5.3. Remedia...
CVE-2022-23566
CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...
CVE-2022-23588
CVE-2022-23588 affects TensorFlow: a malicious SavedModel can trigger Grappler optimizer to build a tensor using a reference dtype, causing a crash via a CHECK-fail in the Tensor constructor. The issue is fixed in TensorFlow 2.8.0; commits are cherry-picked to 2.7.1, 2.6.3, and 2.5.3 for affected...
CVE-2022-35960
CVE-2022-35960 relates to TensorFlow’s TensorListReserve check in core/kernels/list_kernels.cc. The issue occurs when num_elements is a tensor larger than size 1, causing a failed CHECK_EQ in CheckIsAlignedAndSingleElement and potentially denial of service. The documented fix is committed (b5f6fb...
CVE-2022-41880
TensorFlow CVE-2022-41880 describes a heap-based out-of-bounds read in BaseCandidateSamplerOp when true_classes contains a value greater than range_max. A patch was committed (b389f5c944cadfdfe599b3f1e4026e036f30d2d4) and the fix is scheduled for TensorFlow 2.11, with cherry-picks to 2.10.1, 2.9....
CVE-2020-15212
CVE-2020-15212 affects TensorFlow Lite: models using segment_sum can trigger writes outside heap buffers when negative segment_ids are present, allowing out-of-bounds writes and potential memory corruption. The issue is fixed in TensorFlow 2.2.1 and 2.3.1 (commit 204945b19e44b57906c9344c0d00120ee...
CVE-2021-29571
TensorFlow DrawBoundingBoxesV2 memory corruption issue (CVE-2021-29571) arises when the last dimension of boxes is
CVE-2021-29594
This CVE refers to TensorFlow/TFLite: the convolution code in TFLite may perform divisions where the divisor is user-controlled and not checked for zero, risking abnormal behavior or a crash. The root cause is division by zero in the TFLite convolution path (conv.cc). The issue is mitigated by a ...
CVE-2021-29609
TensorFlow SparseAdd (CVE-2021-29609) has incomplete validation for sparse tensor inputs, allowing invalid tensor triples to slip through valid code paths. The vulnerability arises from not validating that inputs are non-empty and that the second dimension of *_indices matches the corresponding *...
CVE-2021-37643
CVE-2021-37643 affects TensorFlow’s MatrixDiagPartOp. The issue arises when a user does not supply a valid padding value, causing a NULL pointer dereference (if input is empty) or invalid behavior that ignores subsequent values. The root cause is reading the first value from a tensor buffer witho...
CVE-2021-37676
TensorFlow CVE-2021-37676 involves a vulnerability in SparseFillEmptyRows where the shape-inference code can bind a null pointer, causing undefined behavior. The issue has been patched in a GitHub commit and the fix is scheduled for TensorFlow 2.6.0, with cherry-picks to 2.5.1, 2.4.3, and 2.3.4 (...
CVE-2021-37683
TensorFlow (TFLite division) vulnerability (CVE-2021-37683): In affected builds, division in TFLite can produce a division-by-zero error because there is no check that the divisor tensor contains zero. The issue was addressed in commit 1e206baedf8bef0334cca3eb92bab134ef525a28 and the fix is plann...
CVE-2021-41207
TensorFlow ParallelConcat vulnerability (CVE-2021-41207) arises from insufficient input validation in the ParallelConcat implementation, which can lead to a division by zero in affected TensorFlow versions. The issue affects multiple releases and is slated to be fixed in TensorFlow 2.7.0; Sony ch...
CVE-2022-35952
TensorFlow CVE-2022-35952 concerns the UnbatchGradOp: passing a non-scalar id or an incorrect batch_index can trigger CHECK failures, crashing the program. The issue affects UnbatchGrad in TensorFlow and is resolved by a patch in commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2, with the fix plann...
CVE-2023-25661
CVE-2023-25661: TensorFlow denial-of-service due to improper input validation in Convolution3DTranspose. A crafted input can crash the model in versions before 2.11.1 (PoC demonstrated via Convolution3DTranspose). The issue has been patched; upgrade to TensorFlow 2.11.1 or later. IBM advisories (...
CVE-2020-15198
CVE-2020-15198 affects TensorFlow up to 2.3.0: SparseCountSparseOutput may access heap buffers out of bounds due to missing validation that indices and values shapes match in a sparse tensor. This root cause enables a heap buffer overflow in pre-2.3.1 builds. A fix was committed (3cbb917b47147660...
CVE-2021-29522
TensorFlow CVE-2021-29522 concerns division-by-zero in Conv3DBackprop* paths. Multiple connected sources (NVD entry, OSV advisories, GHSA advisory, CNVD entry, BIT-TENSORFLOW OSV) show that tf.raw_ops.Conv3DBackpropInputV2/Conv3DBackpropFilterV2 may fail to validate non-empty inputs, leading to a...
CVE-2021-29572
TensorFlow CVE-2021-29572 is a null pointer dereference in tf.raw_ops.SdcaOptimizer caused by insufficient input validation. Connected sources confirm the issue affects TensorFlow 2.1.4 and other supported releases, with a patch planned in TensorFlow 2.5.0 and back-ported to 2.4.2, 2.3.3, 2.2.3, ...
CVE-2021-29599
TensorFlow: Split TFLite operator vulnerability due to division by zero when num_splits == 0. The issue affects the Split path in TensorFlow’s TFLite kernels; an attacker could craft a model triggering the fault. The fix is scheduled for TensorFlow 2.5.0, with cherry-picks to TF 2.4.2, 2.3.3, 2.2...
CVE-2021-37677
CVE-2021-37677 describes a vulnerability in TensorFlow where the shape inference for tf.raw_ops.Dequantize can segfault and cause a denial of service if invalid arguments are provided. The root cause is missing validation of the axis value used to compute minmax_rank in the shape inference code. ...
CVE-2021-37682
CVE-2021-37682 concerns TensorFlow/TFLite quantization paths where quantization.params may be used without validating quantization.type, allowing potential use of uninitialized values in affected TFLite operations. Connected sources confirm the root cause (missing checks in depthwise conv quantiz...
CVE-2021-41222
TensorFlow SplitV vulnerability (CVE-2021-41222) causes a segmentation fault when size_splits contains more than one value and at least one value is negative. Affected TensorFlow versions include those in the 2.x series referenced for backporting fixes; the issue is resolved by the TensorFlow 2.7...
CVE-2021-41225
CVE-2021-41225 affects TensorFlow’s Grappler optimizer: if train_nodes lacks a Dequeue node, dequeue_node remains uninitialized due to an uninitialized variable in the Grappler code. The documented fix is included in TensorFlow 2.7.0, with cherry-picks for 2.6.1, 2.5.2, and 2.4.4 (still in suppor...
CVE-2022-21733
TensorFlow StringNGrams vulnerability CVE-2022-21733 causes memory exhaustion (OOM) due to missing validation of pad_width, which can result in a negative ngram_width used during output allocation. Affects TensorFlow/StringNGrams path in multiple TF versions; remediation is to upgrade to TensorFl...
CVE-2022-41893
CVE-2022-41893 affects TensorFlow where calling tf.raw_ops.TensorListResize with a nonscalar input for size triggers a CHECK failure, enabling a denial of service as described in the advisory. The root cause is a validation flaw in TensorListResize; a fix was committed (GitHub commit 888e34b49009...
CVE-2018-7575
CVE-2018-7575 affects Google TensorFlow 1.7.x and earlier. Connected sources describe a buffer/integer overflow in parsing a malicious meta checkpoint: the block size in a meta file may contain a large int64 value, causing an overflow when added and potentially leading to an out-of-bounds read in...
CVE-2021-29551
TensorFlow CVE-2021-29551 relates to MatrixTriangularSolve: the kernel failed to terminate when input validation fails, enabling a potential heap OOB read with crafted tensors. The issue is tied to OP_REQUIRES paths not aborting before using inputs, leading to invalid data usage in bcast construc...
CVE-2021-37652
TensorFlow Bug: BoostedTreesCreateEnsemble uses a reference-counted resource that was refactored to a smart pointer; when initialization fails, a later scope exit frees the resource even if its refcount is 0, causing a use-after-free. A patch (commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab) fixe...
CVE-2021-37654
CVE-2021-37654 (TensorFlow) is tied to a Heap OOB read and a CHECK-fail in tf.raw_ops.ResourceGather when batch_dims can exceed the input rank. The issue stems from not validating batch_dims, causing out-of-bounds reads via multiple loops over tensor dimensions. A patch was committed (bc9c546ce70...
CVE-2021-37656
TensorFlow CVE-2021-37656 affects RaggedTensorToSparse, caused by incomplete validation of splits values which can bind a reference to a null pointer, leading to undefined behavior. The issue is addressed by a patch in the cited commit and will be included in TensorFlow 2.6.0, with backports to 2...
CVE-2021-37660
CVE-2021-37660 describes a division-by-zero flaw in TensorFlow’s inplace operations due to a logic error in inplace_ops.cc. The faulty condition uses || instead of &&, allowing a floating-point exception when crafted inputs are provided. The issue has been patched in the GitHub commit e86605c0a33...
CVE-2021-41213
TensorFlow vulnerability CVE-2021-41213 involves deadlock in mutually recursive tf.function objects caused by a non-reentrant Lock. Affected: TensorFlow releases with tf.function recursion support. Impact: potential denial of service by loading models containing mutually recursive tf.function fun...
CVE-2022-23573
TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...
CVE-2022-35985
CVE-2022-35985: In TensorFlow, LRNGrad raises a denial-of-service risk when output_image is not 4-D, triggering a CHECK failure. The issue was patched in commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255 and the fix is planned for TensorFlow 2.10.0, with cherry-picks on TF 2.9.1, 2.8.1, and 2.7.2 (...
CVE-2022-36016
TensorFlow CVE-2022-36016: A CHECK failure in tensorflow::full_type::SubstituteFromAttrs triggers when FullTypeDef& t has not exactly three args. This can cause a denial-of-service-like impact via a crash. A patch is committed (6104f0d4091c260ce9352f9155f7e9b725eab012) and will be included in Ten...