Debian Tensorflow vulnerabilities

CVE-2023-25662 [HIGH] CVE-2023-25662: tensorflow - TensorFlow is an open source platform for machine learning. Versions prior to 2.... TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Scope: local forky: resolved sid: resolved

CVE-2023-25675 [HIGH] CVE-2023-25675: tensorflow - TensorFlow is an open source machine learning platform. When running versions pr... TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. Scope: local forky: resolved sid: resolved

CVE-2023-25665 [HIGH] CVE-2023-25665: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1. Scope: local forky: resolved sid: resolved

CVE-2023-25666 [HIGH] CVE-2023-25666: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Scope: local forky: resolved sid: resolved

CVE-2023-25660 [HIGH] CVE-2023-25660: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. Scope: local forky: resolved sid: resolved

CVE-2022-35966 [MEDIUM] CVE-2022-35966: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool... TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We wi

CVE-2022-23588 [MEDIUM] CVE-2022-23588: tensorflow - Tensorflow is an Open Source Machine Learning Framework. A malicious user can ca... Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in T

CVE-2022-41883 [MEDIUM] CVE-2022-41883: tensorflow - TensorFlow is an open source platform for machine learning. When ops that have s... TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and

CVE-2022-29194 [MEDIUM] CVE-2022-29194: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for th

CVE-2022-23578 [MEDIUM] CVE-2022-23578: tensorflow - Tensorflow is an Open Source Machine Learning Framework. If a graph node is inva... Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0.

CVE-2022-23561 [HIGH] CVE-2022-23561: tensorflow - Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a... Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.

CVE-2022-23593 [MEDIUM] CVE-2022-23593: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast`... Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the

CVE-2022-36018 [MEDIUM] CVE-2022-36018: tensorflow - TensorFlow is an open source platform for machine learning. If `RaggedTensorToVa... TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included

CVE-2022-23591 [HIGH] CVE-2022-23591: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format i... Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolvin

CVE-2022-35940 [MEDIUM] CVE-2022-35940: tensorflow - TensorFlow is an open source platform for machine learning. The `RaggedRangOp` f... TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We hav

CVE-2022-41890 [MEDIUM] CVE-2022-41890: tensorflow - TensorFlow is an open source platform for machine learning. If `BCast::ToShape` ... TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05

CVE-2022-35998 [MEDIUM] CVE-2022-35998: tensorflow - TensorFlow is an open source platform for machine learning. If `EmptyTensorList`... TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We wil

CVE-2022-23590 [MEDIUM] CVE-2022-23590: tensorflow - Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a Ten... Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8

CVE-2022-41888 [MEDIUM] CVE-2022-41888: tensorflow - TensorFlow is an open source platform for machine learning. When running on GPU,... TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on T

CVE-2022-41895 [MEDIUM] CVE-2022-41895: tensorflow - TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` i... TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow