AI Sec Watch

TensorFlow Lite versions before 2.2.1 and 2.3.1 have a vulnerability where negative values in the segment_ids tensor (an array of numbers used to group data) can cause the software to write data outside its allocated memory area, potentially crashing the program or corrupting memory. This vulnerability can be exploited by anyone who can modify the segment_ids data.

TensorFlow Lite (a machine learning framework for mobile devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a vulnerability in how they validate saved models. The framework uses a special index value of -1 to mark optional inputs, but this value is incorrectly accepted for all operators and even output tensors, allowing attackers to read and write data outside the intended memory boundaries.

TensorFlow Lite (a machine learning framework for running AI models on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a vulnerability where using the same tensor (a multi-dimensional array of data) as both input and output in an operation can cause a segmentation fault (a crash where the program tries to access memory it shouldn't) or memory corruption (where data in memory gets corrupted). This happens because the code doesn't properly validate inputs when a tensor is used in this way.

TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 had a bug where a specially crafted model file could trick the software into trying to read from an empty memory location (null pointer dereference, where the program attempts to access data that doesn't exist). An attacker could modify the model file to convert a read-only tensor (a data structure the AI uses) into a read-write one, causing the runtime to crash or behave unpredictably when it tries to use that tensor.

TensorFlow Lite (a lightweight version of TensorFlow for mobile and embedded devices) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a bug where it doesn't properly check if two tensors (multi-dimensional arrays of data) have compatible sizes. An attacker can exploit this to cause the interpreter to read or write data outside of the allocated memory region, potentially crashing the program or enabling other attacks.

TensorFlow Lite (a machine learning framework for mobile and embedded devices) had a bug in versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 where it failed to properly validate array indices (positions) after converting negative numbers to positive ones. This allowed the program to access memory outside its intended bounds, causing crashes or data corruption. The vulnerability only appeared in non-debug builds because the validation check was disabled in those versions.

A vulnerability in TensorFlow (a machine learning framework) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 allows attackers to crash systems or corrupt data by modifying a SavedModel (TensorFlow's format for storing trained models). This can disable services that use TensorFlow to run AI models for predictions.

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a vulnerability in the `StringNGrams` function where the `data_splits` argument (a parameter controlling how input data is divided) is not properly checked. This lack of validation allows attackers to trigger a heap overflow (a memory error where data overwrites adjacent memory), potentially exposing sensitive data like return addresses that could help bypass ASLR (address space layout randomization, a security technique that randomizes where programs load in memory).

In eager mode (a way TensorFlow runs code immediately instead of building a computation graph first), versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 fail to set up session state properly. This causes a null pointer dereference (trying to use a pointer that points to nothing), which crashes the program with a segmentation fault (a memory access error).