CVE-2022-41907 – Overflow in `ResizeNearestNeighborGrad` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41907
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2022-41886 – Overflow in `ImageProjectiveTransformV2` in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41886
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2022-41890 – `CHECK` fail in `BCast` overflow in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41890
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2022-41897 – `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41897
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j • CWE-125: Out-of-bounds Read •
CVE-2022-41880 – ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow
https://notcve.org/view.php?id=CVE-2022-41880
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j • CWE-125: Out-of-bounds Read •