Prerana created BEAM-13995:
-------------------------------
Summary: Apache beam is having vulnerable dependencies -
Tensorflow, httplib2, pandas and numpy
Key: BEAM-13995
URL: https://issues.apache.org/jira/browse/BEAM-13995
Project: Beam
Issue Type: Task
Components: dependencies
Affects Versions: 2.36.0, 2.35.0, 2.23.0
Reporter: Prerana
We are using apache-beam[gcp]==2.23.0 and apache-beam=2.36.0.
The following vulnerabilities are detected in white source with apache-beam.
[CVE-2020-13091|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2020-13091;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
- pandas-0.25.3-cp37-cp37m-manylinux1_x86_64.whl -
{*}Fix{*}({color:#4c9aff}Upgrade to version pandas -
0.3.0.beta,1.0.4;autovizwidget - 0.12.7;pandas - 1.0.4,1.1.0rc0{color})
[CVE-2021-41496 -
|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-41496;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]numpy-1.21.5-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whlnumpy-1.21.5-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
- {*}Fix{*}({color:#4c9aff}Upgrade to version autovizwidget - 0.12.7;numpy -
1.22.0rc1;numcodecs - 0.6.2;numpy-base - 1.11.3;numpy - 1.17.4{color})
[CVE-2021-21240|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-21240;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
-httplib2-0.17.4-py3-none-any.whl - {*}Fix{*}({color:#4c9aff}Upgrade to
version v0.19.0{color})
{color:#0747a6}See below table{color} -
tensorflow-1.14.0-cp37-cp37m-manylinux1_x86_64.whl -
{*}Fix({*}{color:#4c9aff}see beloe table{color})
please upgrade the packages to the mentioned versions with fix.
h4. Tensorflow vulenerabilities-
|Severity|Vulnerability|CVSS 2 Score|CVSS 3 Score|Confidentiality Impact|Attack
Complexity|Scope|Attack Vector|Availability Impact|Integrity Impact|Privileges
Required|Vector|User Interaction|Description|Published|Top Fix|
|HIGH|CVE-2021-29513|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Calling TF
operations with tensors of non-numeric types when the operations expect numeric
tensors result in null pointer dereferences. The conversion from Python array
to C++
array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169)
is vulnerable to a type confusion. The fix will be included in TensorFlow
2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow -
2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-452g-f7fp-9jf7|
|HIGH|CVE-2021-29515|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `MatrixDiag*`
operations(https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L195-L197)
does not validate that the tensor arguments are non-empty. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hc6c-75p4-hmq4|
|HIGH|CVE-2021-29518|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In eager mode
(default in TF 2.0 and later), session operations are invalid. However, users
could still call the raw ops associated with them and trigger a null pointer
dereference. The
implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorflow/core/kernels/session_ops.cc#L104)
dereferences the session state pointer without checking if it is valid. Thus,
in eager mode, `ctx->session_state()` is nullptr and the call of the member
function is undefined behavior. The fix will be included in TensorFlow 2.5.0.
We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in
supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-62gx-355r-9fhg|
|HIGH|CVE-2021-29520|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Missing validation
between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap
buffer overflows. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/4814fafb0ca6b5ab58a09411523b2193fed23fed/tensorflow/core/kernels/conv_grad_shape_utils.cc#L94-L153)
assumes that the `input`, `filter_sizes` and `out_backprop` tensors have the
same shape, as they are accessed in parallel. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-qrj6-9pfm|
|HIGH|CVE-2020-15266|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
Tensorflow before version 2.4.0, when the `boxes` argument of
`tf.image.crop_and_resize` has a very large value, the CPU kernel
implementation receives it as a C++ `nan` floating point value. Attempting to
operate on this is undefined behavior which later produces a segmentation
fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and
TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly
packages after this commit will also have the issue resolved.|2020-10-21
21:15:00.0|Upgrade to version 2.4.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc|
|HIGH|CVE-2020-15265|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value
to `tf.quantization.quantize_and_dequantize`. This results in accessing a
dimension outside the rank of the input tensor in the C++ kernel
implementation. However, dim_size only does a DCHECK to validate the argument
and then uses it to access the corresponding element of an array. Since in
normal builds, `DCHECK`-like macros are no-ops, this results in segfault and
access out of bounds of the array. The issue is patched in
eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released
containing the patch. TensorFlow nightly packages after this commit will also
have the issue resolved.|2020-10-21 21:15:00.0|Upgrade to version 2.4.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrfp-j2mp-hq9c|
|HIGH|CVE-2021-29525|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because
the
implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f697b044e3107917c797ba052f4506ab/tensorflow/core/kernels/conv_grad_input_ops.h#L625-L655)
does a division by a quantity that is controlled by the caller. The fix will
be included in TensorFlow 2.5.0. We will also cherrypick this commit on
TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xm2v-8rrw-w9pm|
|HIGH|CVE-2021-29529|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by
manipulating input values so that float rounding results in off-by-one error in
accessing image elements. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66)
computes two integers (representing the upper and lower bounds for
interpolation) by ceiling and flooring a floating point value. For some values
of `in`, `interpolation->upper[i]` might be smaller than
`interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is
capped at `in_size-1` as it means that `interpolation->lower[i]` points outside
of the image. Then, in the interpolation
code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264),
this would result in heap buffer overflow. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jfp7-4j67-8r3q|
|HIGH|WS-2022-0073|9.3|9.3|HIGH|LOW|CHANGED|HIGH|LOCAL|HIGH|NONE|CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H|NONE|NULL
Pointer Dereference and Access of Uninitialized Pointer in
TensorFlow|2022-02-10 00:00:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details: https://github.com/advisories/GHSA-h6gw-r52c-724r|
|HIGH|WS-2022-0072|7.0|7.0|HIGH|HIGH|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Improper
Validation of Integrity Check Value in TensorFlow|2022-02-10
00:00:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details: https://github.com/advisories/GHSA-43q8-3fv7-pr5x|
|HIGH|CVE-2021-29530|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger a null pointer dereference by providing an invalid `permutation` to
`tf.raw_ops.SparseMatrixSparseCholesky`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/kernels/sparse/sparse_cholesky_op.cc#L85-L86)
fails to properly validate the input arguments. Although `ValidateInputs` is
called and there are checks in the body of this function, the code proceeds to
the next line in `ValidateInputs` since
`OP_REQUIRES`(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/framework/op_requires.h#L41-L48)
is a macro that only exits the current function. Thus, the first validation
condition that fails in `ValidateInputs` will cause an early return from that
function. However, the caller will continue execution from the next line. The
fix is to either explicitly check `context->status()` or to convert
`ValidateInputs` to return a `Status`. The fix will be included in TensorFlow
2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow -
2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xcwj-wfcm-m23c|
|HIGH|CVE-2021-29535|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds
for the quantization. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/87cf4d3ea9949051e50ca3f071fc909538a51cd0/tensorflow/core/kernels/quantized_mul_op.cc#L287-L290)
assumes that the 4 arguments are always valid scalars and tries to access the
numeric value directly. However, if any of these tensors is empty, then
`.flat<T>()` is an empty buffer and accessing the element at position 0 results
in overflow. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3
and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m3f9-w3p3-p669|
|HIGH|CVE-2021-29532|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
force accesses outside the bounds of heap allocated arrays by passing in
invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487)
lacks validation for the user supplied arguments. Each of the above branches
call a helper function after accessing array elements via a `*_list[next_*]`
pattern, followed by incrementing the `next_*` index. However, as there is no
validation that the `next_*` values are in the valid range for the
corresponding `*_list` arrays, this results in heap OOB reads. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j47f-4232-hvv8|
|HIGH|CVE-2021-29537|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid
thresholds for the quantization. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706)
assumes that the 2 arguments are always valid scalars and tries to access the
numeric value directly. The fix will be included in TensorFlow 2.5.0. We will
also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8c89-2vwr-chcq|
|HIGH|CVE-2021-29536|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow in `QuantizedReshape` by passing in invalid
thresholds for the quantization. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/a324ac84e573fba362a5e53d4e74d5de6729933e/tensorflow/core/kernels/quantized_reshape_op.cc#L38-L55)
assumes that the 2 arguments are always valid scalars and tries to access the
numeric value directly. However, if any of these tensors is empty, then
`.flat<T>()` is an empty buffer and accessing the element at position 0 results
in overflow. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3
and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2gfx-95x2-5v3x|
|HIGH|CVE-2021-29540|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is
because the
implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L495-L497)
computes the size of the filter tensor but does not validate that it matches
the number of elements in `filter_sizes`. Later, when reading/writing to this
buffer, code uses the value computed here, instead of the number of elements in
the tensor. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3
and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xgc3-m89p-vr3x|
|HIGH|CVE-2021-29546|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger an integer division by zero undefined behavior in
`tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen
kernel(https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849)
does a division by the number of elements of the smaller input (based on
shape) without checking that this is not zero. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m34j-p8rj-wjxq|
|HIGH|CVE-2021-29553|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
read data outside of bounds of heap allocated buffer in
`tf.raw_ops.QuantizeAndDequantizeV3`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237)
does not validate the value of user supplied `axis` attribute before using it
to index in the array backing the `input` argument. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h9px-9vqg-222h|
|HIGH|CVE-2021-29559|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
access data outside of bounds of heap allocated array in
`tf.raw_ops.UnicodeEncode`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/472c1f12ad9063405737679d4f6bd43094e1d36d/tensorflow/core/kernels/unicode_ops.cc)
assumes that the `input_value`/`input_splits` pair specify a valid sparse
tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-59q2-x2qc-4c97|
|HIGH|CVE-2021-29558|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#L528-L530)
accesses an array element based on a user controlled offset. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mqh2-9wrp-vx84|
|HIGH|CVE-2022-21740|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of
`SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be
included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow
2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and
still in supported range.|2022-02-03 15:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1;tensorflow-cpu - 2.5.3,2.6.3,2.7.1;tensorflow-gpu -
2.5.3,2.6.3,2.7.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r|
|HIGH|CVE-2021-29560|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is
because the
implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222)
uses the same index to access two arrays in parallel. Since the user controls
the shape of the input arguments, an attacker could trigger a heap OOB access
when `parent_output_index` is shorter than `row_split`. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8gv3-57p6-g35r|
|HIGH|CVE-2021-29568|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger undefined behavior by binding to null pointer in
`tf.raw_ops.ParameterizedTruncatedNormal`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630)
does not validate input arguments before accessing the first element of
`shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an
empty array. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3
and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4p4p-www8-8fv9|
|HIGH|CVE-2021-29566|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
write outside the bounds of heap allocated arrays by passing invalid arguments
to `tf.raw_ops.Dilation2DBackpropInput`. This is because the
implementation(https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322)
does not validate before writing to the output array. The values for `h_out`
and `w_out` are guaranteed to be in range for `out_backprop` (as they are loop
indices bounded by the size of the array). However, there are no similar
guarantees relating `h_in_max`/`w_in_max` and `in_backprop`. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pvrc-hg3f-58r6|
|HIGH|CVE-2021-29569|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap
allocated data if attacker supplies specially crafted inputs. The
implementation(https://github.com/tensorflow/tensorflow/blob/ac328eaa3870491ababc147822cd04e91a790643/tensorflow/core/kernels/requantization_range_op.cc#L49-L50)
assumes that the `input_min` and `input_max` tensors have at least one
element, as it accesses the first element in two arrays. If the tensors are
empty, `.flat<T>()` is an empty object, backed by an empty array. Hence,
accesing even the 0th element is a read outside the bounds. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3h8m-483j-7xxm|
|HIGH|CVE-2021-41210|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference functions for `SparseCountSparseOutput` can trigger a read
outside of bounds of heap allocated array. The fix will be included in
TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in
supported range.|2021-11-05 20:15:00.0|Upgrade to version tensorflow - 2.4.4,
2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu
- 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc|
|HIGH|CVE-2022-21730|5.5|8.1|HIGH|LOW|UNCHANGED|HIGH|NETWORK|NONE|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of
`FractionalAvgPoolGrad` does not consider cases where the input tensors are
invalid allowing an attacker to read from outside of bounds of heap. The fix
will be included in TensorFlow 2.8.0. We will also cherrypick this commit on
TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
affected and still in supported range.|2022-02-03 11:15:00.0|Upgrade to version
tensorflow - 2.5.3,2.6.3,2.7.1;tensorflow-cpu -
2.5.3,2.6.3,2.7.1;tensorflow-gpu - 2.5.3,2.6.3,2.7.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4|
|HIGH|CVE-2021-37635|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions the implementation of sparse reduction operations in TensorFlow can
trigger accesses outside of bounds of heap allocated data. The
[implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228)
fails to validate that each reduction group does not overflow and that each
corresponding index does not point to outside the bounds of the input tensor.
We have patched the issue in GitHub commit
87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf|
|HIGH|CVE-2021-29571|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap
allocated data if attacker supplies specially crafted inputs. The
implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130)
assumes that the last element of `boxes` input is 4, as required by [the
op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2).
Since this is not checked attackers passing values less than 4 can write
outside of bounds of heap allocated objects and cause memory corruption. If the
last dimension in `boxes` is less than 4, accesses similar to `tboxes(b, bb,
3)` will access data outside of bounds. Further during code execution there are
also writes to these indices. The fix will be included in TensorFlow 2.5.0. We
will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in
supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-whr9-vfh2-7hm6|
|HIGH|CVE-2021-29570|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap
allocated data if attacker supplies specially crafted inputs. The
implementation(https://github.com/tensorflow/tensorflow/blob/ef0c008ee84bad91ec6725ddc42091e19a30cf0e/tensorflow/core/kernels/maxpooling_op.cc#L1016-L1017)
uses the same value to index in two different arrays but there is no guarantee
that the sizes are identical. The fix will be included in TensorFlow 2.5.0. We
will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in
supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-545v-42p7-98fq|
|HIGH|CVE-2021-41208|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the code
for boosted trees in TensorFlow is still missing validation. As a result,
attackers can trigger denial of service (via dereferencing `nullptr`s or via
`CHECK`-failures) as well as abuse undefined behavior (binding references to
`nullptr`s). An attacker can also read and write from heap buffers, depending
on the API that gets used and the arguments that are passed to the call. Given
that the boosted trees implementation in TensorFlow is unmaintained, it is
recommend to no longer use these APIs. We will deprecate TensorFlow's boosted
trees APIs in subsequent releases. The fix will be included in TensorFlow
2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow
2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported
range.|2021-11-05 22:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88|
|HIGH|CVE-2021-29574|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by dereferencing
null pointers backing attacker-supplied empty tensors. The
implementation(https://github.com/tensorflow/tensorflow/blob/72fe792967e7fd25234342068806707bbc116618/tensorflow/core/kernels/pooling_ops_3d.cc#L679-L703)
fails to validate that the 3 tensor inputs are not empty. If any of them is
empty, then accessing the elements in the tensor results in dereferencing a
null pointer. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3
and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828x-qc2p-wprq|
|HIGH|CVE-2021-41203|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions an
attacker can trigger undefined behavior, integer overflows, segfaults and
`CHECK`-fail crashes if they can change saved checkpoints from outside of
TensorFlow. This is because the checkpoints loading infrastructure is missing
validation for invalid file formats. The fixes will be included in TensorFlow
2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow
2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported
range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2|
|HIGH|CVE-2021-29579|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow. The
implementation(https://github.com/tensorflow/tensorflow/blob/ab1e644b48c82cb71493f4362b4dd38f4577a1cf/tensorflow/core/kernels/maxpooling_op.cc#L194-L203)
fails to validate that indices used to access elements of input/output arrays
are valid. Whereas accesses to `input_backprop_flat` are guarded by
`FastBoundsCheck`, the indexing in `out_backprop_flat` can result in OOB
access. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79fv-9865-4qcv|
|HIGH|CVE-2021-29578|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow.
The
implementation(https://github.com/tensorflow/tensorflow/blob/dcba796a28364d6d7f003f6fe733d82726dda713/tensorflow/core/kernels/fractional_avg_pool_op.cc#L216)
fails to validate that the pooling sequence arguments have enough elements as
required by the `out_backprop` tensor shape. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f89-8j54-29xf|
|HIGH|CVE-2021-29577|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer overflow. The
implementation(https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc19d1fac74fc4b766b3fa1ee976b/tensorflow/core/kernels/pooling_ops_3d.cc#L376-L450)
assumes that the `orig_input_shape` and `grad` tensors have similar first and
last dimensions but does not check that this assumption is validated. The fix
will be included in TensorFlow 2.5.0. We will also cherrypick this commit on
TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6r6-84gr-92rm|
|HIGH|CVE-2021-41201|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affeced versions during
execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in
`input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate
whether there is ellipsis in the corresponding inputs and output. However, the
code only changes these flags to `true` and never assigns `false`. This results
in unitialized variable access if callers assume that
`EinsumHelper::ParseEquation()` always sets these flags. The fix will be
included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow
2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and
still in supported range.|2021-11-05 20:15:00.0|Upgrade to version tensorflow -
2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm|
|HIGH|CVE-2021-29576|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The
implementation(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L694-L696)
does not check that the initialization of `Pool3dParameters` completes
successfully. Since the
constructor(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L48-L88)
uses `OP_REQUIRES` to validate conditions, the first assertion that fails
interrupts the initialization of `params`, making it contain invalid data. In
turn, this might cause a heap buffer overflow, depending on default initialized
values. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7cqx-92hp-x6wh|
|HIGH|CVE-2021-41206|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions several
TensorFlow operations are missing validation for the shapes of the tensor
arguments involved in the call. Depending on the API, this can result in
undefined behavior and segfault or `CHECK`-fail related crashes but in some
scenarios writes and reads from heap populated arrays are also possible. We
have discovered these issues internally via tooling while working on
improving/testing GPU op determinism. As such, we don't have reproducers and
there will be multiple fixes for these issues. These fixes will be included in
TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1,
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in
supported range.|2021-11-05 22:15:00.0|Upgrade to version tensorflow - 2.4.4,
2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu
- 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69|
|HIGH|CVE-2020-15195|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|In
Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the
implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It
is possible for `reverse_index_map(i)` to be an index outside of bounds of
`grad_values`, thus resulting in a heap buffer overflow. The issue is patched
in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in
TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25
19:15:00.0|Upgrade to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr|
|HIGH|CVE-2021-41205|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference functions for the `QuantizeAndDequantizeV*` operations can
trigger a read outside of bounds of heap allocated array. The fix will be
included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow
2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and
still in supported range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow -
2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f|
|HIGH|CVE-2021-41221|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference code for the `Cudnn*` operations in TensorFlow can be tricked
into accessing invalid memory, via a heap buffer overflow. This occurs because
the ranks of the `input`, `input_h` and `input_c` parameters are not validated,
but code assumes they have certain values. The fix will be included in
TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,
TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in
supported range.|2021-11-05 23:15:00.0|Upgrade to version tensorflow - 2.4.4,
2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu
- 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x|
|HIGH|CVE-2021-37641|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid
ragged tensor code can trigger a read from outside of bounds of heap allocated
buffers. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70)
directly reads the first dimension of a tensor shape before checking that said
tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the
implementation does not check that the list given by `params_nested_splits` is
not an empty list of tensors. We have patched the issue in GitHub commit
a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8|
|HIGH|CVE-2022-21727|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of shape
inference for `Dequantize` is vulnerable to an integer overflow weakness. The
`axis` argument can be `-1` (the default value for the optional argument) or
any other positive value at most the number of dimensions of the input.
Unfortunately, the upper bound is not checked, and, since the code computes
`axis + 1`, an attacker can trigger an integer overflow. The fix will be
included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow
2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and
still in supported range.|2022-02-03 11:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1;tensorflow-cpu - 2.5.3,2.6.3,2.7.1;tensorflow-gpu -
2.5.3,2.6.3,2.7.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw|
|HIGH|CVE-2021-37643|3.6|7.1|NONE|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. If a user does not
provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code
triggers a null pointer dereference (if input is empty) or produces invalid
behavior, ignoring all values after the first. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89)
reads the first value from a tensor buffer without first checking that the
tensor has values to read from. We have patched the issue in GitHub commit
482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 19:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc|
|HIGH|CVE-2022-21726|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of
`Dequantize` does not fully validate the value of `axis` and can result in heap
OOB accesses. The `axis` argument can be `-1` (the default value for the
optional argument) or any other positive value at most the number of dimensions
of the input. Unfortunately, the upper bound is not checked and this results in
reading past the end of the array containing the dimensions of the input
tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick
this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as
these are also affected and still in supported range.|2022-02-03
11:15:00.0|Upgrade to version tensorflow - 2.5.3,2.6.3,2.7.1;tensorflow-cpu -
2.5.3,2.6.3,2.7.1;tensorflow-gpu - 2.5.3,2.6.3,2.7.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72|
|HIGH|CVE-2022-21728|5.5|8.1|HIGH|LOW|UNCHANGED|HIGH|NETWORK|NONE|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of shape
inference for `ReverseSequence` does not fully validate the value of
`batch_dim` and can result in a heap OOB read. There is a check to make sure
the value of `batch_dim` does not go over the rank of the input, but there is
no check for negative values. Negative dimensions are allowed in some cases to
mimic Python's negative indexing (i.e., indexing from the end of the array),
however if the value is too negative then the implementation of `Dim` would
access elements before the start of an array. The fix will be included in
TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in
supported range.|2022-02-03 11:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1;tensorflow-cpu - 2.5.3,2.6.3,2.7.1;tensorflow-gpu -
2.5.3,2.6.3,2.7.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8|
|HIGH|CVE-2021-29582|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Due to lack of
validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from
outside of bounds of heap allocated data. The
implementation(https://github.com/tensorflow/tensorflow/blob/26003593aa94b1742f34dc22ce88a1e17776a67d/tensorflow/core/kernels/dequantize_op.cc#L106-L131)
accesses the `min_range` and `max_range` tensors in parallel but fails to
check that they have the same shape. The fix will be included in TensorFlow
2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow -
2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53|
|HIGH|CVE-2021-37638|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Sending invalid
argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API
results in a null pointer dereference and undefined behavior. The
[implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328)
accesses the first element of a user supplied list of values without
validating that the provided list is not empty. We have patched the issue in
GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and
still in supported range.|2021-08-12 19:15:00.0|Upgrade to version tensorflow -
2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p|
|HIGH|CVE-2021-41219|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the code
for sparse matrix multiplication is vulnerable to undefined behavior via
binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or
`b` are 0 or less. In the case on one of these is 0, an empty output tensor
should be allocated (to conserve the invariant that output tensors are always
allocated when the operation is successful) but nothing should be written to it
(that is, we should return early from the kernel implementation). Otherwise,
attempts to write to this empty tensor would result in heap OOB access. The fix
will be included in TensorFlow 2.7.0. We will also cherrypick this commit on
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
affected and still in supported range.|2021-11-05 21:15:00.0|Upgrade to version
tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x|
|HIGH|CVE-2021-37639|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. When restoring
tensors via raw APIs, if the tensor name is not provided, TensorFlow can be
tricked into dereferencing a null pointer. Alternatively, attackers can read
memory outside the bounds of heap allocated data by providing some tensor names
but not enough for a successful restoration. The
[implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159)
retrieves the tensor list corresponding to the `tensor_name` user controlled
input and immediately retrieves the tensor at the restoration index (controlled
via `preferred_shard` argument). This occurs without validating that the
provided list has enough values. If the list is empty this results in
dereferencing a null pointer (undefined behavior). If, however, the list has
some elements, if the restoration index is outside the bounds this results in
heap OOB read. We have patched the issue in GitHub commit
9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 19:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4|
|HIGH|CVE-2021-29583|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer overflow. If the
tensors are empty, the same implementation can trigger undefined behavior by
dereferencing null pointers. The
implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc)
fails to validate that `scale`, `offset`, `mean` and `variance` (the last two
only when required) all have the same number of elements as the number of
channels of `x`. This results in heap out of bounds reads when the buffers
backing these tensors are indexed past their boundary. If the tensors are
empty, the validation mentioned in the above paragraph would also trigger and
prevent the undefined behavior. The fix will be included in TensorFlow 2.5.0.
We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in
supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9xh4-23q4-v6wr|
|HIGH|CVE-2021-41214|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference code for `tf.ragged.cross` has an undefined behavior due to
binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0.
We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and
TensorFlow 2.4.4, as these are also affected and still in supported
range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v|
|HIGH|CVE-2021-41212|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference code for `tf.ragged.cross` can trigger a read outside of bounds
of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will
also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and
TensorFlow 2.4.4, as these are also affected and still in supported
range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g|
|HIGH|CVE-2022-23591|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The `GraphDef` format in
TensorFlow does not allow self recursive functions. The runtime assumes that
this invariant is satisfied. However, a `GraphDef` containing a fragment such
as the following can be consumed when loading a `SavedModel`. This would result
in a stack overflow during execution as resolving each `NodeDef` means
resolving the function itself and its nodes. The fix will be included in
TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in
supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7|
|HIGH|CVE-2021-41216|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
shape inference function for `Transpose` is vulnerable to a heap buffer
overflow. This occurs whenever `perm` contains negative elements. The shape
inference function does not validate that the indices in `perm` are all valid.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these
are also affected and still in supported range.|2021-11-05 23:15:00.0|Upgrade
to version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9|
|HIGH|CVE-2021-37650|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and
`tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and
segmentation fault. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102)
assumes that all records in the dataset are of string type. However, there is
no check for that, and the example given above uses numeric types. We have
patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade
to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm|
|HIGH|CVE-2021-37651|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be
tricked into accessing data outside of bounds of heap allocated buffers. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205)
does not validate that the input tensor is non-empty. Thus, code constructs an
empty `EigenDoubleMatrixMap` and then accesses this buffer with indices that
are outside of the empty area. We have patched the issue in GitHub commit
0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hpv4-7p9c-mvfr|
|HIGH|CVE-2021-37652|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can
result in a use after free error if an attacker supplies specially crafted
arguments. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55)
uses a reference counted resource and decrements the refcount if the
initialization fails, as it should. However, when the code was written, the
resource was represented as a naked pointer but later refactoring has changed
it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent
`free`-ing of the resource occurs, but this fails to take into account that the
refcount has already reached 0, thus the resource has been already freed.
During this double-free process, members of the resource object are accessed
for cleanup but they are invalid as the entire resource has been freed. We have
patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range.|2021-08-12 22:15:00.0|Upgrade
to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6|
|HIGH|CVE-2021-37654|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of
TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds
of heap allocated data in the same API in a release build. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668)
does not check that the `batch_dims` value that the user supplies is less than
the rank of the input tensor. Since the implementation uses several for loops
over the dimensions of `tensor`, this results in reading data from outside the
bounds of heap allocated buffer backing the tensor. We have patched the issue
in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and
still in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4|
|HIGH|CVE-2021-37655|4.6|7.3|HIGH|LOW|UNCHANGED|HIGH|LOCAL|LOW|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can trigger a read from outside of bounds of heap
allocated data by sending invalid arguments to
`tf.raw_ops.ResourceScatterUpdate`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923)
has an incomplete validation of the relationship between the shapes of
`indices` and `updates`: instead of checking that the shape of `indices` is a
prefix of the shape of `updates` (so that broadcasting can happen), code only
checks that the number of elements in these two tensors are in a divisibility
relationship. We have patched the issue in GitHub commit
01cff3f986259d661103412a20745928c727326f. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7fvx-3jfc-2cpc|
|HIGH|CVE-2021-37656|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in `tf.raw_ops.RaggedTensorToSparse`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30)
has an incomplete validation of the splits values: it does not check that they
are in increasing order. We have patched the issue in GitHub commit
1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4xfp-4pfp-89wg|
|HIGH|CVE-2021-37657|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
has incomplete validation that the value of `k` is a valid tensor. We have
check that this value is either a scalar or a vector, but there is no check for
the number of elements. If this is an empty tensor, then code that accesses the
first element of the tensor is wrong. We have patched the issue in GitHub
commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5xwc-mrhx-5g3m|
|HIGH|CVE-2021-37648|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs
and an attacker can trigger a null pointer dereference. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc)
uses `ValidateInputs` to check that the input arguments are valid. This
validation would have caught the illegal state represented by the reproducer
above. However, the validation uses `OP_REQUIRES` which translates to setting
the `Status` object of the current `OpKernelContext` to an error status,
followed by an empty `return` statement which just terminates the execution of
the function it is present in. However, this does not mean that the kernel
execution is finalized: instead, execution continues from the next line in
`Compute` that follows the call to `ValidateInputs`. This is equivalent to
lacking the validation. We have patched the issue in GitHub commit
9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp77-4gmm-7cq8|
|HIGH|CVE-2021-29595|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of the `DepthToSpace` TFLite operator is vulnerable to a division by zero
error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69).
An attacker can craft a model such that `params->block_size` is 0. The fix
will be included in TensorFlow 2.5.0. We will also cherrypick this commit on
TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vf94-36g5-69v8|
|HIGH|CVE-2021-41225|2.1|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions
TensorFlow's Grappler optimizer has a use of unitialized variable. If the
`train_nodes` vector (obtained from the saved model that gets optimized) does
not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix
will be included in TensorFlow 2.7.0. We will also cherrypick this commit on
TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
affected and still in supported range.|2021-11-05 23:15:00.0|Upgrade to version
tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw|
|HIGH|CVE-2022-23587|7.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. Under certain scenarios,
Grappler component of TensorFlow is vulnerable to an integer overflow during
cost estimation for crop and resize. Since the cropping parameters are user
controlled, a malicious person can trigger undefined behavior. The fix will be
included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow
2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and
still in supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q|
|HIGH|CVE-2021-41224|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB
access. This occurs whenever the size of `indices` does not match the size of
`values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick
this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as
these are also affected and still in supported range.|2021-11-05
21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2, 2.6.1,
2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4,
2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v|
|HIGH|CVE-2022-23584|4.0|7.6|LOW|LOW|UNCHANGED|HIGH|NETWORK|LOW|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. A malicious user can cause a use
after free behavior when decoding PNG images. After
`png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and
`decode.height` are in an unspecified state. The fix will be included in
TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in
supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg|
|HIGH|CVE-2021-41223|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this
commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these
are also affected and still in supported range.|2021-11-05 21:15:00.0|Upgrade
to version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr|
|HIGH|CVE-2021-41226|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an open source platform for machine learning. In affected versions the
implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is
because of missing validation between the elements of the `values` argument and
the shape of the sparse output. The fix will be included in TensorFlow 2.7.0.
We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and
TensorFlow 2.4.4, as these are also affected and still in supported
range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
2.4.4, 2.5.2, 2.6.1, 2.7.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw|
|HIGH|CVE-2022-23566|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a
heap OOB write in `Grappler`. The `set_output` function writes to an array at
the specified index. Hence, this gives a malicious user a write primitive. The
fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit
on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
affected and still in supported range.|2022-02-04 23:15:00.0|Upgrade to version
tensorflow - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2|
|HIGH|CVE-2021-37662|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can generate undefined behavior via a reference binding to
nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can
occur in `BoostedTreesCalculateBestFeatureSplitV2`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
does not validate the input values. We have patched the issue in GitHub commit
9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit
429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc|
|HIGH|CVE-2021-37663|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker
can trigger undefined behavior via binding a reference to a null pointer or can
access data outside the bounds of heap allocated arrays. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59)
has some validation but does not check that `min_range` and `max_range` both
have the same non-zero number of elements. If `axis` is provided (i.e., not
`-1`), then validation should check that it is a value in range for the rank of
`input` tensor and then the lengths of `min_range` and `max_range` inputs match
the `axis` dimension of the `input` tensor. We have patched the issue in GitHub
commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j|
|HIGH|CVE-2021-37664|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can read from outside of bounds of heap allocated data by
sending specially crafted illegal arguments to
`BoostedTreesSparseCalculateBestFeatureSplit`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
needs to validate that each value in `stats_summary_indices` is in range. We
have patched the issue in GitHub commit
e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg|
|HIGH|CVE-2021-37665|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions due to incomplete validation in MKL implementation of requantization,
an attacker can trigger undefined behavior via binding a reference to a null
pointer or can access data outside the bounds of heap allocated arrays. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc)
does not validate the dimensions of the `input` tensor. A similar issue occurs
in `MklRequantizePerChannelOp`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc)
does not perform full validation for all the input arguments. We have patched
the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the
Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and
still in supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow -
2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp|
|HIGH|CVE-2021-37666|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in `tf.raw_ops.RaggedTensorToVariant`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129)
has an incomplete validation of the splits values, missing the case when the
argument would be empty. We have patched the issue in GitHub commit
be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7|
|HIGH|CVE-2021-37667|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in `tf.raw_ops.UnicodeEncode`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539)
reads the first dimension of the `input_splits` tensor before validating that
this tensor is not empty. We have patched the issue in GitHub commit
2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h|
|HIGH|CVE-2021-37658|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
has incomplete validation that the value of `k` is a valid tensor. We have
check that this value is either a scalar or a vector, but there is no check for
the number of elements. If this is an empty tensor, then code that accesses the
first element of the tensor is wrong. We have patched the issue in GitHub
commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6p5r-g9mq-ggh2|
|HIGH|CVE-2021-37659|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in all binary cwise operations that don't require broadcasting
(e.g., gradients of binary cwise operations). The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264)
assumes that the two inputs have exactly the same number of elements but does
not check that. Hence, when the eigen functor executes it triggers heap OOB
reads and undefined behavior due to binding to nullptr. We have patched the
issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix will
be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade to version
tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1,
2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q3g3-h9r4-prrc|
|HIGH|CVE-2022-23573|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of `AssignOp`
can result in copying uninitialized data to a new tensor. This later results in
undefined behavior. The implementation has a check that the left hand side of
the assignment is initialized (to minimize number of allocations), but does not
check that the right hand side is also initialized. The fix will be included in
TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in
supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2|
|HIGH|CVE-2022-23574|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. There is a typo in TensorFlow's
`SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is
initialized to the `i`th mutable argument in a loop where the loop index is
`j`. Hence it is possible to assign to `arg` from outside the vector of
arguments. Since this is a mutable proto value, it allows both read and write
to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We
will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as
these are also affected and still in supported range.|2022-02-04
23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428|
|HIGH|CVE-2022-23559|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. An attacker can craft a TFLite
model that would cause an integer overflow in embedding lookup operations. Both
`embedding_size` and `lookup_size` are products of values provided by the user.
Hence, a malicious user could trigger overflows in the multiplication. In
certain scenarios, this can then result in heap OOB read/write. Users are
advised to upgrade to a patched version.|2022-02-04 23:15:00.0|Upgrade to
version tensorflow - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5|
|HIGH|CVE-2022-23558|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. An attacker can craft a TFLite
model that would cause an integer overflow in `TfLiteIntArrayCreate`. The
`TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An
attacker can control model inputs such that `computed_size` overflows the size
of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also
cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow
2.5.3, as these are also affected and still in supported range.|2022-02-04
23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3|
|HIGH|CVE-2021-37671|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248)
has a check in place to ensure that `indices` is in ascending order, but does
not check that `indices` is not empty. We have patched the issue in GitHub
commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h|
|HIGH|CVE-2021-37676|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions an attacker can cause undefined behavior via binding a reference to
null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634)
does not validate that the input arguments are not empty tensors. We have
patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
are also affected and still in supported range.|2021-08-12 22:15:00.0|Upgrade
to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v768-w7m9-2vmm|
|HIGH|CVE-2021-37678|4.6|8.8|HIGH|LOW|CHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions TensorFlow and Keras can be tricked to perform arbitrary code
execution when deserializing a Keras model from YAML format. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104)
uses `yaml.unsafe_load` which can perform arbitrary code execution on the
input. Given that YAML format support requires a significant amount of work, we
have removed it for now. We have patched the issue in GitHub commit
23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r|
|HIGH|CVE-2021-37679|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. In affected
versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call.
However, if the input tensor is a `RaggedTensor` and there is no function
signature provided, code assumes the output is a fully specified tensor and
fills output buffer with uninitialized contents from the heap. The `t` and `z`
outputs should be identical, however this is not the case. The last row of `t`
contains data from the heap which can be used to leak other memory information.
The bug lies in the conversion from a `Variant` tensor to a `RaggedTensor`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190)
does not check that all inner shapes match and this results in the additional
dimensions. The same implementation can result in data loss, if input tensor is
tweaked. We have patched the issue in GitHub commit
4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow - 2.3.4,
2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp|
|HIGH|CVE-2022-23562|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. The implementation of `Range`
suffers from integer overflows. These can trigger undefined behavior or, in
some scenarios, extremely large allocations. The fix will be included in
TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in
supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr|
|HIGH|CVE-2022-23560|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. An attacker can craft a TFLite
model that would allow limited reads and writes outside of arrays in TFLite.
This exploits missing validation in the conversion from sparse tensors to dense
tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this
commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these
are also affected and still in supported range. Users are advised to upgrade as
soon as possible.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v|
|HIGH|CVE-2022-23561|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
is an Open Source Machine Learning Framework. An attacker can craft a TFLite
model that would cause a write outside of bounds of an array in TFLite. In
fact, the attacker can override the linked list used by the memory allocator.
This can be leveraged for an arbitrary write primitive under certain
conditions. The fix will be included in TensorFlow 2.8.0. We will also
cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow
2.5.3, as these are also affected and still in supported range.|2022-02-04
23:15:00.0|Upgrade to version tensorflow -
2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu
- 2.5.3,2.6.3,2.7.1,2.8.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq|
|HIGH|CVE-2020-15206|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the
TensorFlow's `SavedModel` protocol buffer and altering the name of required
keys results in segfaults and data corruption while loading the model. This can
cause a denial of service in products using `tensorflow-serving` or other
inference-as-a-service installments. Fixed were added in commits
f760f88b4267d981e13f4b302c437ae800445968 and
fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and
2.3.0 but not yet backported to earlier versions). However, this was not
enough, as #41097 reports a different failure mode. The issue is patched in
commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow
versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25 19:15:00.0|Upgrade
to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w5gh-2wr2-pm6g|
|HIGH|CVE-2020-15203|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by
controlling the `fill` argument of tf.strings.as_string, a malicious attacker
is able to trigger a format string vulnerability due to the way the internal
format use in a `printf` call is constructed. This may result in segmentation
fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83,
and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or
2.3.1.|2020-09-25 19:15:00.0|Upgrade to version 1.15.4, 2.0.3, 2.1.2, 2.2.1,
2.3.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79|
|HIGH|CVE-2020-15202|6.8|9.0|HIGH|HIGH|CHANGED|HIGH|NETWORK|HIGH|NONE|CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H|NONE|In
Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard`
API in TensorFlow expects the last argument to be a function taking two `int64`
(i.e., `long long`) arguments. However, there are several places in TensorFlow
where a lambda taking `int` or `int32` arguments is being used. In these cases,
if the amount of work to be parallelized is large enough, integer truncation
occurs. Depending on how the two arguments of the lambda are used, this can
result in segfaults, read/write outside of heap allocated arrays, stack
overflows, or data corruption. The issue is patched in commits
27b417360cbd671ef55915e4bb6bb06af8b8a832 and
ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow
versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25 19:15:00.0|Upgrade
to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4|
|HIGH|CVE-2019-16778|7.5|9.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H|NONE|In
TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be
produced when the Index template argument is int32. In this case data_size and
num_segments fields are truncated from int64 to int32 and can produce negative
numbers, resulting in accessing out of bounds heap memory. This is unlikely to
be exploitable and was detected and fixed internally in TensorFlow 1.15 and
2.0.|2019-12-16 21:15:00.0|Upgrade to version tensorflow - 1.15.0
Message: Upgrade to version
Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16778|
|HIGH|CVE-2021-29608|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Due to lack of
validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an
undefined behavior if input arguments are empty. The
implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360)
only checks that one of the tensors is not empty, but does not check for the
other ones. There are multiple `DCHECK` validations to prevent heap OOB, but
these are no-op in release builds, hence they don't prevent anything. The fix
will be included in TensorFlow 2.5.0. We will also cherrypick these commits on
TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rgvq-pcvf-hx75|
|HIGH|CVE-2021-29607|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Incomplete
validation in `SparseAdd` results in allowing attackers to exploit undefined
behavior (dereferencing null pointers) as well as write outside of bounds of
heap allocated data. The
implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc)
has a large set of validation for the two sparse tensor inputs (6 tensors in
total), but does not validate that the tensors are not empty or that the second
dimension of `*_indices` matches the size of corresponding `*_shape`. This
allows attackers to send tensor triples that represent invalid sparse tensors
to abuse code assumptions that are not protected by validation. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gv26-jpj9-c8gq|
|HIGH|CVE-2021-29612|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. An attacker can
trigger a heap buffer overflow in Eigen implementation of
`tf.raw_ops.BandedTriangularSolve`. The
implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278)
calls `ValidateInputTensors` for input validation but fails to validate that
the two tensors are not empty. Furthermore, since `OP_REQUIRES` macro only
stops execution of current function after setting `ctx->status()` to a non-OK
value, callers of helper functions that use `OP_REQUIRES` must check value of
`ctx->status()` before continuing. This doesn't happen in this op's
implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219),
hence the validation that is present is also not effective. The fix will be
included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow
2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are
also affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv|
|HIGH|CVE-2021-29610|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The validation in
`tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis`
argument:. The
validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77)
uses `\|\|` to mix two different conditions. If `axis_ < -1` the condition in
`OP_REQUIRES` will still be true, but this value of `axis_` results in heap
underflow. This allows attackers to read/write to other data on the heap. The
fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit
on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4,
as these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mq5c-prh3-3f3h|
|HIGH|CVE-2021-29616|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of
TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401)
has undefined behavior due to dereferencing a null pointer in corner cases
that result in optimizing a node with no inputs. The fix will be included in
TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to version
tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvv-7x94-7vq8|
|HIGH|CVE-2021-29614|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. The implementation
of `tf.io.decode_raw` produces incorrect results and crashes the Python
interpreter when combining `fixed_length` and wider datatypes. The
implementation of the padded
version(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc)
is buggy due to a confusion about pointer arithmetic rules. First, the code
computes(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L61)
the width of each output element by dividing the `fixed_length` value to the
size of the type argument. The `fixed_length` argument is also used to
determine the size needed for the output
tensor(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L63-L79).
This is followed by reencoding
code(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L85-L94).
The erroneous code is the last line above: it is moving the `out_data` pointer
by `fixed_length * sizeof(T)` bytes whereas it only copied at most
`fixed_length` bytes from the input. This results in parts of the input not
being decoded into the output. Furthermore, because the pointer advance is far
wider than desired, this quickly leads to writing to outside the bounds of the
backing data. This OOB write leads to interpreter crash in the reproducer
mentioned here, but more severe attacks can be mounted too, given that this
gadget allows writing to periodically placed locations in memory. The fix will
be included in TensorFlow 2.5.0. We will also cherrypick this commit on
TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
these are also affected and still in supported range.|2021-05-14
20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h|
|HIGH|CVE-2021-29613|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
is an end-to-end open source platform for machine learning. Incomplete
validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read
from heap. The fix will be included in TensorFlow 2.5.0. We will also
cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
Message: Upgrade to version
Details:
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7|
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
