CVE-2022-36003 – `CHECK` fail in `RandomPoissonV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36003
TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq • CWE-617: Reachable Assertion •
CVE-2022-36002 – `CHECK` fail in `Unbatch` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36002
TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg • CWE-617: Reachable Assertion •
CVE-2022-36001 – `CHECK` fail in `DrawBoundingBoxes` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36001
TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5 • CWE-617: Reachable Assertion •
CVE-2022-36026 – `CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36026
TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq • CWE-617: Reachable Assertion •
CVE-2022-36018 – `CHECK` fail in `RaggedTensorToVariant` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36018
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf • CWE-617: Reachable Assertion •