Debian Tensorflow vulnerabilities

CVE-2022-23583 [MEDIUM] CVE-2022-23583: tensorflow - Tensorflow is an Open Source Machine Learning Framework. A malicious user can ca... Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calli

CVE-2022-23586 [MEDIUM] CVE-2022-23586: tensorflow - Tensorflow is an Open Source Machine Learning Framework. A malicious user can ca... Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3

CVE-2022-29193 [MEDIUM] CVE-2022-29193: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this i

CVE-2022-36005 [MEDIUM] CVE-2022-36005: tensorflow - TensorFlow is an open source platform for machine learning. When `tf.quantizatio... TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow

CVE-2022-36027 [MEDIUM] CVE-2022-36027: tensorflow - TensorFlow is an open source platform for machine learning. When converting tran... TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit o

CVE-2022-29209 [MEDIUM] CVE-2022-29209: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0,

CVE-2022-35969 [MEDIUM] CVE-2022-35969: tensorflow - TensorFlow is an open source platform for machine learning. The implementation o... TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorF

CVE-2022-23595 [MEDIUM] CVE-2022-23595: tensorflow - Tensorflow is an Open Source Machine Learning Framework. When building an XLA co... Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1

CVE-2022-29201 [MEDIUM] CVE-2022-29201: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. Scop

CVE-2022-41885 [MEDIUM] CVE-2022-41885: tensorflow - TensorFlow is an open source platform for machine learning. When `tf.raw_ops.Fus... TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4,

CVE-2022-35968 [MEDIUM] CVE-2022-35968: tensorflow - TensorFlow is an open source platform for machine learning. The implementation o... TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlo

CVE-2022-29205 [MEDIUM] CVE-2022-29205: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `

CVE-2022-23569 [MEDIUM] CVE-2022-23569: tensorflow - Tensorflow is an Open Source Machine Learning Framework. Multiple operations in ... Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow

CVE-2022-36013 [MEDIUM] CVE-2022-36013: tensorflow - TensorFlow is an open source platform for machine learning. When `mlir::tfg::Gra... TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, Tenso

CVE-2022-21728 [HIGH] CVE-2022-21728: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of s... Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are al

CVE-2022-41897 [MEDIUM] CVE-2022-41897: tensorflow - TensorFlow is an open source platform for machine learning. If `FractionMaxPoolG... TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow

CVE-2022-41900 [HIGH] CVE-2022-41900: tensorflow - TensorFlow is an open source platform for machine learning. The security vulnera... TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 21652

CVE-2022-29203 [MEDIUM] CVE-2022-29203: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2.... TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via

CVE-2022-21727 [HIGH] CVE-2022-21727: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of s... Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, s

CVE-2022-35979 [MEDIUM] CVE-2022-35979: tensorflow - TensorFlow is an open source platform for machine learning. If `QuantizedRelu` o... TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in Tenso