Debian Tensorflow vulnerabilities

CVE-2022-35964 [MEDIUM] CVE-2022-35964: tensorflow - TensorFlow is an open source platform for machine learning. The implementation o... TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will al

CVE-2022-29216 [HIGH] CVE-2022-29216: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as argumen

CVE-2022-35965 [MEDIUM] CVE-2022-35965: tensorflow - TensorFlow is an open source platform for machine learning. If `LowerBound` or `... TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in T

CVE-2022-23570 [MEDIUM] CVE-2022-23570: tensorflow - Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor ... Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case e

CVE-2022-35963 [MEDIUM] CVE-2022-35963: tensorflow - TensorFlow is an open source platform for machine learning. The implementation o... TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fe

CVE-2022-35960 [MEDIUM] CVE-2022-35960: tensorflow - TensorFlow is an open source platform for machine learning. In `core/kernels/lis... TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b

CVE-2022-21733 [MEDIUM] CVE-2022-21733: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the ou

CVE-2022-29200 [MEDIUM] CVE-2022-29200: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this

CVE-2022-35952 [MEDIUM] CVE-2022-35952: tensorflow - TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` ... TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect

CVE-2022-41909 [MEDIUM] CVE-2022-41909: tensorflow - TensorFlow is an open source platform for machine learning. An input `encoded` t... TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included

CVE-2022-21735 [MEDIUM] CVE-2022-21735: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. S

CVE-2022-23565 [MEDIUM] CVE-2022-23565: tensorflow - Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger... Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these

CVE-2022-41908 [MEDIUM] CVE-2022-41908: tensorflow - TensorFlow is an open source platform for machine learning. An input `token` tha... TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and Tens

CVE-2022-23572 [MEDIUM] CVE-2022-23572: tensorflow - Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios... Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in

CVE-2022-21731 [MEDIUM] CVE-2022-21731: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of s... Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`.

CVE-2022-29191 [MEDIUM] CVE-2022-29191: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this

CVE-2022-35991 [MEDIUM] CVE-2022-35991: tensorflow - TensorFlow is an open source platform for machine learning. When `TensorListScat... TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.1

CVE-2022-35992 [MEDIUM] CVE-2022-35992: tensorflow - TensorFlow is an open source platform for machine learning. When `TensorListFrom... TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherr

CVE-2022-23568 [MEDIUM] CVE-2022-23568: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `... Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing

CVE-2022-35939 [HIGH] CVE-2022-35939: tensorflow - TensorFlow is an open source platform for machine learning. The `ScatterNd` func... TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3c