Debian Tensorflow vulnerabilities

CVE-2022-41902 [HIGH] CVE-2022-41902: tensorflow - TensorFlow is an open source platform for machine learning. The function MakeGra... TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f735

CVE-2022-29212 [MEDIUM] CVE-2022-29212: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Th

CVE-2022-36001 [MEDIUM] CVE-2022-36001: tensorflow - TensorFlow is an open source platform for machine learning. When `DrawBoundingBo... TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypi

CVE-2022-41880 [MEDIUM] CVE-2022-41880: tensorflow - TensorFlow is an open source platform for machine learning. When the `BaseCandid... TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorF

CVE-2022-35983 [MEDIUM] CVE-2022-35983: tensorflow - TensorFlow is an open source platform for machine learning. If `Save` or `SaveSl... TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also

CVE-2022-21729 [MEDIUM] CVE-2022-21729: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range

CVE-2022-23584 [HIGH] CVE-2022-23584: tensorflow - Tensorflow is an Open Source Machine Learning Framework. A malicious user can ca... Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7

CVE-2022-41896 [MEDIUM] CVE-2022-41896: tensorflow - TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnig... TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this com

CVE-2022-35986 [MEDIUM] CVE-2022-35986: tensorflow - TensorFlow is an open source platform for machine learning. If `RaggedBincount` ... TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this

CVE-2022-23589 [MEDIUM] CVE-2022-23589: tensorflow - Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios... Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding,

CVE-2022-21734 [MEDIUM] CVE-2022-21734: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Scope: lo

CVE-2022-35970 [MEDIUM] CVE-2022-35970: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizedInstanc... TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will

CVE-2022-36004 [MEDIUM] CVE-2022-36004: tensorflow - TensorFlow is an open source platform for machine learning. When `tf.random.gamm... TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on Te

CVE-2022-35973 [MEDIUM] CVE-2022-35973: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizedMatMul`... TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We wil

CVE-2022-36026 [MEDIUM] CVE-2022-36026: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizeAndDequa... TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will als

CVE-2022-29202 [MEDIUM] CVE-2022-29202: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. Scope: local forky: re

CVE-2022-23560 [HIGH] CVE-2022-23560: tensorflow - Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a... Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.

CVE-2022-21741 [MEDIUM] CVE-2022-21741: tensorflow - Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker ... Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before a

CVE-2022-41910 [MEDIUM] CVE-2022-41910: tensorflow - TensorFlow is an open source platform for machine learning. The function MakeGra... TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f7

CVE-2022-23573 [HIGH] CVE-2022-23573: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is als