CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21730 – Out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21730
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360 https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4 • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41227 – Arbitrary memory read in `ImmutableConst`
https://notcve.org/view.php?id=CVE-2021-41227
TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41225 – A use of uninitialized value vulnerability in Tensorflow
https://notcve.org/view.php?id=CVE-2021-41225
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41222 – Segfault due to negative splits in `SplitV`
https://notcve.org/view.php?id=CVE-2021-41222
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41228 – Code injection in `saved_model_cli`
https://notcve.org/view.php?id=CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. • https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •