CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29201 – Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29201
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29202 – Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`
https://notcve.org/view.php?id=CVE-2022-29202
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29203 – Integer overflow in `SpaceToBatchND` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29203
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es un... • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29204 – Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
https://notcve.org/view.php?id=CVE-2022-29204
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as... • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14 • CWE-20: Improper Input Validation CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29208 – Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29208
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. • https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29205 – Segfault due to missing support for quantized types in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29205
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8... • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29206 – Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29206
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29207 – Undefined behavior when users supply invalid resource handles in TensorFlow
https://notcve.org/view.php?id=CVE-2022-29207
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. • https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7 • CWE-20: Improper Input Validation CWE-475: Undefined Behavior for Input to API •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29195 – Missing validation causes denial of service in TensorFlow via `StagePeek`
https://notcve.org/view.php?id=CVE-2022-29195
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29197 – Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin`
https://notcve.org/view.php?id=CVE-2022-29197
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95 • CWE-20: Improper Input Validation •