Google Tensorflow vulnerabilities

CVE-2022-35965 [HIGH] CWE-476 CVE-2022-35965: TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be inc

CVE-2022-36014 [HIGH] CWE-476 CVE-2022-36014: TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receive TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commi

CVE-2022-35988 [HIGH] CWE-617 CVE-2022-35988: TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will als

CVE-2022-35998 [HIGH] CWE-617 CVE-2022-35998: TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input ` TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10

CVE-2022-35997 [HIGH] CWE-617 CVE-2022-35997: TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input ` TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will

CVE-2022-35941 [HIGH] CWE-617 CVE-2022-35941: TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argume TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10

CVE-2022-36026 [HIGH] CWE-617 CVE-2022-36026: TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We

CVE-2022-35935 [HIGH] CWE-617 CVE-2022-35935: TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is v TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be include

CVE-2022-35966 [HIGH] CWE-20 CVE-2022-35966: TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_inpu TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10

CVE-2022-35992 [HIGH] CWE-617 CVE-2022-35992: TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will a

CVE-2022-36017 [HIGH] CWE-20 CVE-2022-36017: TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `i TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The

CVE-2022-35981 [HIGH] CWE-617 CVE-2022-35981: TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its in TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4.

CVE-2022-36019 [HIGH] CWE-617 CVE-2022-36019: TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` i TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included i

CVE-2022-35964 [HIGH] CWE-20 CVE-2022-35964: TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We

CVE-2022-36016 [HIGH] CWE-617 CVE-2022-36016: TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteF TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2

CVE-2022-36015 [HIGH] CWE-190 CVE-2022-36015: TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and Te

CVE-2022-35996 [HIGH] CWE-369 CVE-2022-35996: TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and t TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60a

CVE-2022-36002 [HIGH] CWE-617 CVE-2022-36002: TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar inpu TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on Tenso

CVE-2022-35999 [HIGH] CWE-617 CVE-2022-35999: TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empt TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5c

CVE-2022-36027 [HIGH] CWE-20 CVE-2022-36027: TensorFlow is an open source platform for machine learning. When converting transposed convolutions TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this