Search for packages
| purl | pkg:pypi/tensorflow-gpu@2.7.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-162b-e4ey-kfb6
Aliases: CVE-2022-41902 GHSA-cg88-rpvp-cjv5 GMS-2022-6995 GMS-2022-7003 GMS-2022-7011 |
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-18pt-kr33-2yer
Aliases: CVE-2023-25672 GHSA-94mm-g2mv-8p7r |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-1g5k-pk73-xuag
Aliases: CVE-2023-25665 GHSA-558h-mq8x-7q9g |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-3f8t-3shh-4yd3
Aliases: CVE-2023-33976 GHSA-gjh7-xx4r-x345 |
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12. |
Affected by 0 other vulnerabilities. |
|
VCID-43qh-mkdk-8qdg
Aliases: CVE-2022-41886 GHSA-54pp-c6pp-7fpx |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-5gxh-jraz-qqgt
Aliases: CVE-2022-41901 GHSA-g9fm-r5mm-rf9f |
`CHECK_EQ` fail via input in `SparseMatrixNNZ` |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-6d3g-yrc1-skgp
Aliases: CVE-2022-41891 GHSA-66vq-54fq-6jvv |
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-6d4y-v122-pffp
Aliases: CVE-2023-25669 GHSA-rcf8-g8jv-vg6p |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-6ujk-5hn7-g7dj
Aliases: CVE-2023-25801 GHSA-f49c-87jh-g47q |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-8mbh-74v8-57bn
Aliases: CVE-2022-41889 GHSA-xxcj-rhqg-m46g |
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-aq4b-cxh4-pqgy
Aliases: CVE-2023-25658 GHSA-68v3-g9cm-rmm6 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-cp1r-46ub-8yg8
Aliases: CVE-2023-25660 GHSA-qjqc-vqcf-5qvj |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-cs1n-e4ng-wbhu
Aliases: CVE-2022-41908 GHSA-mv77-9g28-cwg3 |
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-css2-4pa4-87gx
Aliases: CVE-2023-25663 GHSA-64jg-wjww-7c5w |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-egjs-r2ed-hbfe
Aliases: CVE-2022-41910 GHSA-frqp-wp83-qggv GMS-2022-6997 GMS-2022-7005 GMS-2022-7013 |
Heap overflow in `QuantizeAndDequantizeV2` |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-esen-w1rc-73du
Aliases: CVE-2023-25674 GHSA-gf97-q72m-7579 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-f186-75wf-3bd5
Aliases: CVE-2023-25664 GHSA-6hg6-5c2q-7rcr |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-f522-fb48-b3gc
Aliases: CVE-2022-41888 GHSA-6x99-gv2v-q76v |
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-fujj-xc7u-ducv
Aliases: CVE-2023-25673 GHSA-647v-r7qq-24fh |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-gkxw-ufq4-2ffz
Aliases: CVE-2022-41896 GHSA-rmg2-f698-wq35 |
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-hp3e-kt3d-ykfr
Aliases: CVE-2023-25670 GHSA-49rq-hwc3-x77w |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-j4sc-7ycd-vkc4
Aliases: CVE-2022-41900 GHSA-xvwp-h6jv-7472 |
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-jc4n-4jfy-x7ez
Aliases: CVE-2023-25668 GHSA-gw97-ff7c-9v96 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-jgys-5pnb-tkfk
Aliases: GHSA-cqvq-fvhr-v6hc GMS-2022-6996 GMS-2022-7004 GMS-2022-7012 |
`CHECK` failure in `SobolSample` via missing validation |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-jhgz-re77-hkf5
Aliases: CVE-2022-41884 GHSA-jq6x-99hj-q636 |
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-mjz8-5aee-8bhn
Aliases: CVE-2023-25662 GHSA-7jvm-xxmr-v5cw |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-mqxw-a8qv-mbee
Aliases: BIT-tensorflow-2022-23593 CVE-2022-23593 GHSA-gwcx-jrx4-92w2 PYSEC-2022-102 PYSEC-2022-157 |
Segfault in `simplifyBroadcast` in Tensorflow |
Affected by 126 other vulnerabilities. |
|
VCID-n8np-2f5x-abd4
Aliases: GHSA-xf83-q765-xm6m GMS-2022-7001 GMS-2022-7009 GMS-2022-7017 |
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-p36a-eb5k-rqgu
Aliases: CVE-2023-25667 GHSA-fqm2-gh8w-gr68 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-pr47-unnv-d7a9
Aliases: CVE-2023-27579 GHSA-5w96-866f-6rm8 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-r7qz-zsk3-sqaq
Aliases: CVE-2022-41911 GHSA-pf36-r9c6-h97j |
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-se4m-gfvh-sbds
Aliases: CVE-2022-41890 GHSA-h246-cgh4-7475 |
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-skd4-mkp3-ukef
Aliases: CVE-2022-41880 GHSA-8w5g-3wcv-9g2j |
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-tn91-effk-ukcs
Aliases: CVE-2022-41898 GHSA-hq7g-wwwp-q46h |
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-unkw-ckgc-yqgv
Aliases: CVE-2022-41897 GHSA-f2w8-jw48-fr7j |
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-v1bb-9jk5-9kfw
Aliases: CVE-2023-25675 GHSA-7x4v-9gxg-9hwj |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-ve91-saat-hkeb
Aliases: CVE-2023-25666 GHSA-f637-vh3r-vfh2 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-x2kn-8qsj-pbcs
Aliases: CVE-2022-41909 GHSA-rjx6-v474-2ch9 |
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-xcqn-waa9-bkc3
Aliases: CVE-2022-41907 GHSA-368v-7v32-52fx |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-xcst-tzxn-zfhm
Aliases: CVE-2023-25676 GHSA-6wfh-89q8-44jq |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-xdz6-dgwj-sbgz
Aliases: CVE-2022-41893 GHSA-67pf-62xr-q35m |
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-yj7a-18fe-myhb
Aliases: CVE-2022-41887 GHSA-8fvv-46hw-vpg3 |
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. |
Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-yjzz-juse-wydc
Aliases: CVE-2022-41899 GHSA-27rc-728f-x5w2 |
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-zbsj-e2vm-rfbe
Aliases: CVE-2022-41885 GHSA-762h-vpvw-3rcx |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. |
Affected by 46 other vulnerabilities. Affected by 44 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-zg4x-t8ft-x3fh
Aliases: CVE-2022-41895 GHSA-gq2j-cr96-gvqx |
`MirrorPadGrad` heap out of bounds read |
Affected by 21 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-zpxn-zz7d-k7d5
Aliases: CVE-2023-25659 GHSA-93vr-9q9m-pj8p |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-ztrg-nfqg-r3bf
Aliases: BIT-tensorflow-2022-23592 CVE-2022-23592 GHSA-vq36-27g6-p492 PYSEC-2022-101 PYSEC-2022-156 |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
Affected by 126 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-26bq-kxgk-zba5 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29201
GHSA-pqhm-4wvf-2jg8 |
| VCID-2bhy-rya4-g3ag | TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36026
GHSA-9cr2-8pwr-fhfq |
| VCID-2gju-dx21-gban | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29197
GHSA-hrg5-737c-2p56 |
| VCID-2yfm-qasv-d7cm | TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35959
GHSA-wxjj-cgcx-r3vq |
| VCID-35b9-hd8e-y3g9 | TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35934
GHSA-f4w6-h4f5-wx45 |
| VCID-3cnr-w5u6-fkf3 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29194
GHSA-h5g4-ppwx-48q2 |
| VCID-3kpb-9uen-27he | TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` |
CVE-2022-35991
GHSA-vm7x-4qhj-rrcq |
| VCID-3mne-q3yp-g7eg | TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35965
GHSA-qxpx-j395-pw36 |
| VCID-3muc-6x8b-kfb7 | TensorFlow vulnerable to floating point exception in `Conv2D` |
CVE-2022-35996
GHSA-q5jv-m6qw-5g37 |
| VCID-3p9b-eym8-jkfp | TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35963
GHSA-84jm-4cf3-9jfm |
| VCID-3q2y-wpjf-5fe4 | TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35988
GHSA-9vqj-64pv-w55c |
| VCID-44xr-jrtj-7kf9 | TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35939
GHSA-ffjm-4qwc-7cmf |
| VCID-4r56-jkdr-6bg5 | TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35985
GHSA-9942-r22v-78cp |
| VCID-4ugk-p8g3-wudu | TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35983
GHSA-m6vp-8q9j-whx4 |
| VCID-4y1h-6kgt-s7eq | TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35967
GHSA-v6h3-348g-6h5x |
| VCID-4yvv-9g6x-efgz | TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36019
GHSA-9j4v-pp28-mxv7 |
| VCID-6bnz-371j-guax | TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2` |
CVE-2022-35995
GHSA-g9h5-vr8m-x2h4 |
| VCID-774w-x7x9-8kdb | TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` |
CVE-2022-36005
GHSA-r26c-679w-mrjm |
| VCID-7jnw-mvw8-qbcw | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29213
GHSA-5889-7v45-q28m |
| VCID-7wvn-8q7d-rygt | TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35968
GHSA-2475-53vw-vp25 |
| VCID-7yn3-qktg-17fv | TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` |
CVE-2022-36013
GHSA-828c-5j5q-vrjq |
| VCID-86qh-ufqm-subt | TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35952
GHSA-h5vq-gw2c-pq47 |
| VCID-89g9-7u28-s3hw | TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross` |
CVE-2022-35997
GHSA-p7hr-f446-x6qf |
| VCID-8h18-74sq-9uf1 | `CHECK` failure in depthwise ops via overflows |
GHSA-mw6j-hh29-h379
GMS-2022-1528 GMS-2022-1532 GMS-2022-1536 |
| VCID-8kp4-8t2v-rkfn | TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35974
GHSA-vgvh-2pf4-jr2x |
| VCID-8sbz-f5av-gkgh | TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35982
GHSA-397c-5g2j-qxpv |
| VCID-8w84-59y3-6qgd | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29199
GHSA-p9rc-rmr5-529j |
| VCID-8ygv-ub5q-tug5 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29203
GHSA-jjm6-4vf7-cjh4 |
| VCID-93t7-y91d-2fds | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29196
GHSA-5v77-j66x-4c4g |
| VCID-9egf-vt4b-mkfe | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29202
GHSA-cwpm-f78v-7m5c |
| VCID-9f7c-q4z8-akd7 | TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2` |
CVE-2022-36003
GHSA-cv2p-32v3-vhwq |
| VCID-bd7h-dc5y-ybhx | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29204
GHSA-hx9q-2mx4-m4pg |
| VCID-bgms-c956-q3cv | TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35940
GHSA-x989-q2pq-4q5x |
| VCID-byq1-27p3-m7fq | TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35973
GHSA-689c-r7h2-fv9v |
| VCID-cuak-225n-4fc5 | TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36015
GHSA-rh87-q4vg-m45j |
| VCID-cy8p-kwfp-dfdz | TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35981
GHSA-vxv8-r8q2-63xw |
| VCID-dgzu-rtcf-sfdc | TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36017
GHSA-wqmc-pm8c-2jhc |
| VCID-f3tp-9q7p-7ycd | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29208
GHSA-2r2f-g8mw-9gvr |
| VCID-gdrm-e3tn-z3hk | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29192
GHSA-h2wq-prv9-2f56 |
| VCID-hs24-1u1m-7qbh | TensorFlow vulnerable to `CHECK` fail in `Unbatch` |
CVE-2022-36002
GHSA-mh3m-62v7-68xg |
| VCID-j5b6-r9b1-17a6 | TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue. |
CVE-2022-35941
GHSA-mgmh-g2v6-mqw5 |
| VCID-jb5e-3br8-nyau | TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue. |
CVE-2022-35990
GHSA-h7ff-cfc9-wmmh |
| VCID-jg52-1he8-muhq | TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35999
GHSA-37jf-mjv6-xfqw |
| VCID-jw7z-91u8-23b4 | TensorFlow vulnerable to `CHECK` fail in `CollectiveGather` |
CVE-2022-35994
GHSA-fhfc-2q7x-929f |
| VCID-jwbd-47ef-xqa1 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29209
GHSA-f4rr-5m7v-wxcw |
| VCID-k3fc-akkc-eyce | TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35984
GHSA-p2xf-8hgm-hpw5 |
| VCID-k47c-gnm9-xugu | TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35966
GHSA-4w68-4x85-mjj9 |
| VCID-kmfz-a4y6-5fc8 | TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35937
GHSA-pxrw-j2fv-hx3h |
| VCID-kzzh-afnu-dqef | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. |
CVE-2022-29216
GHSA-75c9-jrh4-79mc |
| VCID-mhv5-aphc-cfhn | TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35969
GHSA-q2c3-jpmc-gfjx |
| VCID-nktb-w1uc-zygy | TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36016
GHSA-g468-qj8g-vcjc |
| VCID-pdfh-953s-skhm | TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35970
GHSA-g35r-369w-3fqp |
| VCID-pgc2-gukr-r3dg | TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr` |
CVE-2022-36014
GHSA-7j3m-8g3c-9qqq |
| VCID-pmvu-stzf-eqet | TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35979
GHSA-v7vw-577f-vp8x |
| VCID-q17s-hqkj-kkht | TensorFlow vulnerable to null dereference on MLIR on empty function attributes |
CVE-2022-36000
GHSA-fqxc-pvf8-2w9v |
| VCID-r9t6-8fdd-hbab | TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35972
GHSA-4pc4-m9mj-v2r9 |
| VCID-rasj-1k6m-1yce | TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35989
GHSA-j43h-pgmg-5hjq |
| VCID-ryrd-4pn5-4ugh | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29205
GHSA-54ch-gjq5-4976 |
| VCID-swe6-wcg7-5bgw | TensorFlow vulnerable to `CHECK` fail in `SetSize` |
CVE-2022-35993
GHSA-wq6q-6m32-9rv9 |
| VCID-szqg-mqkc-eqa7 | TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35960
GHSA-v5xg-3q2c-c2r4 |
| VCID-t5p3-jcbx-hfg7 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29211
GHSA-xrp2-fhq4-4q3w |
| VCID-t8ye-2bn9-qkg1 | TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36001
GHSA-jqm7-m5q7-3hm5 |
| VCID-tyjm-zqv9-gbft | TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35987
GHSA-w62h-8xjm-fv49 |
| VCID-udh3-v17y-63c4 | TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35964
GHSA-f7r5-q7cx-h668 |
| VCID-v2r1-wbmd-d7a1 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29198
GHSA-mg66-qvc5-rm93 |
| VCID-vg3v-hjcr-uqc9 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29193
GHSA-2p9q-h29j-3f5v |
| VCID-vsep-b318-4ffr | TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma` |
CVE-2022-36004
GHSA-mv8m-8x97-937q |
| VCID-vw5d-2grk-fufy | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29200
GHSA-2vv3-56qg-g2cf |
| VCID-w4fy-epnu-5qhr | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29195
GHSA-h48f-q7rw-hvr7 |
| VCID-w66u-chbb-j3dr | TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36027
GHSA-79h2-q768-fpxr |
| VCID-w9te-1qez-xkbc | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29206
GHSA-rc9w-5c64-9vqq |
| VCID-wbyv-qzpx-ebfk | TensorFlow vulnerable to null dereference on MLIR on empty function attributes |
CVE-2022-36011
GHSA-fv43-93gv-vm8f |
| VCID-wxuj-p9gb-hucm | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29212
GHSA-8wwm-6264-x792 |
| VCID-x9d4-r747-pugg | TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35971
GHSA-9fpg-838v-wpv7 |
| VCID-xcqv-4f46-zuhf | TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-35935
GHSA-97p7-w86h-vcf9 |
| VCID-xnxz-krts-vufk | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29207
GHSA-5wpj-c6f7-24x8 |
| VCID-y2yd-5v7s-gqeg | TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
CVE-2022-36018
GHSA-m6cv-4fmf-66xf |
| VCID-yxby-zjey-suga | TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor` |
CVE-2022-35992
GHSA-9v8w-xmr4-wgxp |
| VCID-z8s1-q6s7-13ev | TensorFlow vulnerable to assertion fail on MLIR empty edge names |
CVE-2022-36012
GHSA-jvhc-5hhr-w3v5 |
| VCID-zhts-sben-buf6 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
CVE-2022-29191
GHSA-fv25-wrff-wf86 |