Google Tensorflow vulnerabilities

CVE-2022-23561 [HIGH] CWE-787 CVE-2022-23561: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that w Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in Ten

CVE-2022-23562 [HIGH] CWE-190 CVE-2022-23562: Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as

CVE-2022-23559 [HIGH] CWE-190 CVE-2022-23559: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that w Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can the

CVE-2022-23593 [HIGH] CWE-754 CVE-2022-23593: Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLI Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. Th

CVE-2022-23592 [HIGH] CWE-125 CVE-2022-23592: Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a hea Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included

CVE-2022-23558 [HIGH] CWE-190 CVE-2022-23558: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that w Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be incl

CVE-2022-23595 [MEDIUM] CWE-476 CVE-2022-23595: Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on Tenso

CVE-2022-23580 [MEDIUM] CWE-400 CVE-2022-23580: Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allo Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and st

CVE-2022-23579 [MEDIUM] CWE-617 CVE-2022-23579: Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and

CVE-2022-23594 [MEDIUM] CWE-125 CVE-2022-23594: Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can

CVE-2022-23564 [MEDIUM] CWE-617 CVE-2022-23564: Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. W

CVE-2022-23577 [MEDIUM] CWE-476 CVE-2022-23577: Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulner Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported ra

CVE-2022-23583 [MEDIUM] CWE-617 CVE-2022-23583: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of serv Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that

CVE-2022-23582 [MEDIUM] CWE-617 CVE-2022-23582: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of serv Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape

CVE-2022-23586 [MEDIUM] CWE-617 CVE-2022-23586: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of serv Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and Tens

CVE-2022-23570 [MEDIUM] CWE-476 CVE-2022-23570: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, Tenso Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the

CVE-2022-23575 [MEDIUM] CWE-190 CVE-2022-23575: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on

CVE-2022-23563 [MEDIUM] CWE-367 CVE-2022-23563: Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfi Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a su

CVE-2022-23576 [MEDIUM] CWE-190 CVE-2022-23576: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a smal

CVE-2022-23571 [MEDIUM] CWE-617 CVE-2022-23571: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a Ten Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow