AI Sec Watch

TensorFlow (an open-source machine learning platform) has a vulnerability where two functions called `QuantizedRelu` and `QuantizedRelu6` crash when given certain types of incorrect inputs for their `min_features` or `max_features` parameters, which attackers could exploit to cause a denial of service attack (making the system unavailable).

TensorFlow (an open source machine learning platform) has a bug where a function called `QuantizeDownAndShrinkRange` crashes if it receives nonscalar inputs (arrays or objects with multiple values instead of single values) for certain parameters, allowing attackers to cause a denial of service attack (making the system unavailable).

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedMatMul` function that crashes when given certain types of improper input (nonscalar values for min/max parameters), allowing attackers to trigger a denial of service attack (making the system unavailable). The issue has been fixed and will be released in updated versions of TensorFlow.

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedBiasAdd` function that crashes when given certain tensor inputs of nonzero rank (multi-dimensional arrays), allowing attackers to launch a denial of service attack (making the system unavailable). The developers have identified and patched the issue.

TensorFlow, an open source machine learning platform, has a vulnerability in the `FakeQuantWithMinMaxVars` function where providing certain types of input tensors (multidimensional arrays of numbers) causes the program to crash, enabling a denial of service attack (making a system unavailable to users). The vulnerability has been identified and fixed in the codebase.

TensorFlow (an open source platform for machine learning) has a bug in the `QuantizedInstanceNorm` function where passing certain tensor inputs (`x_min` or `x_max` with nonzero rank, which are multi-dimensional arrays of numerical data) causes a segfault (a crash from accessing invalid memory), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability was fixed and will be released in TensorFlow 2.10.0, with backported patches for earlier versions.

TensorFlow (an open-source machine learning platform) has a bug in the `Conv2DBackpropInput` function where it crashes if the `input_sizes` parameter is not 4-dimensional, allowing attackers to cause a denial of service (making the system unavailable). The issue has been fixed and will be released in upcoming versions.

TensorFlow, an open source machine learning platform, has a bug in the `AvgPoolGrad` function where it doesn't properly check the input parameter `orig_input_shape`. This incomplete validation causes a CHECK failure (a crash that stops the program), which attackers can exploit to perform a denial of service attack (making the system unavailable to legitimate users).

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedAdd` function (a tool for adding quantized numbers, which are rounded values used to save memory). If this function receives certain tensor inputs of nonzero rank (multi-dimensional arrays), it crashes the program, which can be exploited to cause a denial of service attack (making the system unavailable to legitimate users).