CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35981 – `CHECK` fail in `FractionalMaxPoolGrad` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35981
TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35979 – Segfault in `QuantizedRelu` and `QuantizedRelu6`
https://notcve.org/view.php?id=CVE-2022-35979
TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35974 – Segfault in `QuantizeDownAndShrinkRange` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35974
TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35972 – Segfault in `QuantizedBiasAdd` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35972
TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35973 – Segfault in `QuantizedMatMul` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35973
TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v • CWE-20: Improper Input Validation •