CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25801 – TensorFlow has double free in Fractional(Max/Avg)Pool
https://notcve.org/view.php?id=CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. • https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27579 – TensorFlow has Floating Point Exception in TFLite in conv kernel
https://notcve.org/view.php?id=CVE-2023-27579
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. • https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8 • CWE-697: Incorrect Comparison •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41902 – Out of bounds write in grappler in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41902
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41910 – Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41910
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41895 – `MirrorPadGrad` heap out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41895
TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx • CWE-125: Out-of-bounds Read •