
CVE-2023-25676 – TensorFlow has null dereference on ParallelConcat with XLA
https://notcve.org/view.php?id=CVE-2023-25676
24 Mar 2023 — TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15 • CWE-476: NULL Pointer Dereference •

CVE-2023-25801 – TensorFlow has double free in Fractional(Max/Avg)Pool
https://notcve.org/view.php?id=CVE-2023-25801
24 Mar 2023 — TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307 • CWE-415: Double Free •

CVE-2023-27579 – TensorFlow has Floating Point Exception in TFLite in conv kernel
https://notcve.org/view.php?id=CVE-2023-27579
24 Mar 2023 — TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. • https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa • CWE-697: Incorrect Comparison •

CVE-2022-41902 – Out of bounds write in grappler in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41902
06 Dec 2022 — TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVE-2022-41910 – Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41910
06 Dec 2022 — TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 • CWE-125: Out-of-bounds Read •

CVE-2022-41907 – Overflow in `ResizeNearestNeighborGrad` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41907
18 Nov 2022 — TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc • CWE-131: Incorrect Calculation of Buffer Size •

CVE-2022-41898 – `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41898
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc • CWE-20: Improper Input Validation •

CVE-2022-41895 – `MirrorPadGrad` heap out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41895
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc • CWE-125: Out-of-bounds Read •

CVE-2022-41884 – Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41884
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784 • CWE-670: Always-Incorrect Control Flow Implementation •

CVE-2022-41908 – `CHECK` fail via inputs in `PyFunc` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41908
18 Nov 2022 — TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc • CWE-20: Improper Input Validation •