All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
TensorFlow (an open source machine learning platform) crashes when a specific internal function receives null type list attributes (empty or missing type information). The developers have fixed the bug and will release the patch in upcoming versions of the software.
Fix: The fix will be included in TensorFlow 2.10.0. Patches will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions when available.
NVD/CVE DatabaseTensorFlow (an open source platform for machine learning) crashes when a component called mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs (data structures that define operations) without an operation name. This is a crash vulnerability that could cause the software to stop working unexpectedly.
TensorFlow (an open source platform for machine learning) crashes when a specific internal function called `mlir::tfg::ConvertGenericFunctionToFunctionDef` receives empty function attributes (data describing how a function should behave). This is a reachable assertion vulnerability, meaning the program encounters an unexpected condition it cannot handle.
TensorFlow, an open source machine learning platform, has a bug where a specific function crashes with a null dereference (trying to use a memory address that doesn't exist) when given empty function attributes. The issue affects multiple versions of TensorFlow and has no known workarounds.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `tf.quantization.fake_quant_with_min_max_vars_gradient` function where nonscalar (multi-dimensional) input values for `min` or `max` parameters cause a CHECK fail, which is a crash that could enable a denial of service attack (disrupting service availability). The vulnerability affects multiple supported versions of TensorFlow.
TensorFlow (an open source machine learning platform) has a bug in its `tf.random.gamma` function where large input values can cause a denial of service attack (making the system crash or stop responding). The developers have fixed the issue and will release it in TensorFlow 2.10.0, along with updates to older supported versions.
TensorFlow (an open source machine learning platform) has a vulnerability in its `RandomPoissonV2` function where large input values can cause a CHECK fail (a safety check that stops execution), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability affects multiple versions of TensorFlow.
TensorFlow (an open source machine learning platform) has a vulnerability where the `Unbatch` operation crashes when it receives a nonscalar input `id` (a variable with multiple dimensions rather than a single value), which can be exploited to cause a denial of service attack (making a system unavailable by overwhelming it).
TensorFlow (an open-source machine learning platform) has a vulnerability in its `DrawBoundingBoxes` function where receiving input boxes that aren't float data types causes a CHECK fail, which can be exploited to disable the system through a denial of service attack (overwhelming it with requests). The vulnerability affects multiple versions of TensorFlow.
TensorFlow, an open-source machine learning platform, has a vulnerability where a specific internal function crashes when it receives empty function attributes, causing a null dereference (an error where the software tries to use a memory location that doesn't exist). This bug affects multiple versions of TensorFlow and has no known workarounds.
TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `Conv2DBackpropInput` crashes when it receives empty input arrays, allowing attackers to cause a denial of service attack (making the system unavailable). The issue affects both CPU and GPU processing and has been patched in the codebase.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `EmptyTensorList` function that crashes when given certain inputs, allowing attackers to trigger a denial of service attack (making a service unavailable by overwhelming it). The bug occurs when the function receives an `element_shape` input with more than one dimension.
TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.sparse.cross` function where passing a non-scalar `separator` input (a parameter that isn't a single value) causes a CHECK fail, which can crash the program in a denial of service attack (making a system unavailable by overwhelming it). The flaw affects multiple versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a bug in its `Conv2D` function (a tool for processing image data) where empty input combined with certain filter and padding settings causes division-by-zero errors. This vulnerability allows attackers to crash the system in a denial of service attack (temporarily making a service unavailable by overwhelming or breaking it).
TensorFlow (an open source machine learning platform) has a vulnerability in its `AudioSummaryV2` function where passing a `sample_rate` input with multiple elements causes a CHECK failure, which can be exploited to trigger a denial of service attack (making the system unavailable by overloading it).
TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `CollectiveGather` crashes when it receives a scalar input (a single number rather than a list of numbers), allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions of TensorFlow.
TensorFlow has a vulnerability where the `SetSize` function crashes when it receives an input called `set_shape` that is not a 1D tensor (a one-dimensional array of data). An attacker can exploit this crash to launch a denial of service attack (making the system unavailable to legitimate users).
TensorFlow (an open source machine learning platform) has a bug in the `TensorListFromTensor` function where certain inputs cause a CHECK failure that can be exploited to crash the system. This vulnerability affects multiple versions of TensorFlow and has no known workarounds.
TensorFlow, an open-source machine learning platform, has a vulnerability where two functions (`TensorListScatter` and `TensorListScatterV2`) crash when given certain types of input, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `QuantizeAndDequantizeV3` function where passing a nonscalar `num_bits` input tensor (a multi-dimensional array instead of a single value) causes the program to crash, which can be exploited for a denial of service attack (making a service unavailable by overwhelming or crashing it). The issue affects multiple TensorFlow versions.
Fix: The fix is included in TensorFlow 2.10.0 and will be cherrypicked (a process of applying specific fixes to older versions) into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. The source notes there are no known workarounds for this issue.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. Users of earlier versions should also update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, which will also include this fix.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0, or if you need an earlier version, update to TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, as these versions include the patch from GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The source notes there are no known workarounds for this issue.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. Users should upgrade to TensorFlow 2.10.0 or apply the patch to supported versions 2.9.1, 2.8.1, and 2.7.2. No workarounds are available.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. Users should update to TensorFlow 2.10.0, or for earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, as these patched versions are available for affected and still-supported releases. No workarounds exist.
NVD/CVE DatabaseFix: The issue is patched in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0, and has been backported (adapted for older versions) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The issue is patched in GitHub commit c8ba76d48567aed347508e0552a257641931024d. Users should update to TensorFlow 2.10.0, or for those on earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2 (which will include a cherrypicked fix). No workarounds exist for this vulnerability.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0, and will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0 or the patched versions 2.9.1, 2.8.1, or 2.7.2. The fix is included in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. No workarounds are available, so updating is required.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0. It will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.10.0 or apply patches to supported versions 2.9.1, 2.8.1, and 2.7.2. The fix is available in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. For users on older supported versions, updates are also available for TensorFlow 2.9.1, 2.8.1, and 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available; users should update to these patched versions.
NVD/CVE Database