CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35997 – `CHECK` fail in `tf.sparse.cross` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35997
TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35995 – `CHECK` fail in `AudioSummaryV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35995
TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36016 – `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36016
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36005 – `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36005
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36004 – `CHECK` fail in `tf.random.gamma` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36004
TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q • CWE-617: Reachable Assertion •