Google Tensorflow vulnerabilities

CVE-2022-23578 [MEDIUM] CWE-401 CVE-2022-23578: Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorF

CVE-2022-23589 [MEDIUM] CWE-476 CVE-2022-23589: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during const

CVE-2022-23565 [MEDIUM] CWE-617 CVE-2022-23565: Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service v Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.

CVE-2022-23557 [MEDIUM] CWE-369 CVE-2022-23557: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that w Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFl

CVE-2022-23588 [MEDIUM] CWE-617 CVE-2022-23588: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of serv Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be i

CVE-2022-23585 [MEDIUM] CWE-401 CVE-2022-23585: Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can pro Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the func

CVE-2022-23572 [MEDIUM] CWE-754 CVE-2022-23572: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fai Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. Thi

CVE-2022-23584 [MEDIUM] CWE-416 CVE-2022-23584: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on

CVE-2022-23581 [MEDIUM] CWE-617 CVE-2022-23581: Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, an

CVE-2022-21728 [HIGH] CWE-125 CVE-2022-21728: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ` Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimen

CVE-2022-21726 [HIGH] CWE-125 CVE-2022-21726: Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bo

CVE-2022-21740 [HIGH] CWE-787 CVE-2022-21740: Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOut Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

CVE-2022-21730 [HIGH] CWE-125 CVE-2022-21730: Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGra Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and Tens

CVE-2022-21727 [HIGH] CWE-190 CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ` Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not che

CVE-2022-21734 [MEDIUM] CWE-843 CVE-2022-21734: Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnera Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported rang

CVE-2022-21741 [MEDIUM] CWE-369 CVE-2022-21741: Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite m Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be ad

CVE-2022-21729 [MEDIUM] CWE-190 CVE-2022-21729: Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vul Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in sup

CVE-2022-23567 [MEDIUM] CWE-190 CVE-2022-23567: Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation

CVE-2022-21725 [MEDIUM] CWE-369 CVE-2022-21725: Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolut Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.

CVE-2022-21736 [MEDIUM] CWE-476 CVE-2022-21736: Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDat Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must sa