CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37657 – Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37657
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector,... • https://github.com/tensorflow/tensorflow/commit/f2a673bd34f0d64b8e40a551ac78989d16daad09 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37658 – Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37658
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vect... • https://github.com/tensorflow/tensorflow/commit/ff8894044dfae5568ecbf2ed514c1a37dc394f1b • CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37644 – `std::abort` raised from `TensorListReserve` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37644
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlle... • https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2 • CWE-617: Reachable Assertion •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37654 – Heap OOB and CHECK fail in `ResourceGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37654
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value t... • https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37641 – Heap OOB in `RaggedGather` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37641
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at leas... • https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37635 – Heap out of bounds access in sparse reduction operations in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37635
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the boun... • https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37664 – Heap OOB in boosted trees in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37664
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. We have patched the is... • https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37659 – Out of bounds read via null pointer dereference in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37659
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but ... • https://github.com/tensorflow/tensorflow/commit/93f428fd1768df147171ed674fee1fc5ab8309ec • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37655 – Heap OOB in `ResourceScatterUpdate` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37655
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of `indices` and `updates`: instead of ... • https://github.com/tensorflow/tensorflow/commit/01cff3f986259d661103412a20745928c727326f • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37637 – Null pointer dereference in `CompressElement` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37637
12 Aug 2021 — TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. We have patched the issue... • https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5 • CWE-476: NULL Pointer Dereference •