CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35960 – `CHECK` failure in `TensorListReserve` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35960
TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325 https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35959 – `CHECK` failures in `AvgPool3DGrad` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35959
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35952 – `CHECK` failures in `UnbatchGradOp` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35952
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. • https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891 https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35940 – Int overflow in `RaggedRangeOp` in Tensoflow
https://notcve.org/view.php?id=CVE-2022-35940
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. • https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88 https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35941 – `CHECK` failure in `AvgPoolOp` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-35941
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98 https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5 • CWE-617: Reachable Assertion •