CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23595 – Null pointer dereference in TensorFlow
https://notcve.org/view.php?id=CVE-2022-23595
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104 https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23594 – Out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23594
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. • https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2 https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23590 – Crash due to erroneous `StatusOr` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23590
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. Un "GraphDef" de un "SavedModel" de TensorFlow puede ser alterado de forma maliciosa para causar que un proceso de TensorFlow sea bloqueado debido a que encuentra un valor "StatusOr" que es un error y extrae a la fuerza el valor del mismo. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567 https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23591 – Stack overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23591
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. • https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23593 – Segfault in `simplifyBroadcast` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-23593
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. • https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205 https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2 • CWE-754: Improper Check for Unusual or Exceptional Conditions •