52 matches found
CVE-2022-21727
CVE-2022-21727 : TensorFlow’s Dequantize shape inference is vulnerable to an integer overflow because the axis bound is not checked before computing axis+1. The fix is to be included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Remediation guidance across connected sources i...
CVE-2022-23570
CVE-2022-23570 concerns TensorFlow, where decoding a tensor from protobuf may trigger a null-dereference when attributes of mutable arguments are missing. The issue is guarded by a DCHECK, which is a no-op in production and triggers an assertion in debug builds, potentially leading to a crash. Th...
CVE-2022-21740
CVE-2022-21740 concerns TensorFlow’s SparseCountSparseOutput, where the vulnerability is a heap-based overflow in that operation. The issue arises from improper bounds checking in the SparseCountSparseOutput path, enabling heap overflow and potential arbitrary-code execution on affected systems. ...
CVE-2022-23560
CVE-2022-23560 affects TensorFlow/TFLite: a vulnerability in converting sparse tensors to dense tensors allows limited reads/writes outside array bounds due to missing validation in sparsity_format_converter. The issue is addressed with the TensorFlow 2.8.0 fix, with cherry-picks to 2.7.1, 2.6.3,...
CVE-2022-23571
CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....
CVE-2022-23572
TensorFlow CVE-2022-23572 concerns a crash/denial of service caused by failure to specialize a type during shape inference. Root cause: DCHECK(ret.status()) is a no-op in production and asserts in debug builds, allowing execution to proceed to ValueOrDie with an error Status, causing an assertion...
CVE-2022-23557
TensorFlow/TFLite BiasAndClamp vulnerability: a crafted TFLite model can trigger a division by zero due to missing non-zero bias_size checks in BiasAndClamp. The issue affects TFLite in TensorFlow and will be fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2....
CVE-2022-21732
CVE-2022-21732 affects TensorFlow’s ThreadPoolHandle. The vulnerability stems from allowing an unbounded num_threads value (only checked to be non-negative), enabling memory exhaustion and a potential denial-of-service. A fix is available in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3 and...
CVE-2022-21734
TensorFlow CVE-2022-21734: The MapStage kernel is vulnerable to a CHECK-fail when the key tensor is non-scalar, potentially allowing a denial of service. The reported fix is included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected, supported releases. Recommend upgr...
CVE-2022-21735
TensorFlow vulnerability CVE-2022-21735 involves the FractionalMaxPool implementation where a division-by-zero can crash the TensorFlow process. The issue is documented across multiple sources, noting the root cause in FractionalMaxPool and that a patch fixes it in TensorFlow 2.8.0, with cherry-p...
CVE-2022-21741
TensorFlow’s CVE-2022-21741 affects TFLite depthwise convolutions where a division by zero can occur due to user-controlled convolution parameters and no positivity check before division. The issue enables a potential denial of service via crafted models. The fix is planned for TensorFlow 2.8.0, ...
CVE-2022-21739
TensorFlow’s QuantizedMaxPool has an undefined behavior that can trigger a reference binding to a null pointer when handling user-controlled inputs. The patch is planned for TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (still in supported range). Remediation: upgrade to TensorFl...
CVE-2022-23558
CVE-2022-23558 describes an integer overflow in TensorFlow’s TFLite path: TfLiteIntArrayCreate alloc_size is derived from TfLiteIntArrayGetSizeInBytes(size), which returns an int instead of a size_t, enabling an attacker-controlled input to overflow computed_size. Affected: TensorFlow/TFLite mode...
CVE-2022-23587
CVE-2022-23587 concerns TensorFlow, specifically the Grappler cost-estimator path. The vulnerability is an integer overflow in the cost estimation for crop and resize within Grappler, triggered by user-controlled cropping parameters, which can lead to undefined behavior. The patch is committed (c...
CVE-2022-23591
TensorFlow’s GraphDef format allows self-recursive functions, which can cause a stack overflow when loading a SavedModel. Multiple sources (CVE-2022-23591 and related OSV/GHSA entries) describe the underlying issue as a self-recursive function in GraphDef leading to unbounded resolution of NodeDe...
CVE-2022-23559
TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...
CVE-2022-23576
CVE-2022-23576 describes an integer overflow in TensorFlow’s OpLevelCostEstimator::CalculateOutputSize, triggered when computing the product of output_shape.dim() elements for large tensor sizes. The vulnerability could allow overflow of the computed output size, potentially impacting stability o...
CVE-2022-23583
TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...
CVE-2022-21728
CVE-2022-21728 affects TensorFlow: ReverseSequence shape-inference can yield a heap-based out-of-bounds read because batch_dim is checked for being too large but not for negative values. The mitigation path is a forthcoming fix in TensorFlow 2.8.0, with cherry-picks into 2.7.1, 2.6.3, and 2.5.3. ...
CVE-2022-23586
TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...
CVE-2022-23574
CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...
CVE-2022-23577
CVE-2022-23577 : TensorFlow contains a null-pointer dereference in GetInitOp that can crash. The issue is documented with a fix in TensorFlow 2.8.0 and cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected lines and patch are described in linked advisories (GitHub commit 4f38b1ac…, security advisorie...
CVE-2022-23579
CVE-2022-23579 affects TensorFlow: the Grappler optimizer can cause a denial of service by altering a SavedModel to trigger CHECK failures in SafeToRemoveIdentity. The issue is linked to the Grappler dependency optimizer logic and manifests as a DoS condition. The fix is planned for TensorFlow 2....
CVE-2022-23565
CVE-2022-23565 : TensorFlow contains a denial-of-service risk caused by an assertion failure when a SavedModel on disk has duplicated AttrDef entries for an operation. The issue’s root cause is described across connected sources as a SavedModel mismatch that can trigger a crash under certain on-d...
CVE-2022-21737
The CVE-2022-21737 issue affects TensorFlow’s bincount path. The vulnerability arises from the implementation of DenseBincount and related *Bincount operations, where certain input argument constraints are not fully enforced during shape inference or kernel execution, leading to CHECK failures du...
CVE-2022-23561
CVE-2022-23561 affects TensorFlow’s TFLite, enabling out-of-bounds writes by crafting a TFLite model that can corrupt the memory allocator’s linked list. This vulnerability allows an arbitrary write primitive under certain conditions as described in the CVE description. Affected details in connec...
CVE-2022-23562
TensorFlow vulnerability CVE-2022-23562 concerns the Range implementation: integer overflows in Range can cause undefined behavior or extremely large allocations. Public notes indicate a fix will be included in TensorFlow 2.8.0, with cherry-picks to affected supported releases (2.7.1, 2.6.3, 2.5....
CVE-2022-21725
TensorFlow CVE-2022-21725 describes a vulnerability in the cost estimator for some convolution operations where the stride is not properly validated, enabling a division-by-zero scenario. The issue is caused by the estimator failing to ensure the stride argument is strictly positive. The fix is t...
CVE-2022-23569
TensorFlow/CVE-2022-23569: Denial‑of‑service via CHECK‑fails (assertion failures) across multiple ops in TensorFlow/TFLite, caused by invalid tensor shapes and related checks. Root cause: assertion failures in core paths; fixes released as patches implemented in GitHub commits. Remediation: upgra...
CVE-2022-23567
CVE-2022-23567 concerns TensorFlow: integer overflows in SparseCwise ops can trigger large allocations (OOM) or CHECK failures during TensorShape construction due to missing input-shape validation. The vulnerability affects TensorFlow releases prior to the fixed version and is acknowledged with a...
CVE-2022-23563
TensorFlow (CVE-2022-23563) describes a TOCTOU race caused by tempfile.mktemp usage, where a temporary file could be created by another process between the check and the actual creation. Several connected sources confirm this insecure temporary-file pattern and note that the fix replaces mktemp w...
CVE-2022-23584
TensorFlow PNG decoding contains a use-after-free in png::CommonFreeDecode(&decode) where, after the call, decode.width and decode.height are in an unspecified state. This TF vulnerability (CVE-2022-23584) affects the TensorFlow PNG decode path and can lead to memory corruption or crashes when de...
CVE-2022-23564
CVE-2022-23564 (TensorFlow) : The issue is a denial-of-service in TensorFlow caused by an invalidated CHECK assertion when decoding a resource handle tensor from protobuf, triggered by user-controlled arguments. Affected: TensorFlow (TF) processes; root cause is an assertion failure path during r...
CVE-2022-23575
TensorFlow vulnerability CVE-2022-23575 arises from an integer overflow in OpLevelCostEstimator::CalculateTensorSize when processing an operation with a very large tensor. The issue affects TensorFlow and was mitigated by a patch in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 (...
CVE-2022-23582
CVE-2022-23582 affects TensorFlow: a malicious SavedModel can trigger a denial of service via TensorByteSize CHECK failures caused by shape handling in TensorShape/PartialTensorShape (shape partials or large element counts). Root cause is TensorShape throwing on partial/large shapes; PartialTenso...
CVE-2022-21731
Technical details are not publicly available in the provided Connected documents. The Initial Description mentions a TensorFlow shape-inference vulnerability but does not specify affected products/versions beyond general references. Monitor for updates and official advisories for precise impact a...
CVE-2022-23578
TensorFlow vulnerability CVE-2022-23578 describes a memory leak: if a graph node is invalid, ImmutableExecutorState::Initialize can leak the previously allocated memory when item->kernel is reset to nullptr. The issue affects TensorFlow; the fix is planned for TensorFlow 2.8.0, with cherry-pic...
CVE-2022-21729
The vulnerability CVE-2022-21729 affects TensorFlow: the UnravelIndex implementation is vulnerable to a division-by-zero caused by an integer overflow in the unravel_index_op. The issue is addressed with a fix in TensorFlow 2.8.0, with cherry-picks to older supported releases TensorFlow 2.7.1, 2....
CVE-2022-21738
TensorFlow CVE-2022-21738 describes an integer overflow in SparseCountSparseOutput (kernels/count_ops.cc) that can crash a TensorFlow process when its result is used for memory allocation. The vulnerability affects TensorFlow releases including 2.5.3, 2.6.3, and 2.7.1, with a fix planned for Tens...
CVE-2022-23585
CVE-2022-23585 refers to a memory-leak vulnerability in TensorFlow's PNG decoding path. After calling png::CommonInitDecode(..., &decode), allocated buffers may remain if an error path triggers OP_REQUIRES, and are not freed before function termination, creating a potential leak. The issue affect...
CVE-2022-23595
TensorFlow (CVE-2022-23595) is a vulnerability caused by a null pointer dereference when building the XLA compilation cache under default settings, where flr->config_proto may be nullptr. The issue affects TensorFlow releases up to 2.8.0, with cherry-picks planned for 2.7.1, 2.6.3, and 2.5.3. ...
CVE-2022-21730
Summary: CVE-2022-21730 describes an out-of-bounds read in TensorFlow’s FractionalAvgPoolGrad due to invalid input handling. This affects TensorFlow releases prior to the fixed patch and is resolved by the fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Affected component: ...
CVE-2022-21726
TensorFlow CVE-2022-21726 affects the Dequantize path, where axis validation is insufficient and can cause heap-out-of-bounds reads. The issue arises when axis is -1 (default) or any large positive value not checked against input dimensions, reading past the dimensions array. A fix is planned for...
CVE-2022-21733
TensorFlow StringNGrams vulnerability CVE-2022-21733 causes memory exhaustion (OOM) due to missing validation of pad_width, which can result in a negative ngram_width used during output allocation. Affects TensorFlow/StringNGrams path in multiple TF versions; remediation is to upgrade to TensorFl...
CVE-2022-23588
CVE-2022-23588 affects TensorFlow: a malicious SavedModel can trigger Grappler optimizer to build a tensor using a reference dtype, causing a crash via a CHECK-fail in the Tensor constructor. The issue is fixed in TensorFlow 2.8.0; commits are cherry-picked to 2.7.1, 2.6.3, and 2.5.3 for affected...
CVE-2022-23568
CVE-2022-23568 describes an integer overflow in TensorFlow’s AddManySparseToTensorsMap, causing a CHECK-fail when constructingTensorShape objects. The issue arises from insufficient validation of input tensor shapes and constructing large TensorShape with user-provided dimensions, enabling a deni...
CVE-2022-23589
CVE-2022-23589 affects the Grappler component of TensorFlow. The vulnerability is a null pointer dereference that can occur during constant folding when SavedModel nodes are missing, and similarly in IsIdentityConsumingSwitch. The fix is in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and...
CVE-2022-21736
TensorFlow CVE-2022-21736: Undefined behavior in SparseTensorSliceDataset can dereference a nullptr under certain preconditions for sparse-tensor arguments. Affected in TensorFlow 2.5.x–2.7.x and fixed in 2.8.0; commits patch this behavior and are cherry-picked to 2.7.1, 2.6.3, and 2.5.3. Remedia...
CVE-2022-23566
CVE-2022-23566 describes a heap out-of-bounds write in TensorFlow Grappler caused by the set_output function writing to an array at a specified index, enabling a potential write primitive. The issue is fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2.5.3 (th...
CVE-2022-23573
TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...