CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37690 – Use after free and segfault in shape inference functions in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37690
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. • https://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37678 – Arbitrary code execution due to YAML deserialization
https://notcve.org/view.php?id=CVE-2021-37678
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. • https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37669 – Crash in NMS ops caused by integer conversion to unsigned in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37669
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a `std::vector`. However, as `std::vector::resize` takes the size argument as a `size_t` and `output_size` is an `int`, there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. • https://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d https://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37673 – `CHECK`-fail in `MapStage` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37673
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the `key` input is a valid non-empty tensor. We have patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow 2.6.0. • https://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d https://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37663 – Incomplete validation in `QuantizeV2` in TensorFlow
https://notcve.org/view.php?id=CVE-2021-37663
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. • https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j • CWE-20: Improper Input Validation •