Intel Optimization For Tensorflow vulnerabilities

429 known vulnerabilities affecting intel/optimization_for_tensorflow.

Total CVEs
429
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH121MEDIUM200LOW103

Vulnerabilities

Page 7 of 22
CVE-2022-29198MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29198 [MEDIUM] CWE-20 Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix` Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix` ### Impact The implementation of [`tf.raw_ops.SparseTensorToCSRSparseMatrix`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119) does not fully validate the input arguments. This results in
ghsaosv
CVE-2022-29195MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29195 [MEDIUM] CWE-20 Missing validation causes denial of service via `StagePeek` Missing validation causes denial of service via `StagePeek` ### Impact The implementation of [`tf.raw_ops.StagePeek`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L261) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorf
ghsaosv
CVE-2022-29201MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29201 [MEDIUM] CWE-20 Missing validation results in undefined behavior in `QuantizedConv2D` Missing validation results in undefined behavior in `QuantizedConv2D` ### Impact The implementation of [`tf.raw_ops.QuantizedConv2D`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc) does not fully validate the input arguments: ```python import tensorflow as tf input = tf.constant(1, shape=[1, 2, 3, 3], dtype=
ghsaosv
CVE-2022-29199MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29199 [MEDIUM] CWE-20 Missing validation causes denial of service via `LoadAndRemapMatrix` Missing validation causes denial of service via `LoadAndRemapMatrix` ### Impact The implementation of [`tf.raw_ops.LoadAndRemapMatrix`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denia
ghsaosv
CVE-2022-29202MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29202 [MEDIUM] CWE-1284 Denial of service in `tf.ragged.constant` due to lack of validation Denial of service in `tf.ragged.constant` due to lack of validation ### Impact The implementation of [`tf.ragged.constant`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239) does not fully validate the input arguments. This results in a denial of service by consuming all available memory: ```pytho
ghsaosv
CVE-2022-29196MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29196 [MEDIUM] CWE-1284 Missing validation causes denial of service via `Conv3DBackpropFilterV2` Missing validation causes denial of service via `Conv3DBackpropFilterV2` ### Impact The implementation of [`tf.raw_ops.Conv3DBackpropFilterV2`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial
ghsaosv
CVE-2022-29207MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29207 [MEDIUM] CWE-20 Undefined behavior when users supply invalid resource handles Undefined behavior when users supply invalid resource handles ### Impact Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid: ```python import tensorflow as tf tf.raw_ops.QueueIsClosedV2(handle=[]) ``` ```python import tensorflow as tf tf.summary.flush(writer=()) ``` In graph mode, it would have been impossible to perform these API calls, but
ghsaosv
CVE-2022-29211MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29211 [MEDIUM] CWE-20 Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow ### Impact The implementation of [`tf.histogram_fixed_width`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc) is vulnerable to a crash when the values array contain `NaN` elements: ```python import tensorflow as tf import numpy a
ghsaosv
CVE-2022-29192MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29192 [MEDIUM] CWE-20 Missing validation crashes `QuantizeAndDequantizeV4Grad` Missing validation crashes `QuantizeAndDequantizeV4Grad` ### Impact The implementation of [`tf.raw_ops.QuantizeAndDequantizeV4Grad`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of servic
ghsaosv
CVE-2022-29200MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29200 [MEDIUM] CWE-1284 Missing validation causes denial of service via `LSTMBlockCell` Missing validation causes denial of service via `LSTMBlockCell` ### Impact The implementation of [`tf.raw_ops.LSTMBlockCell`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python i
ghsaosv
CVE-2022-29210MEDIUM≥ 2.8.0, < 2.8.12022-05-24
CVE-2022-29210 [MEDIUM] CWE-120 Heap buffer overflow due to incorrect hash function in TensorFlow Heap buffer overflow due to incorrect hash function in TensorFlow ### Impact The [`TensorKey` hash function](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/framework/tensor_key.h#L53-L64) used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tr
ghsaosv
CVE-2022-29197MEDIUM≥ 0, < 2.6.4≥ 2.7.0, < 2.7.2+1 more2022-05-24
CVE-2022-29197 [MEDIUM] CWE-20 Missing validation causes denial of service via `UnsortedSegmentJoin` Missing validation causes denial of service via `UnsortedSegmentJoin` ### Impact The implementation of [`tf.raw_ops.UnsortedSegmentJoin`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a de
ghsaosv
CVE-2021-29607MEDIUM≥ 0, < 2.1.4≥ 2.2.0, < 2.2.3+2 more2022-03-18
CVE-2021-29607 [MEDIUM] CWE-754 Incomplete validation in `SparseSparseMinimum` Incomplete validation in `SparseSparseMinimum` ### Impact Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data: ```python import tensorflow as tf a_indices = tf.ones([45, 92], dtype=tf.int64) a_values = tf.ones([45], dtype=tf.int64) a_shape = tf.ones([1], dtype=tf.int64) b_indices = tf
ghsaosv
CVE-2022-23576HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-23576 [HIGH] CWE-190 Integer overflow in Tensorflow Integer overflow in Tensorflow ### Impact The [implementation of `OpLevelCostEstimator::CalculateOutputSize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617) is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements: ```cc for (const auto& dim :
ghsaosv
CVE-2022-23577HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-23577 [HIGH] CWE-476 Null-dereference in Tensorflow Null-dereference in Tensorflow ### Impact The [implementation of `GetInitOp`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61) is vulnerable to a crash caused by dereferencing a null pointer: ```cc const auto& init_op_sig_it = meta_graph_def.signature_def().find(kSavedModelInitOpSignatureKey); if (init_op_sig_it != sig_def_map.end()) { *init_op_na
ghsaosv
CVE-2022-21731HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-21731 [HIGH] CWE-754 Type confusion leading to segfault in Tensorflow Type confusion leading to segfault in Tensorflow ### Impact The [implementation of shape inference for `ConcatV2`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059) can be used to trigger a denial of service attack via a segfault caused by a type confusion: ```python import tensorflow as tf @tf.function def test(): y = t
ghsaosv
CVE-2022-21735HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-21735 [HIGH] CWE-369 Division by zero in Tensorflow Division by zero in Tensorflow ### Impact The [implementation of `FractionalMaxPool`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192) can be made to crash a TensorFlow process via a division by 0: ```python import tensorflow as tf import numpy as np tf.raw_ops.FractionalMaxPool( value=tf.constant(value=[[[[1, 4, 2, 3]]]], dtype=tf.int6
ghsaosv
CVE-2022-21734HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-21734 [HIGH] CWE-617 `CHECK`-failures in Tensorflow `CHECK`-failures in Tensorflow ### Impact The [implementation of `MapStage`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550) is vulnerable a `CHECK`-fail if the key tensor is not a scalar: ```python import tensorflow as tf import numpy as np tf.raw_ops.MapStage( key = tf.constant(value=[4], shape= (1,2), dtype=tf.int64), indices = np.array([[6]
ghsaosv
CVE-2022-21729HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-21729 [HIGH] CWE-190 Overflow and uncaught divide by zero in Tensorflow Overflow and uncaught divide by zero in Tensorflow ### Impact The [implementation of `UnravelIndex`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135) is vulnerable to a division by zero caused by an integer overflow bug: ```python import tensorflow as tf tf.raw_ops.UnravelIndex(indices=-0x100000,dims=[0x100000,0x100000]) `
ghsaosv
CVE-2022-23575HIGH≥ 0, < 2.5.3≥ 2.6.0, < 2.6.3+1 more2022-02-10
CVE-2022-23575 [HIGH] CWE-190 Integer overflow in Tensorflow Integer overflow in Tensorflow ### Impact The [implementation of `OpLevelCostEstimator::CalculateTensorSize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558) is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements: ```cc int64_t OpLevelCostEs
ghsaosv
← Previous7 / 22Next →