Debian Tensorflow vulnerabilities

CVE-2021-41218 [MEDIUM] CVE-2021-41218: tensorflow - TensorFlow is an open source platform for machine learning. In affected versions... TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as th

CVE-2021-37685 [MEDIUM] CVE-2021-37685: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In affect... TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If `axis

CVE-2021-29581 [LOW] CVE-2021-29581: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. Due to la... TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7/tensorflow/core/kernels/ctc_decoder_ops.cc#L68-L79) fails

CVE-2021-37671 [HIGH] CVE-2021-37671: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In affect... TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernel

CVE-2021-29563 [LOW] CVE-2021-29563: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack... TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination. The fix will be included in TensorFlow 2.5.0. We will also cherr

CVE-2021-29569 [LOW] CVE-2021-29569: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. The imple... TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/ac328eaa3870491ababc147822cd04e91a790643/tensorflow/core/kernels/requ

CVE-2021-37684 [MEDIUM] CVE-2021-37684: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In affect... TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b34

CVE-2021-29610 [LOW] CVE-2021-29610: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. The valid... TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses `||` to mix two different

CVE-2021-41226 [HIGH] CVE-2021-41226: tensorflow - TensorFlow is an open source platform for machine learning. In affected versions... TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Tens

CVE-2021-41201 [HIGH] CVE-2021-41201: tensorflow - TensorFlow is an open source platform for machine learning. In affeced versions ... TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never

CVE-2021-41200 [MEDIUM] CVE-2021-41200: tensorflow - TensorFlow is an open source platform for machine learning. In affected versions... TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and s

CVE-2021-29547 [LOW] CVE-2021-29547: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack... TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernel

CVE-2021-29619 [LOW] CVE-2021-29619: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. Passing i... TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also

CVE-2021-35958 [CRITICAL] CVE-2021-35958: tensorflow - TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a cra... TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives Scope: local forky: resolved sid: resolved

CVE-2021-29555 [LOW] CVE-2021-29555: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack... TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.FusedBatchNorm`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/828f346274841fa7505f7020e88ca36c22e557ab/tensorflow/core/kernels/fused_batch_norm_op.cc#L295-L297) performs a divisi

CVE-2021-29596 [LOW] CVE-2021-29596: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. The imple... TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/e4b29809543b250bc9b19678ec4776299dd569ba/tensorflow/lite/kernels/embedding_lookup.cc#L73-L74). An attacker can craft a model such that the first di

CVE-2021-37652 [HIGH] CVE-2021-37652: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In affect... TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/c

CVE-2021-29518 [LOW] CVE-2021-29518: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In eager ... TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorf

CVE-2021-29549 [LOW] CVE-2021-29549: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack... TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add

CVE-2021-29618 [LOW] CVE-2021-29618: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. Passing a... TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are als