CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29549 – Division by 0 in `QuantizedAdd`
https://notcve.org/view.php?id=CVE-2021-29549
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on ... • https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29550 – Division by 0 in `FractionalAvgPool`
https://notcve.org/view.php?id=CVE-2021-29550
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the... • https://github.com/tensorflow/tensorflow/commit/548b5eaf23685d86f722233d8fbc21d0a4aecb96 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29551 – OOB read in `MatrixTriangularSolve`
https://notcve.org/view.php?id=CVE-2021-29551
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixTriangularSolve`(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, a... • https://github.com/tensorflow/tensorflow/commit/480641e3599775a8895254ffbc0fc45621334f68 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29552 – CHECK-failure in `UnsortedSegmentJoin`
https://notcve.org/view.php?id=CVE-2021-29552
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29553 – Heap OOB in `QuantizeAndDequantizeV3`
https://notcve.org/view.php?id=CVE-2021-29553
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied `axis` attribute before using it to index in the array backing the `input` argument. The fix will be inc... • https://github.com/tensorflow/tensorflow/commit/99085e8ff02c3763a0ec2263e44daec416f6a387 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29554 – Division by 0 in `DenseCountSparseOutput`
https://notcve.org/view.php?id=CVE-2021-29554
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division. Since `data` is given by the `values` argument, `num_batch... • https://github.com/tensorflow/tensorflow/commit/da5ff2daf618591f64b2b62d9d9803951b945e9f • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29512 – Heap buffer overflow in `RaggedBinCount`
https://notcve.org/view.php?id=CVE-2021-29512
14 May 2021 — TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernel... • https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26266 – Uninitialized memory access in Eigen types in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26266
10 Dec 2020 — In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, en determinados casos, un modelo guardado puede activar el uso de valores no inicializados durante... • https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26267 – Lack of validation in data format attributes in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26267
10 Dec 2020 — In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, la API tf.raw_ops.DataFormatVecPermute no comprueba los atributos src_format y dst_format. • https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26268 – Write to immutable memory region in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26268
10 Dec 2020 — In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snip... • https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7 • CWE-471: Modification of Assumed-Immutable Data (MAID) •