CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41222 – Segfault due to negative splits in `SplitV`
https://notcve.org/view.php?id=CVE-2021-41222
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41228 – Code injection in `saved_model_cli`
https://notcve.org/view.php?id=CVE-2021-41228
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. • https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41221 – Access to invalid memory during shape inference in `Cudnn*` ops
https://notcve.org/view.php?id=CVE-2021-41221
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as t... • https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41216 – Heap buffer overflow in `Transpose`
https://notcve.org/view.php?id=CVE-2021-41216
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. • https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41213 – Deadlock in mutually recursive `tf.function` objects
https://notcve.org/view.php?id=CVE-2021-41213
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. • https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7 • CWE-662: Improper Synchronization CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41218 – Integer division by 0 in `tf.raw_ops.AllToAll`
https://notcve.org/view.php?id=CVE-2021-41218
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41206 – Incomplete validation of shapes in multiple TF ops
https://notcve.org/view.php?id=CVE-2021-41206
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't... • https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41208 – Incomplete validation in boosted trees code
https://notcve.org/view.php?id=CVE-2021-41208
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation... • https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41207 – Division by zero in `ParallelConcat`
https://notcve.org/view.php?id=CVE-2021-41207
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41202 – Overflow/crash in `tf.range`
https://notcve.org/view.php?id=CVE-2021-41202
05 Nov 2021 — TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. • https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94 • CWE-681: Incorrect Conversion between Numeric Types •