CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41911 – Invalid char to bool conversion when printing a tensor in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41911
18 Nov 2022 — TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41909 – Segfault in `CompositeTensorVariantToComponents` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41909
18 Nov 2022 — TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in su... • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41886 – Overflow in `ImageProjectiveTransformV2` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41886
18 Nov 2022 — TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41894 – Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
https://notcve.org/view.php?id=CVE-2022-41894
18 Nov 2022 — TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with... • https://github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-41900 – FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41900
18 Nov 2022 — TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. • https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41895 – `MirrorPadGrad` heap out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41895
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41889 – Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41889
18 Nov 2022 — TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41899 – `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41899
18 Nov 2022 — TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36015 – Integer overflow in math ops in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36015
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-36012 – Assertion fail on MLIR empty edge names in TensorFlow
https://notcve.org/view.php?id=CVE-2022-36012
16 Sep 2022 — TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc • CWE-617: Reachable Assertion •