CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25676 – TensorFlow has null dereference on ParallelConcat with XLA
https://notcve.org/view.php?id=CVE-2023-25676
24 Mar 2023 — TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15 • CWE-476: NULL Pointer Dereference •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25801 – TensorFlow has double free in Fractional(Max/Avg)Pool
https://notcve.org/view.php?id=CVE-2023-25801
24 Mar 2023 — TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27579 – TensorFlow has Floating Point Exception in TFLite in conv kernel
https://notcve.org/view.php?id=CVE-2023-27579
24 Mar 2023 — TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. • https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa • CWE-697: Incorrect Comparison •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41902 – Out of bounds write in grappler in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41902
06 Dec 2022 — TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41910 – Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41910
06 Dec 2022 — TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41889 – Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41889
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41888 – Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41888
18 Nov 2022 — TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41897 – `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41897
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41884 – Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41884
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41893 – `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41893
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc • CWE-617: Reachable Assertion •