Debian Tensorflow vulnerabilities

CVE-2022-21726 [HIGH] CVE-2022-21726: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not c

CVE-2022-35990 [MEDIUM] CVE-2022-35990: tensorflow - TensorFlow is an open source platform for machine learning. When `tf.quantizatio... TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included

CVE-2022-35997 [MEDIUM] CVE-2022-35997: tensorflow - TensorFlow is an open source platform for machine learning. If `tf.sparse.cross`... TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherr

CVE-2022-36017 [MEDIUM] CVE-2022-36017: tensorflow - TensorFlow is an open source platform for machine learning. If `Requantize` is g... TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will

CVE-2022-41893 [MEDIUM] CVE-2022-41893: tensorflow - TensorFlow is an open source platform for machine learning. If `tf.raw_ops.Tenso... TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also c

CVE-2022-35999 [MEDIUM] CVE-2022-35999: tensorflow - TensorFlow is an open source platform for machine learning. When `Conv2DBackprop... TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0

CVE-2022-21736 [HIGH] CVE-2022-21736: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but thes

CVE-2022-23577 [MEDIUM] CVE-2022-23577: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Scope:

CVE-2022-41884 [MEDIUM] CVE-2022-41884: tensorflow - TensorFlow is an open source platform for machine learning. If a numpy array is ... TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on

CVE-2022-23580 [MEDIUM] CVE-2022-23580: tensorflow - Tensorflow is an Open Source Machine Learning Framework. During shape inference,... Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in suppo

CVE-2022-36003 [MEDIUM] CVE-2022-36003: tensorflow - TensorFlow is an open source platform for machine learning. When `RandomPoissonV... TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on Te

CVE-2022-41899 [MEDIUM] CVE-2022-41899: tensorflow - TensorFlow is an open source platform for machine learning. Inputs `dense_featur... TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3

CVE-2022-35984 [MEDIUM] CVE-2022-35984: tensorflow - TensorFlow is an open source platform for machine learning. `ParameterizedTrunca... TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be inclu

CVE-2022-35993 [MEDIUM] CVE-2022-35993: tensorflow - TensorFlow is an open source platform for machine learning. When `SetSize` recei... TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherryp

CVE-2022-23558 [HIGH] CVE-2022-23558: tensorflow - Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a... Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in Tens

CVE-2022-35972 [MEDIUM] CVE-2022-35972: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd... TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in Te

CVE-2022-35985 [MEDIUM] CVE-2022-35985: tensorflow - TensorFlow is an open source platform for machine learning. If `LRNGrad` is give... TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also che

CVE-2022-35994 [MEDIUM] CVE-2022-35994: tensorflow - TensorFlow is an open source platform for machine learning. When `CollectiveGath... TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this com

CVE-2022-41911 [MEDIUM] CVE-2022-41911: tensorflow - TensorFlow is an open source platform for machine learning. When printing a tens... TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in

CVE-2022-29211 [MEDIUM] CVE-2022-29211: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result