CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35959 – `CHECK` failures in `AvgPool3DGrad` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35959
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35952 – `CHECK` failures in `UnbatchGradOp` in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35952
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. • https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891 https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35940 – Int overflow in `RaggedRangeOp` in Tensoflow
https://notcve.org/view.php?id=CVE-2022-35940
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. • https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88 https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35941 – `CHECK` failure in `AvgPoolOp` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-35941
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98 https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5 • CWE-617: Reachable Assertion •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35937 – OOB read in `Gather_nd` op in TensorFlow Lite
https://notcve.org/view.php?id=CVE-2022-35937
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111 https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h • CWE-125: Out-of-bounds Read •