CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35941 – `CHECK` failure in `AvgPoolOp` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-35941
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98 https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5 • CWE-617: Reachable Assertion •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35937 – OOB read in `Gather_nd` op in TensorFlow Lite
https://notcve.org/view.php?id=CVE-2022-35937
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111 https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35939 – Out of bounds write in `scatter_nd` op in TensorFlow Lite
https://notcve.org/view.php?id=CVE-2022-35939
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698 https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35935 – `CHECK` failure in `SobolSample` via missing validation in TensorFlow
https://notcve.org/view.php?id=CVE-2022-35935
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9 • CWE-617: Reachable Assertion •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35938 – OOB read in `Gather_nd` op in TensorFlow Lite Micro
https://notcve.org/view.php?id=CVE-2022-35938
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. • https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3m3g-pf5v-5hpj https://github.com/tensorflow/tflite-micro/blob/1bc98621180a350eb4e8d3318ea8e228c7559b37/tensorflow/lite/micro/kernels/gather_nd.cc#L143-L154 https://github.com/tensorflow/tflite-micro/commit/4142e47e9e31db481781b955ed3ff807a781b494 • CWE-125: Out-of-bounds Read •