[
https://issues.apache.org/jira/browse/BEAM-13995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prerana updated BEAM-13995:
----------------------------
Attachment: Tensorflow vulnerabilities.xlsx
> Apache beam is having vulnerable dependencies - Tensorflow, httplib2, pandas
> and numpy
> --------------------------------------------------------------------------------------
>
> Key: BEAM-13995
> URL: https://issues.apache.org/jira/browse/BEAM-13995
> Project: Beam
> Issue Type: Task
> Components: dependencies
> Affects Versions: 2.23.0, 2.35.0, 2.36.0
> Reporter: Prerana
> Priority: P1
> Attachments: Tensorflow vulnerabilities.xlsx
>
>
> We are using apache-beam[gcp]==2.23.0 and apache-beam=2.36.0.
> The following vulnerabilities are detected in white source with apache-beam.
> [CVE-2020-13091|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2020-13091;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
> - pandas-0.25.3-cp37-cp37m-manylinux1_x86_64.whl -
> {*}Fix{*}({color:#4c9aff}Upgrade to version pandas -
> 0.3.0.beta,1.0.4;autovizwidget - 0.12.7;pandas - 1.0.4,1.1.0rc0{color})
> [CVE-2021-41496 -
> |https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-41496;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]numpy-1.21.5-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whlnumpy-1.21.5-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
> - {*}Fix{*}({color:#4c9aff}Upgrade to version autovizwidget - 0.12.7;numpy -
> 1.22.0rc1;numcodecs - 0.6.2;numpy-base - 1.11.3;numpy - 1.17.4{color})
> [CVE-2021-21240|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-21240;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
> -httplib2-0.17.4-py3-none-any.whl - {*}Fix{*}({color:#4c9aff}Upgrade to
> version v0.19.0{color})
> {color:#0747a6}See below table{color} -
> tensorflow-1.14.0-cp37-cp37m-manylinux1_x86_64.whl -
> {*}Fix({*}{color:#4c9aff}see beloe table{color})
> please upgrade the packages to the mentioned versions with fix.
> h4. Tensorflow vulenerabilities-
> |Severity|Vulnerability|CVSS 2 Score|CVSS 3 Score|Confidentiality
> Impact|Attack Complexity|Scope|Attack Vector|Availability Impact|Integrity
> Impact|Privileges Required|Vector|User Interaction|Description|Published|Top
> Fix|
> |HIGH|CVE-2021-29513|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Calling TF
> operations with tensors of non-numeric types when the operations expect
> numeric tensors result in null pointer dereferences. The conversion from
> Python array to C++
> array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169)
> is vulnerable to a type confusion. The fix will be included in TensorFlow
> 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
> 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
> still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow
> - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-452g-f7fp-9jf7|
> |HIGH|CVE-2021-29515|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `MatrixDiag*`
> operations(https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L195-L197)
> does not validate that the tensor arguments are non-empty. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hc6c-75p4-hmq4|
> |HIGH|CVE-2021-29518|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In eager mode
> (default in TF 2.0 and later), session operations are invalid. However, users
> could still call the raw ops associated with them and trigger a null pointer
> dereference. The
> implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorflow/core/kernels/session_ops.cc#L104)
> dereferences the session state pointer without checking if it is valid.
> Thus, in eager mode, `ctx->session_state()` is nullptr and the call of the
> member function is undefined behavior. The fix will be included in TensorFlow
> 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
> 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
> still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow
> - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-62gx-355r-9fhg|
> |HIGH|CVE-2021-29520|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Missing
> validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can
> result in heap buffer overflows. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/4814fafb0ca6b5ab58a09411523b2193fed23fed/tensorflow/core/kernels/conv_grad_shape_utils.cc#L94-L153)
> assumes that the `input`, `filter_sizes` and `out_backprop` tensors have the
> same shape, as they are accessed in parallel. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-qrj6-9pfm|
> |HIGH|CVE-2020-15266|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
> Tensorflow before version 2.4.0, when the `boxes` argument of
> `tf.image.crop_and_resize` has a very large value, the CPU kernel
> implementation receives it as a C++ `nan` floating point value. Attempting to
> operate on this is undefined behavior which later produces a segmentation
> fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and
> TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly
> packages after this commit will also have the issue resolved.|2020-10-21
> 21:15:00.0|Upgrade to version 2.4.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc|
> |HIGH|CVE-2020-15265|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
> Tensorflow before version 2.4.0, an attacker can pass an invalid `axis`
> value to `tf.quantization.quantize_and_dequantize`. This results in accessing
> a dimension outside the rank of the input tensor in the C++ kernel
> implementation. However, dim_size only does a DCHECK to validate the argument
> and then uses it to access the corresponding element of an array. Since in
> normal builds, `DCHECK`-like macros are no-ops, this results in segfault and
> access out of bounds of the array. The issue is patched in
> eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be
> released containing the patch. TensorFlow nightly packages after this commit
> will also have the issue resolved.|2020-10-21 21:15:00.0|Upgrade to version
> 2.4.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrfp-j2mp-hq9c|
> |HIGH|CVE-2021-29525|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because
> the
> implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f697b044e3107917c797ba052f4506ab/tensorflow/core/kernels/conv_grad_input_ops.h#L625-L655)
> does a division by a quantity that is controlled by the caller. The fix will
> be included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xm2v-8rrw-w9pm|
> |HIGH|CVE-2021-29529|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by
> manipulating input values so that float rounding results in off-by-one error
> in accessing image elements. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66)
> computes two integers (representing the upper and lower bounds for
> interpolation) by ceiling and flooring a floating point value. For some
> values of `in`, `interpolation->upper[i]` might be smaller than
> `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is
> capped at `in_size-1` as it means that `interpolation->lower[i]` points
> outside of the image. Then, in the interpolation
> code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264),
> this would result in heap buffer overflow. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jfp7-4j67-8r3q|
> |HIGH|WS-2022-0073|9.3|9.3|HIGH|LOW|CHANGED|HIGH|LOCAL|HIGH|NONE|CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H|NONE|NULL
> Pointer Dereference and Access of Uninitialized Pointer in
> TensorFlow|2022-02-10 00:00:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details: https://github.com/advisories/GHSA-h6gw-r52c-724r|
> |HIGH|WS-2022-0072|7.0|7.0|HIGH|HIGH|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Improper
> Validation of Integrity Check Value in TensorFlow|2022-02-10
> 00:00:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details: https://github.com/advisories/GHSA-43q8-3fv7-pr5x|
> |HIGH|CVE-2021-29530|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger a null pointer dereference by providing an invalid `permutation` to
> `tf.raw_ops.SparseMatrixSparseCholesky`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/kernels/sparse/sparse_cholesky_op.cc#L85-L86)
> fails to properly validate the input arguments. Although `ValidateInputs` is
> called and there are checks in the body of this function, the code proceeds
> to the next line in `ValidateInputs` since
> `OP_REQUIRES`(https://github.com/tensorflow/tensorflow/blob/080f1d9e257589f78b3ffb75debf584168aa6062/tensorflow/core/framework/op_requires.h#L41-L48)
> is a macro that only exits the current function. Thus, the first validation
> condition that fails in `ValidateInputs` will cause an early return from that
> function. However, the caller will continue execution from the next line. The
> fix is to either explicitly check `context->status()` or to convert
> `ValidateInputs` to return a `Status`. The fix will be included in TensorFlow
> 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
> 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
> still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow
> - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xcwj-wfcm-m23c|
> |HIGH|CVE-2021-29535|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow in `QuantizedMul` by passing in invalid
> thresholds for the quantization. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/87cf4d3ea9949051e50ca3f071fc909538a51cd0/tensorflow/core/kernels/quantized_mul_op.cc#L287-L290)
> assumes that the 4 arguments are always valid scalars and tries to access
> the numeric value directly. However, if any of these tensors is empty, then
> `.flat<T>()` is an empty buffer and accessing the element at position 0
> results in overflow. The fix will be included in TensorFlow 2.5.0. We will
> also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m3f9-w3p3-p669|
> |HIGH|CVE-2021-29532|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> force accesses outside the bounds of heap allocated arrays by passing in
> invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487)
> lacks validation for the user supplied arguments. Each of the above branches
> call a helper function after accessing array elements via a `*_list[next_*]`
> pattern, followed by incrementing the `next_*` index. However, as there is no
> validation that the `next_*` values are in the valid range for the
> corresponding `*_list` arrays, this results in heap OOB reads. The fix will
> be included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j47f-4232-hvv8|
> |HIGH|CVE-2021-29537|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in
> invalid thresholds for the quantization. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706)
> assumes that the 2 arguments are always valid scalars and tries to access
> the numeric value directly. The fix will be included in TensorFlow 2.5.0. We
> will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
> TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still
> in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow -
> 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8c89-2vwr-chcq|
> |HIGH|CVE-2021-29536|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow in `QuantizedReshape` by passing in invalid
> thresholds for the quantization. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/a324ac84e573fba362a5e53d4e74d5de6729933e/tensorflow/core/kernels/quantized_reshape_op.cc#L38-L55)
> assumes that the 2 arguments are always valid scalars and tries to access
> the numeric value directly. However, if any of these tensors is empty, then
> `.flat<T>()` is an empty buffer and accessing the element at position 0
> results in overflow. The fix will be included in TensorFlow 2.5.0. We will
> also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2gfx-95x2-5v3x|
> |HIGH|CVE-2021-29540|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is
> because the
> implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L495-L497)
> computes the size of the filter tensor but does not validate that it matches
> the number of elements in `filter_sizes`. Later, when reading/writing to this
> buffer, code uses the value computed here, instead of the number of elements
> in the tensor. The fix will be included in TensorFlow 2.5.0. We will also
> cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xgc3-m89p-vr3x|
> |HIGH|CVE-2021-29546|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger an integer division by zero undefined behavior in
> `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the
> Eigen
> kernel(https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849)
> does a division by the number of elements of the smaller input (based on
> shape) without checking that this is not zero. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m34j-p8rj-wjxq|
> |HIGH|CVE-2021-29553|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> read data outside of bounds of heap allocated buffer in
> `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237)
> does not validate the value of user supplied `axis` attribute before using
> it to index in the array backing the `input` argument. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h9px-9vqg-222h|
> |HIGH|CVE-2021-29559|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> access data outside of bounds of heap allocated array in
> `tf.raw_ops.UnicodeEncode`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/472c1f12ad9063405737679d4f6bd43094e1d36d/tensorflow/core/kernels/unicode_ops.cc)
> assumes that the `input_value`/`input_splits` pair specify a valid sparse
> tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
> this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
> TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-59q2-x2qc-4c97|
> |HIGH|CVE-2021-29558|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#L528-L530)
> accesses an array element based on a user controlled offset. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mqh2-9wrp-vx84|
> |HIGH|CVE-2022-21740|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of
> `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be
> included in TensorFlow 2.8.0. We will also cherrypick this commit on
> TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
> affected and still in supported range.|2022-02-03 15:15:00.0|Upgrade to
> version tensorflow - 2.5.3,2.6.3,2.7.1;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1;tensorflow-gpu - 2.5.3,2.6.3,2.7.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r|
> |HIGH|CVE-2021-29560|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is
> because the
> implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222)
> uses the same index to access two arrays in parallel. Since the user
> controls the shape of the input arguments, an attacker could trigger a heap
> OOB access when `parent_output_index` is shorter than `row_split`. The fix
> will be included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8gv3-57p6-g35r|
> |HIGH|CVE-2021-29568|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger undefined behavior by binding to null pointer in
> `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630)
> does not validate input arguments before accessing the first element of
> `shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an
> empty array. The fix will be included in TensorFlow 2.5.0. We will also
> cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4p4p-www8-8fv9|
> |HIGH|CVE-2021-29566|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> write outside the bounds of heap allocated arrays by passing invalid
> arguments to `tf.raw_ops.Dilation2DBackpropInput`. This is because the
> implementation(https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322)
> does not validate before writing to the output array. The values for `h_out`
> and `w_out` are guaranteed to be in range for `out_backprop` (as they are
> loop indices bounded by the size of the array). However, there are no similar
> guarantees relating `h_in_max`/`w_in_max` and `in_backprop`. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pvrc-hg3f-58r6|
> |HIGH|CVE-2021-29569|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside
> of bounds of heap allocated data if attacker supplies specially crafted
> inputs. The
> implementation(https://github.com/tensorflow/tensorflow/blob/ac328eaa3870491ababc147822cd04e91a790643/tensorflow/core/kernels/requantization_range_op.cc#L49-L50)
> assumes that the `input_min` and `input_max` tensors have at least one
> element, as it accesses the first element in two arrays. If the tensors are
> empty, `.flat<T>()` is an empty object, backed by an empty array. Hence,
> accesing even the 0th element is a read outside the bounds. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3h8m-483j-7xxm|
> |HIGH|CVE-2021-41210|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference functions for `SparseCountSparseOutput` can trigger a read
> outside of bounds of heap allocated array. The fix will be included in
> TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,
> TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still
> in supported range.|2021-11-05 20:15:00.0|Upgrade to version tensorflow -
> 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc|
> |HIGH|CVE-2022-21730|5.5|8.1|HIGH|LOW|UNCHANGED|HIGH|NETWORK|NONE|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of
> `FractionalAvgPoolGrad` does not consider cases where the input tensors are
> invalid allowing an attacker to read from outside of bounds of heap. The fix
> will be included in TensorFlow 2.8.0. We will also cherrypick this commit on
> TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
> affected and still in supported range.|2022-02-03 11:15:00.0|Upgrade to
> version tensorflow - 2.5.3,2.6.3,2.7.1;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1;tensorflow-gpu - 2.5.3,2.6.3,2.7.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4|
> |HIGH|CVE-2021-37635|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions the implementation of sparse reduction operations in TensorFlow can
> trigger accesses outside of bounds of heap allocated data. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228)
> fails to validate that each reduction group does not overflow and that each
> corresponding index does not point to outside the bounds of the input tensor.
> We have patched the issue in GitHub commit
> 87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf|
> |HIGH|CVE-2021-29571|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside
> of bounds of heap allocated data if attacker supplies specially crafted
> inputs. The
> implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130)
> assumes that the last element of `boxes` input is 4, as required by [the
> op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2).
> Since this is not checked attackers passing values less than 4 can write
> outside of bounds of heap allocated objects and cause memory corruption. If
> the last dimension in `boxes` is less than 4, accesses similar to `tboxes(b,
> bb, 3)` will access data outside of bounds. Further during code execution
> there are also writes to these indices. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-whr9-vfh2-7hm6|
> |HIGH|CVE-2021-29570|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside
> of bounds of heap allocated data if attacker supplies specially crafted
> inputs. The
> implementation(https://github.com/tensorflow/tensorflow/blob/ef0c008ee84bad91ec6725ddc42091e19a30cf0e/tensorflow/core/kernels/maxpooling_op.cc#L1016-L1017)
> uses the same value to index in two different arrays but there is no
> guarantee that the sizes are identical. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-545v-42p7-98fq|
> |HIGH|CVE-2021-41208|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> code for boosted trees in TensorFlow is still missing validation. As a
> result, attackers can trigger denial of service (via dereferencing `nullptr`s
> or via `CHECK`-failures) as well as abuse undefined behavior (binding
> references to `nullptr`s). An attacker can also read and write from heap
> buffers, depending on the API that gets used and the arguments that are
> passed to the call. Given that the boosted trees implementation in TensorFlow
> is unmaintained, it is recommend to no longer use these APIs. We will
> deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix
> will be included in TensorFlow 2.7.0. We will also cherrypick this commit on
> TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
> affected and still in supported range.|2021-11-05 22:15:00.0|Upgrade to
> version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88|
> |HIGH|CVE-2021-29574|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior
> by dereferencing null pointers backing attacker-supplied empty tensors. The
> implementation(https://github.com/tensorflow/tensorflow/blob/72fe792967e7fd25234342068806707bbc116618/tensorflow/core/kernels/pooling_ops_3d.cc#L679-L703)
> fails to validate that the 3 tensor inputs are not empty. If any of them is
> empty, then accessing the elements in the tensor results in dereferencing a
> null pointer. The fix will be included in TensorFlow 2.5.0. We will also
> cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828x-qc2p-wprq|
> |HIGH|CVE-2021-41203|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions an
> attacker can trigger undefined behavior, integer overflows, segfaults and
> `CHECK`-fail crashes if they can change saved checkpoints from outside of
> TensorFlow. This is because the checkpoints loading infrastructure is missing
> validation for invalid file formats. The fixes will be included in TensorFlow
> 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow
> 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in
> supported range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2|
> |HIGH|CVE-2021-29579|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer
> overflow. The
> implementation(https://github.com/tensorflow/tensorflow/blob/ab1e644b48c82cb71493f4362b4dd38f4577a1cf/tensorflow/core/kernels/maxpooling_op.cc#L194-L203)
> fails to validate that indices used to access elements of input/output
> arrays are valid. Whereas accesses to `input_backprop_flat` are guarded by
> `FastBoundsCheck`, the indexing in `out_backprop_flat` can result in OOB
> access. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
> this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
> TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79fv-9865-4qcv|
> |HIGH|CVE-2021-29578|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap
> buffer overflow. The
> implementation(https://github.com/tensorflow/tensorflow/blob/dcba796a28364d6d7f003f6fe733d82726dda713/tensorflow/core/kernels/fractional_avg_pool_op.cc#L216)
> fails to validate that the pooling sequence arguments have enough elements
> as required by the `out_backprop` tensor shape. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f89-8j54-29xf|
> |HIGH|CVE-2021-29577|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer
> overflow. The
> implementation(https://github.com/tensorflow/tensorflow/blob/d80ffba9702dc19d1fac74fc4b766b3fa1ee976b/tensorflow/core/kernels/pooling_ops_3d.cc#L376-L450)
> assumes that the `orig_input_shape` and `grad` tensors have similar first
> and last dimensions but does not check that this assumption is validated. The
> fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit
> on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4,
> as these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6r6-84gr-92rm|
> |HIGH|CVE-2021-41201|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affeced versions during
> execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in
> `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate
> whether there is ellipsis in the corresponding inputs and output. However,
> the code only changes these flags to `true` and never assigns `false`. This
> results in unitialized variable access if callers assume that
> `EinsumHelper::ParseEquation()` always sets these flags. The fix will be
> included in TensorFlow 2.7.0. We will also cherrypick this commit on
> TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
> affected and still in supported range.|2021-11-05 20:15:00.0|Upgrade to
> version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm|
> |HIGH|CVE-2021-29576|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap
> buffer overflow. The
> implementation(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L694-L696)
> does not check that the initialization of `Pool3dParameters` completes
> successfully. Since the
> constructor(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L48-L88)
> uses `OP_REQUIRES` to validate conditions, the first assertion that fails
> interrupts the initialization of `params`, making it contain invalid data. In
> turn, this might cause a heap buffer overflow, depending on default
> initialized values. The fix will be included in TensorFlow 2.5.0. We will
> also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7cqx-92hp-x6wh|
> |HIGH|CVE-2021-41206|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions
> several TensorFlow operations are missing validation for the shapes of the
> tensor arguments involved in the call. Depending on the API, this can result
> in undefined behavior and segfault or `CHECK`-fail related crashes but in
> some scenarios writes and reads from heap populated arrays are also possible.
> We have discovered these issues internally via tooling while working on
> improving/testing GPU op determinism. As such, we don't have reproducers and
> there will be multiple fixes for these issues. These fixes will be included
> in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow
> 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and
> still in supported range.|2021-11-05 22:15:00.0|Upgrade to version tensorflow
> - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69|
> |HIGH|CVE-2020-15195|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|In
> Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the
> implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern.
> It is possible for `reverse_index_map(i)` to be an index outside of bounds of
> `grad_values`, thus resulting in a heap buffer overflow. The issue is patched
> in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in
> TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25
> 19:15:00.0|Upgrade to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr|
> |HIGH|CVE-2021-41205|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference functions for the `QuantizeAndDequantizeV*` operations can
> trigger a read outside of bounds of heap allocated array. The fix will be
> included in TensorFlow 2.7.0. We will also cherrypick this commit on
> TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
> affected and still in supported range.|2021-11-05 21:15:00.0|Upgrade to
> version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f|
> |HIGH|CVE-2021-41221|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference code for the `Cudnn*` operations in TensorFlow can be tricked
> into accessing invalid memory, via a heap buffer overflow. This occurs
> because the ranks of the `input`, `input_h` and `input_c` parameters are not
> validated, but code assumes they have certain values. The fix will be
> included in TensorFlow 2.7.0. We will also cherrypick this commit on
> TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also
> affected and still in supported range.|2021-11-05 23:15:00.0|Upgrade to
> version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x|
> |HIGH|CVE-2021-37641|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a
> valid ragged tensor code can trigger a read from outside of bounds of heap
> allocated buffers. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70)
> directly reads the first dimension of a tensor shape before checking that
> said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore,
> the implementation does not check that the list given by
> `params_nested_splits` is not an empty list of tensors. We have patched the
> issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will
> be included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8|
> |HIGH|CVE-2022-21727|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of shape
> inference for `Dequantize` is vulnerable to an integer overflow weakness. The
> `axis` argument can be `-1` (the default value for the optional argument) or
> any other positive value at most the number of dimensions of the input.
> Unfortunately, the upper bound is not checked, and, since the code computes
> `axis + 1`, an attacker can trigger an integer overflow. The fix will be
> included in TensorFlow 2.8.0. We will also cherrypick this commit on
> TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
> affected and still in supported range.|2022-02-03 11:15:00.0|Upgrade to
> version tensorflow - 2.5.3,2.6.3,2.7.1;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1;tensorflow-gpu - 2.5.3,2.6.3,2.7.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw|
> |HIGH|CVE-2021-37643|3.6|7.1|NONE|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. If a user does
> not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the
> code triggers a null pointer dereference (if input is empty) or produces
> invalid behavior, ignoring all values after the first. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89)
> reads the first value from a tensor buffer without first checking that the
> tensor has values to read from. We have patched the issue in GitHub commit
> 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 19:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc|
> |HIGH|CVE-2022-21726|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of
> `Dequantize` does not fully validate the value of `axis` and can result in
> heap OOB accesses. The `axis` argument can be `-1` (the default value for the
> optional argument) or any other positive value at most the number of
> dimensions of the input. Unfortunately, the upper bound is not checked and
> this results in reading past the end of the array containing the dimensions
> of the input tensor. The fix will be included in TensorFlow 2.8.0. We will
> also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and
> TensorFlow 2.5.3, as these are also affected and still in supported
> range.|2022-02-03 11:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1;tensorflow-cpu - 2.5.3,2.6.3,2.7.1;tensorflow-gpu -
> 2.5.3,2.6.3,2.7.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72|
> |HIGH|CVE-2022-21728|5.5|8.1|HIGH|LOW|UNCHANGED|HIGH|NETWORK|NONE|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of shape
> inference for `ReverseSequence` does not fully validate the value of
> `batch_dim` and can result in a heap OOB read. There is a check to make sure
> the value of `batch_dim` does not go over the rank of the input, but there is
> no check for negative values. Negative dimensions are allowed in some cases
> to mimic Python's negative indexing (i.e., indexing from the end of the
> array), however if the value is too negative then the implementation of `Dim`
> would access elements before the start of an array. The fix will be included
> in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
> TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still
> in supported range.|2022-02-03 11:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1;tensorflow-cpu - 2.5.3,2.6.3,2.7.1;tensorflow-gpu -
> 2.5.3,2.6.3,2.7.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8|
> |HIGH|CVE-2021-29582|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Due to lack of
> validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from
> outside of bounds of heap allocated data. The
> implementation(https://github.com/tensorflow/tensorflow/blob/26003593aa94b1742f34dc22ce88a1e17776a67d/tensorflow/core/kernels/dequantize_op.cc#L106-L131)
> accesses the `min_range` and `max_range` tensors in parallel but fails to
> check that they have the same shape. The fix will be included in TensorFlow
> 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow
> 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and
> still in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow
> - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53|
> |HIGH|CVE-2021-37638|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Sending invalid
> argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API
> results in a null pointer dereference and undefined behavior. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328)
> accesses the first element of a user supplied list of values without
> validating that the provided list is not empty. We have patched the issue in
> GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be
> included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 19:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p|
> |HIGH|CVE-2021-41219|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> code for sparse matrix multiplication is vulnerable to undefined behavior via
> binding a reference to `nullptr`. This occurs whenever the dimensions of `a`
> or `b` are 0 or less. In the case on one of these is 0, an empty output
> tensor should be allocated (to conserve the invariant that output tensors are
> always allocated when the operation is successful) but nothing should be
> written to it (that is, we should return early from the kernel
> implementation). Otherwise, attempts to write to this empty tensor would
> result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We
> will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and
> TensorFlow 2.4.4, as these are also affected and still in supported
> range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
> 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
> 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x|
> |HIGH|CVE-2021-37639|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. When restoring
> tensors via raw APIs, if the tensor name is not provided, TensorFlow can be
> tricked into dereferencing a null pointer. Alternatively, attackers can read
> memory outside the bounds of heap allocated data by providing some tensor
> names but not enough for a successful restoration. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159)
> retrieves the tensor list corresponding to the `tensor_name` user controlled
> input and immediately retrieves the tensor at the restoration index
> (controlled via `preferred_shard` argument). This occurs without validating
> that the provided list has enough values. If the list is empty this results
> in dereferencing a null pointer (undefined behavior). If, however, the list
> has some elements, if the restoration index is outside the bounds this
> results in heap OOB read. We have patched the issue in GitHub commit
> 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 19:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4|
> |HIGH|CVE-2021-29583|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer
> overflow. If the tensors are empty, the same implementation can trigger
> undefined behavior by dereferencing null pointers. The
> implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc)
> fails to validate that `scale`, `offset`, `mean` and `variance` (the last
> two only when required) all have the same number of elements as the number of
> channels of `x`. This results in heap out of bounds reads when the buffers
> backing these tensors are indexed past their boundary. If the tensors are
> empty, the validation mentioned in the above paragraph would also trigger and
> prevent the undefined behavior. The fix will be included in TensorFlow 2.5.0.
> We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,
> TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still
> in supported range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow -
> 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9xh4-23q4-v6wr|
> |HIGH|CVE-2021-41214|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference code for `tf.ragged.cross` has an undefined behavior due to
> binding a reference to `nullptr`. The fix will be included in TensorFlow
> 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow
> 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in
> supported range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v|
> |HIGH|CVE-2021-41212|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference code for `tf.ragged.cross` can trigger a read outside of
> bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0.
> We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2,
> and TensorFlow 2.4.4, as these are also affected and still in supported
> range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2,
> 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu -
> 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g|
> |HIGH|CVE-2022-23591|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The `GraphDef` format in
> TensorFlow does not allow self recursive functions. The runtime assumes that
> this invariant is satisfied. However, a `GraphDef` containing a fragment such
> as the following can be consumed when loading a `SavedModel`. This would
> result in a stack overflow during execution as resolving each `NodeDef` means
> resolving the function itself and its nodes. The fix will be included in
> TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
> TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still
> in supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7|
> |HIGH|CVE-2021-41216|4.6|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> shape inference function for `Transpose` is vulnerable to a heap buffer
> overflow. This occurs whenever `perm` contains negative elements. The shape
> inference function does not validate that the indices in `perm` are all
> valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick
> this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as
> these are also affected and still in supported range.|2021-11-05
> 23:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9|
> |HIGH|CVE-2021-37650|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord`
> and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and
> segmentation fault. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102)
> assumes that all records in the dataset are of string type. However, there
> is no check for that, and the example given above uses numeric types. We have
> patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.
> The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
> commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
> are also affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade
> to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm|
> |HIGH|CVE-2021-37651|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be
> tricked into accessing data outside of bounds of heap allocated buffers. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205)
> does not validate that the input tensor is non-empty. Thus, code constructs
> an empty `EigenDoubleMatrixMap` and then accesses this buffer with indices
> that are outside of the empty area. We have patched the issue in GitHub
> commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hpv4-7p9c-mvfr|
> |HIGH|CVE-2021-37652|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can
> result in a use after free error if an attacker supplies specially crafted
> arguments. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55)
> uses a reference counted resource and decrements the refcount if the
> initialization fails, as it should. However, when the code was written, the
> resource was represented as a naked pointer but later refactoring has changed
> it to be a smart pointer. Thus, when the pointer leaves the scope, a
> subsequent `free`-ing of the resource occurs, but this fails to take into
> account that the refcount has already reached 0, thus the resource has been
> already freed. During this double-free process, members of the resource
> object are accessed for cleanup but they are invalid as the entire resource
> has been freed. We have patched the issue in GitHub commit
> 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6|
> |HIGH|CVE-2021-37654|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can trigger a crash via a `CHECK`-fail in debug builds
> of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the
> bounds of heap allocated data in the same API in a release build. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668)
> does not check that the `batch_dims` value that the user supplies is less
> than the rank of the input tensor. Since the implementation uses several for
> loops over the dimensions of `tensor`, this results in reading data from
> outside the bounds of heap allocated buffer backing the tensor. We have
> patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.
> The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
> commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
> are also affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade
> to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4|
> |HIGH|CVE-2021-37655|4.6|7.3|HIGH|LOW|UNCHANGED|HIGH|LOCAL|LOW|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can trigger a read from outside of bounds of heap
> allocated data by sending invalid arguments to
> `tf.raw_ops.ResourceScatterUpdate`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923)
> has an incomplete validation of the relationship between the shapes of
> `indices` and `updates`: instead of checking that the shape of `indices` is a
> prefix of the shape of `updates` (so that broadcasting can happen), code only
> checks that the number of elements in these two tensors are in a divisibility
> relationship. We have patched the issue in GitHub commit
> 01cff3f986259d661103412a20745928c727326f. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7fvx-3jfc-2cpc|
> |HIGH|CVE-2021-37656|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in `tf.raw_ops.RaggedTensorToSparse`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30)
> has an incomplete validation of the splits values: it does not check that
> they are in increasing order. We have patched the issue in GitHub commit
> 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4xfp-4pfp-89wg|
> |HIGH|CVE-2021-37657|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
> has incomplete validation that the value of `k` is a valid tensor. We have
> check that this value is either a scalar or a vector, but there is no check
> for the number of elements. If this is an empty tensor, then code that
> accesses the first element of the tensor is wrong. We have patched the issue
> in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be
> included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5xwc-mrhx-5g3m|
> |HIGH|CVE-2021-37648|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions the code for `tf.raw_ops.SaveV2` does not properly validate the
> inputs and an attacker can trigger a null pointer dereference. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc)
> uses `ValidateInputs` to check that the input arguments are valid. This
> validation would have caught the illegal state represented by the reproducer
> above. However, the validation uses `OP_REQUIRES` which translates to setting
> the `Status` object of the current `OpKernelContext` to an error status,
> followed by an empty `return` statement which just terminates the execution
> of the function it is present in. However, this does not mean that the kernel
> execution is finalized: instead, execution continues from the next line in
> `Compute` that follows the call to `ValidateInputs`. This is equivalent to
> lacking the validation. We have patched the issue in GitHub commit
> 9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp77-4gmm-7cq8|
> |HIGH|CVE-2021-29595|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of the `DepthToSpace` TFLite operator is vulnerable to a
> division by zero
> error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69).
> An attacker can craft a model such that `params->block_size` is 0. The fix
> will be included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vf94-36g5-69v8|
> |HIGH|CVE-2021-41225|2.1|7.8|HIGH|LOW|UNCHANGED|LOCAL|HIGH|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions
> TensorFlow's Grappler optimizer has a use of unitialized variable. If the
> `train_nodes` vector (obtained from the saved model that gets optimized) does
> not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The
> fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit
> on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are
> also affected and still in supported range.|2021-11-05 23:15:00.0|Upgrade to
> version tensorflow - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw|
> |HIGH|CVE-2022-23587|7.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. Under certain scenarios,
> Grappler component of TensorFlow is vulnerable to an integer overflow during
> cost estimation for crop and resize. Since the cropping parameters are user
> controlled, a malicious person can trigger undefined behavior. The fix will
> be included in TensorFlow 2.8.0. We will also cherrypick this commit on
> TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also
> affected and still in supported range.|2022-02-04 23:15:00.0|Upgrade to
> version tensorflow - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q|
> |HIGH|CVE-2021-41224|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB
> access. This occurs whenever the size of `indices` does not match the size of
> `values`. The fix will be included in TensorFlow 2.7.0. We will also
> cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow
> 2.4.4, as these are also affected and still in supported range.|2021-11-05
> 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v|
> |HIGH|CVE-2022-23584|4.0|7.6|LOW|LOW|UNCHANGED|HIGH|NETWORK|LOW|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. A malicious user can cause a
> use after free behavior when decoding PNG images. After
> `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width`
> and `decode.height` are in an unspecified state. The fix will be included in
> TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
> TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still
> in supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg|
> |HIGH|CVE-2021-41223|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB
> access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick
> this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as
> these are also affected and still in supported range.|2021-11-05
> 21:15:00.0|Upgrade to version tensorflow - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-gpu - 2.4.4,
> 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr|
> |HIGH|CVE-2021-41226|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an open source platform for machine learning. In affected versions the
> implementation of `SparseBinCount` is vulnerable to a heap OOB access. This
> is because of missing validation between the elements of the `values`
> argument and the shape of the sparse output. The fix will be included in
> TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,
> TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still
> in supported range.|2021-11-05 21:15:00.0|Upgrade to version tensorflow -
> 2.4.4, 2.5.2, 2.6.1, 2.7.0;tensorflow-cpu - 2.4.4, 2.5.2, 2.6.1,
> 2.7.0;tensorflow-gpu - 2.4.4, 2.5.2, 2.6.1, 2.7.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw|
> |HIGH|CVE-2022-23566|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a
> heap OOB write in `Grappler`. The `set_output` function writes to an array at
> the specified index. Hence, this gives a malicious user a write primitive.
> The fix will be included in TensorFlow 2.8.0. We will also cherrypick this
> commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these
> are also affected and still in supported range.|2022-02-04 23:15:00.0|Upgrade
> to version tensorflow - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2|
> |HIGH|CVE-2021-37662|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can generate undefined behavior via a reference binding
> to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack
> can occur in `BoostedTreesCalculateBestFeatureSplitV2`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
> does not validate the input values. We have patched the issue in GitHub
> commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit
> 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc|
> |HIGH|CVE-2021-37663|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker
> can trigger undefined behavior via binding a reference to a null pointer or
> can access data outside the bounds of heap allocated arrays. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59)
> has some validation but does not check that `min_range` and `max_range` both
> have the same non-zero number of elements. If `axis` is provided (i.e., not
> `-1`), then validation should check that it is a value in range for the rank
> of `input` tensor and then the lengths of `min_range` and `max_range` inputs
> match the `axis` dimension of the `input` tensor. We have patched the issue
> in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be
> included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 23:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j|
> |HIGH|CVE-2021-37664|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can read from outside of bounds of heap allocated data
> by sending specially crafted illegal arguments to
> `BoostedTreesSparseCalculateBestFeatureSplit`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
> needs to validate that each value in `stats_summary_indices` is in range. We
> have patched the issue in GitHub commit
> e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 21:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg|
> |HIGH|CVE-2021-37665|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions due to incomplete validation in MKL implementation of
> requantization, an attacker can trigger undefined behavior via binding a
> reference to a null pointer or can access data outside the bounds of heap
> allocated arrays. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc)
> does not validate the dimensions of the `input` tensor. A similar issue
> occurs in `MklRequantizePerChannelOp`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc)
> does not perform full validation for all the input arguments. We have
> patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69
> and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix
> will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 23:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp|
> |HIGH|CVE-2021-37666|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in `tf.raw_ops.RaggedTensorToVariant`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129)
> has an incomplete validation of the splits values, missing the case when the
> argument would be empty. We have patched the issue in GitHub commit
> be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7|
> |HIGH|CVE-2021-37667|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in `tf.raw_ops.UnicodeEncode`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539)
> reads the first dimension of the `input_splits` tensor before validating
> that this tensor is not empty. We have patched the issue in GitHub commit
> 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 22:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h|
> |HIGH|CVE-2021-37658|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
> has incomplete validation that the value of `k` is a valid tensor. We have
> check that this value is either a scalar or a vector, but there is no check
> for the number of elements. If this is an empty tensor, then code that
> accesses the first element of the tensor is wrong. We have patched the issue
> in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be
> included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6p5r-g9mq-ggh2|
> |HIGH|CVE-2021-37659|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in all binary cwise operations that don't require broadcasting
> (e.g., gradients of binary cwise operations). The
> [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264)
> assumes that the two inputs have exactly the same number of elements but
> does not check that. Hence, when the eigen functor executes it triggers heap
> OOB reads and undefined behavior due to binding to nullptr. We have patched
> the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix
> will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 21:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q3g3-h9r4-prrc|
> |HIGH|CVE-2022-23573|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of
> `AssignOp` can result in copying uninitialized data to a new tensor. This
> later results in undefined behavior. The implementation has a check that the
> left hand side of the assignment is initialized (to minimize number of
> allocations), but does not check that the right hand side is also
> initialized. The fix will be included in TensorFlow 2.8.0. We will also
> cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow
> 2.5.3, as these are also affected and still in supported range.|2022-02-04
> 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2|
> |HIGH|CVE-2022-23574|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. There is a typo in
> TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a
> typo, `arg` is initialized to the `i`th mutable argument in a loop where the
> loop index is `j`. Hence it is possible to assign to `arg` from outside the
> vector of arguments. Since this is a mutable proto value, it allows both read
> and write to outside of bounds data. The fix will be included in TensorFlow
> 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and
> TensorFlow 2.6.3, as these are also affected and still in supported
> range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428|
> |HIGH|CVE-2022-23559|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. An attacker can craft a TFLite
> model that would cause an integer overflow in embedding lookup operations.
> Both `embedding_size` and `lookup_size` are products of values provided by
> the user. Hence, a malicious user could trigger overflows in the
> multiplication. In certain scenarios, this can then result in heap OOB
> read/write. Users are advised to upgrade to a patched version.|2022-02-04
> 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5|
> |HIGH|CVE-2022-23558|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. An attacker can craft a TFLite
> model that would cause an integer overflow in `TfLiteIntArrayCreate`. The
> `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An
> attacker can control model inputs such that `computed_size` overflows the
> size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will
> also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and
> TensorFlow 2.5.3, as these are also affected and still in supported
> range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3|
> |HIGH|CVE-2021-37671|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations.
> The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248)
> has a check in place to ensure that `indices` is in ascending order, but
> does not check that `indices` is not empty. We have patched the issue in
> GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be
> included in TensorFlow 2.6.0. We will also cherrypick this commit on
> TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
> affected and still in supported range.|2021-08-12 22:15:00.0|Upgrade to
> version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h|
> |HIGH|CVE-2021-37676|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions an attacker can cause undefined behavior via binding a reference to
> null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634)
> does not validate that the input arguments are not empty tensors. We have
> patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.
> The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
> commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these
> are also affected and still in supported range.|2021-08-12 22:15:00.0|Upgrade
> to version tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4,
> 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v768-w7m9-2vmm|
> |HIGH|CVE-2021-37678|4.6|8.8|HIGH|LOW|CHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions TensorFlow and Keras can be tricked to perform arbitrary code
> execution when deserializing a Keras model from YAML format. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104)
> uses `yaml.unsafe_load` which can perform arbitrary code execution on the
> input. Given that YAML format support requires a significant amount of work,
> we have removed it for now. We have patched the issue in GitHub commit
> 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r|
> |HIGH|CVE-2021-37679|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. In affected
> versions it is possible to nest a `tf.map_fn` within another `tf.map_fn`
> call. However, if the input tensor is a `RaggedTensor` and there is no
> function signature provided, code assumes the output is a fully specified
> tensor and fills output buffer with uninitialized contents from the heap. The
> `t` and `z` outputs should be identical, however this is not the case. The
> last row of `t` contains data from the heap which can be used to leak other
> memory information. The bug lies in the conversion from a `Variant` tensor to
> a `RaggedTensor`. The
> [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190)
> does not check that all inner shapes match and this results in the
> additional dimensions. The same implementation can result in data loss, if
> input tensor is tweaked. We have patched the issue in GitHub commit
> 4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in
> TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
> TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still
> in supported range.|2021-08-12 23:15:00.0|Upgrade to version tensorflow -
> 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0,
> tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp|
> |HIGH|CVE-2022-23562|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. The implementation of `Range`
> suffers from integer overflows. These can trigger undefined behavior or, in
> some scenarios, extremely large allocations. The fix will be included in
> TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,
> TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still
> in supported range.|2022-02-04 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr|
> |HIGH|CVE-2022-23560|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. An attacker can craft a TFLite
> model that would allow limited reads and writes outside of arrays in TFLite.
> This exploits missing validation in the conversion from sparse tensors to
> dense tensors. The fix is included in TensorFlow 2.8.0. We will also
> cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow
> 2.5.3, as these are also affected and still in supported range. Users are
> advised to upgrade as soon as possible.|2022-02-04 23:15:00.0|Upgrade to
> version tensorflow - 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v|
> |HIGH|CVE-2022-23561|6.5|8.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|LOW|CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|Tensorflow
> is an Open Source Machine Learning Framework. An attacker can craft a TFLite
> model that would cause a write outside of bounds of an array in TFLite. In
> fact, the attacker can override the linked list used by the memory allocator.
> This can be leveraged for an arbitrary write primitive under certain
> conditions. The fix will be included in TensorFlow 2.8.0. We will also
> cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow
> 2.5.3, as these are also affected and still in supported range.|2022-02-04
> 23:15:00.0|Upgrade to version tensorflow -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-cpu -
> 2.5.3,2.6.3,2.7.1,2.8.0;tensorflow-gpu - 2.5.3,2.6.3,2.7.1,2.8.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq|
> |HIGH|CVE-2020-15206|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
> Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing
> the TensorFlow's `SavedModel` protocol buffer and altering the name of
> required keys results in segfaults and data corruption while loading the
> model. This can cause a denial of service in products using
> `tensorflow-serving` or other inference-as-a-service installments. Fixed were
> added in commits f760f88b4267d981e13f4b302c437ae800445968 and
> fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0
> and 2.3.0 but not yet backported to earlier versions). However, this was not
> enough, as #41097 reports a different failure mode. The issue is patched in
> commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in
> TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25
> 19:15:00.0|Upgrade to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w5gh-2wr2-pm6g|
> |HIGH|CVE-2020-15203|5.0|7.5|NONE|LOW|UNCHANGED|HIGH|NETWORK|NONE|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|NONE|In
> Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by
> controlling the `fill` argument of tf.strings.as_string, a malicious attacker
> is able to trigger a format string vulnerability due to the way the internal
> format use in a `printf` call is constructed. This may result in segmentation
> fault. The issue is patched in commit
> 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow
> versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25 19:15:00.0|Upgrade
> to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79|
> |HIGH|CVE-2020-15202|6.8|9.0|HIGH|HIGH|CHANGED|HIGH|NETWORK|HIGH|NONE|CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H|NONE|In
> Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the
> `Shard` API in TensorFlow expects the last argument to be a function taking
> two `int64` (i.e., `long long`) arguments. However, there are several places
> in TensorFlow where a lambda taking `int` or `int32` arguments is being used.
> In these cases, if the amount of work to be parallelized is large enough,
> integer truncation occurs. Depending on how the two arguments of the lambda
> are used, this can result in segfaults, read/write outside of heap allocated
> arrays, stack overflows, or data corruption. The issue is patched in commits
> 27b417360cbd671ef55915e4bb6bb06af8b8a832 and
> ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow
> versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.|2020-09-25 19:15:00.0|Upgrade
> to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4|
> |HIGH|CVE-2019-16778|7.5|9.8|HIGH|LOW|UNCHANGED|HIGH|NETWORK|HIGH|NONE|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H|NONE|In
> TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be
> produced when the Index template argument is int32. In this case data_size
> and num_segments fields are truncated from int64 to int32 and can produce
> negative numbers, resulting in accessing out of bounds heap memory. This is
> unlikely to be exploitable and was detected and fixed internally in
> TensorFlow 1.15 and 2.0.|2019-12-16 21:15:00.0|Upgrade to version tensorflow
> - 1.15.0
> Message: Upgrade to version
> Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16778|
> |HIGH|CVE-2021-29608|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Due to lack of
> validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an
> undefined behavior if input arguments are empty. The
> implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360)
> only checks that one of the tensors is not empty, but does not check for the
> other ones. There are multiple `DCHECK` validations to prevent heap OOB, but
> these are no-op in release builds, hence they don't prevent anything. The fix
> will be included in TensorFlow 2.5.0. We will also cherrypick these commits
> on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4,
> as these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rgvq-pcvf-hx75|
> |HIGH|CVE-2021-29607|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Incomplete
> validation in `SparseAdd` results in allowing attackers to exploit undefined
> behavior (dereferencing null pointers) as well as write outside of bounds of
> heap allocated data. The
> implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc)
> has a large set of validation for the two sparse tensor inputs (6 tensors in
> total), but does not validate that the tensors are not empty or that the
> second dimension of `*_indices` matches the size of corresponding `*_shape`.
> This allows attackers to send tensor triples that represent invalid sparse
> tensors to abuse code assumptions that are not protected by validation. The
> fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit
> on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4,
> as these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gv26-jpj9-c8gq|
> |HIGH|CVE-2021-29612|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. An attacker can
> trigger a heap buffer overflow in Eigen implementation of
> `tf.raw_ops.BandedTriangularSolve`. The
> implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278)
> calls `ValidateInputTensors` for input validation but fails to validate that
> the two tensors are not empty. Furthermore, since `OP_REQUIRES` macro only
> stops execution of current function after setting `ctx->status()` to a non-OK
> value, callers of helper functions that use `OP_REQUIRES` must check value of
> `ctx->status()` before continuing. This doesn't happen in this op's
> implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219),
> hence the validation that is present is also not effective. The fix will be
> included in TensorFlow 2.5.0. We will also cherrypick this commit on
> TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as
> these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv|
> |HIGH|CVE-2021-29610|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The validation
> in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis`
> argument:. The
> validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77)
> uses `\|\|` to mix two different conditions. If `axis_ < -1` the condition
> in `OP_REQUIRES` will still be true, but this value of `axis_` results in
> heap underflow. This allows attackers to read/write to other data on the
> heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick
> this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and
> TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mq5c-prh3-3f3h|
> |HIGH|CVE-2021-29616|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of
> TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401)
> has undefined behavior due to dereferencing a null pointer in corner cases
> that result in optimizing a node with no inputs. The fix will be included in
> TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,
> TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also
> affected and still in supported range.|2021-05-14 20:15:00.0|Upgrade to
> version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvv-7x94-7vq8|
> |HIGH|CVE-2021-29614|4.6|7.8|HIGH|LOW|UNCHANGED|HIGH|LOCAL|HIGH|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. The
> implementation of `tf.io.decode_raw` produces incorrect results and crashes
> the Python interpreter when combining `fixed_length` and wider datatypes. The
> implementation of the padded
> version(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc)
> is buggy due to a confusion about pointer arithmetic rules. First, the code
> computes(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L61)
> the width of each output element by dividing the `fixed_length` value to the
> size of the type argument. The `fixed_length` argument is also used to
> determine the size needed for the output
> tensor(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L63-L79).
> This is followed by reencoding
> code(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L85-L94).
> The erroneous code is the last line above: it is moving the `out_data`
> pointer by `fixed_length * sizeof(T)` bytes whereas it only copied at most
> `fixed_length` bytes from the input. This results in parts of the input not
> being decoded into the output. Furthermore, because the pointer advance is
> far wider than desired, this quickly leads to writing to outside the bounds
> of the backing data. This OOB write leads to interpreter crash in the
> reproducer mentioned here, but more severe attacks can be mounted too, given
> that this gadget allows writing to periodically placed locations in memory.
> The fix will be included in TensorFlow 2.5.0. We will also cherrypick this
> commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow
> 2.1.4, as these are also affected and still in supported range.|2021-05-14
> 20:15:00.0|Upgrade to version tensorflow - 2.5.0, tensorflow-cpu - 2.5.0,
> tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h|
> |HIGH|CVE-2021-29613|3.6|7.1|HIGH|LOW|UNCHANGED|HIGH|LOCAL|NONE|LOW|CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H|NONE|TensorFlow
> is an end-to-end open source platform for machine learning. Incomplete
> validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read
> from heap. The fix will be included in TensorFlow 2.5.0. We will also
> cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow
> 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported
> range.|2021-05-14 20:15:00.0|Upgrade to version tensorflow - 2.5.0,
> tensorflow-cpu - 2.5.0, tensorflow-gpu - 2.5.0
> Message: Upgrade to version
> Details:
> https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7|
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
