Google Tensorflow vulnerabilities

CVE-2022-41897 [HIGH] CWE-125 CVE-2022-41897: TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsiz TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on T

CVE-2022-41896 [HIGH] CWE-20 CVE-2022-41896: TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick

CVE-2022-41907 [HIGH] CWE-131 CVE-2022-41907: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGr TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and Tenso

CVE-2022-41908 [HIGH] CWE-20 CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 byt TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3,

CVE-2022-41894 [HIGH] CWE-120 CVE-2022-41894: TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRA TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number o

CVE-2022-41883 [HIGH] CWE-125 CVE-2022-41883: TensorFlow is an open source platform for machine learning. When ops that have specified input sizes TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2

CVE-2022-41890 [HIGH] CWE-704 CVE-2022-41890: TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input large TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc5324

CVE-2022-41898 [HIGH] CWE-20 CVE-2022-41898: TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given em TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as

CVE-2022-41891 [HIGH] CWE-20 CVE-2022-41891: TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is give TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also ch

CVE-2022-41889 [HIGH] CWE-476 CVE-2022-41889: TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assign TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in G

CVE-2022-35939 [CRITICAL] CWE-787 CVE-2022-35939: TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd724

CVE-2022-35937 [CRITICAL] CWE-125 CVE-2022-35937: TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a19

CVE-2022-35938 [CRITICAL] CWE-125 CVE-2022-35938: TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3f

CVE-2022-36013 [HIGH] CWE-476 CVE-2022-36013: TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::Conve TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.

CVE-2022-35983 [HIGH] CWE-617 CVE-2022-35983: TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over te TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We

CVE-2022-35970 [HIGH] CWE-20 CVE-2022-35970: TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_m TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0.

CVE-2022-35974 [HIGH] CWE-20 CVE-2022-35974: TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow

CVE-2022-35952 [HIGH] CWE-617 CVE-2022-35952: TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an ar TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An

CVE-2022-35934 [HIGH] CWE-617 CVE-2022-35934: TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in T TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be include

CVE-2022-35985 [HIGH] CWE-617 CVE-2022-35985: TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will