All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.sparse.cross` function where passing a non-scalar `separator` input (a parameter that isn't a single value) causes a CHECK fail, which can crash the program in a denial of service attack (making a system unavailable by overwhelming it). The flaw affects multiple versions of TensorFlow.
Fix: The issue has been patched in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseTensorFlow, an open source machine learning platform, has a bug in its `Conv2D` function (a tool for processing image data) where empty input combined with certain filter and padding settings causes division-by-zero errors. This vulnerability allows attackers to crash the system in a denial of service attack (temporarily making a service unavailable by overwhelming or breaking it).
TensorFlow (an open source machine learning platform) has a vulnerability in its `AudioSummaryV2` function where passing a `sample_rate` input with multiple elements causes a CHECK failure, which can be exploited to trigger a denial of service attack (making the system unavailable by overloading it).
TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `CollectiveGather` crashes when it receives a scalar input (a single number rather than a list of numbers), allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions of TensorFlow.
TensorFlow has a vulnerability where the `SetSize` function crashes when it receives an input called `set_shape` that is not a 1D tensor (a one-dimensional array of data). An attacker can exploit this crash to launch a denial of service attack (making the system unavailable to legitimate users).
TensorFlow (an open source machine learning platform) has a bug in the `TensorListFromTensor` function where certain inputs cause a CHECK failure that can be exploited to crash the system. This vulnerability affects multiple versions of TensorFlow and has no known workarounds.
TensorFlow, an open-source machine learning platform, has a vulnerability where two functions (`TensorListScatter` and `TensorListScatterV2`) crash when given certain types of input, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `QuantizeAndDequantizeV3` function where passing a nonscalar `num_bits` input tensor (a multi-dimensional array instead of a single value) causes the program to crash, which can be exploited for a denial of service attack (making a service unavailable by overwhelming or crashing it). The issue affects multiple TensorFlow versions.
TensorFlow (an open source machine learning platform) has a vulnerability where a specific function called `FakeQuantWithMinMaxVarsPerChannel` crashes when given certain types of input data, allowing attackers to cause a denial of service attack (making the system stop working). The developers have fixed the bug in their code.
TensorFlow, an open source platform for machine learning, has a vulnerability where a function called `RaggedTensorToVariant` can crash if it receives incorrectly formatted input (tensors with ranks other than one). An attacker could use this crash to launch a denial of service attack (making the system unavailable).
A vulnerability in TensorFlow (an open source platform for machine learning) allows attackers to crash the system by sending specially formatted inputs to a specific function called `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient`, causing a denial of service attack (where a system becomes unavailable). The issue occurs when the function receives input parameters with the wrong structure (rank other than 1).
TensorFlow (an open source platform for machine learning) has a vulnerability in its MaxPool function, which crashes when given a window size array with dimensions larger than the input data, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions.
TensorFlow (an open source platform for machine learning) has a vulnerability in its `tf.linalg.matrix_rank` function, which crashes when given an empty input. An attacker could exploit this crash to cause a denial of service attack (making the system unavailable by overwhelming it with requests or triggering failures).
TensorFlow, an open source platform for machine learning, has a vulnerability in its `DenseBincount` function where it doesn't properly check if the `weights` input tensor (a data structure holding numbers) has the correct shape, allowing attackers to crash the program through a denial of service attack (making a system unavailable by overwhelming it).
TensorFlow (an open source machine learning platform) has a bug where the `RaggedBincount` function crashes when given an empty input tensor called `splits`, which can be exploited to launch a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of the software.
TensorFlow (an open source platform for machine learning) has a vulnerability in its `LRNGrad` function where passing an incorrectly formatted input tensor (one that is not 4-dimensional) causes the program to crash, allowing attackers to trigger a denial of service attack (making the system unavailable).
TensorFlow (an open source machine learning platform) has a bug in the `ParameterizedTruncatedNormal` function where it only accepts one data type (`int32`) for the `shape` parameter, but crashes when given the correct type (`int64`), which could allow an attacker to cause a denial of service (making the software unavailable).
TensorFlow (an open source machine learning platform) has a vulnerability where running certain save operations on data types (formats for storing numbers) that aren't supported causes the program to crash, which could be used for a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a vulnerability in the `SparseBincount` function where invalid sparse tensor (a compressed way of storing data with mostly empty values) inputs can crash the program, potentially allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a vulnerability in its `FractionalMaxPoolGrad` function (a component that processes pooling operations) where it uses CHECK failures instead of returning errors to validate inputs. If someone sends incorrectly sized inputs to this function, they can trigger a denial of service attack (making the system crash or become unresponsive).
Fix: The issue has been patched in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0, and will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0 or the patched versions 2.9.1, 2.8.1, or 2.7.2. The fix is included in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. No workarounds are available, so updating is required.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0. It will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.10.0 or apply patches to supported versions 2.9.1, 2.8.1, and 2.7.2. The fix is available in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. For users on older supported versions, updates are also available for TensorFlow 2.9.1, 2.8.1, and 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available; users should update to these patched versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0, and will also be patched in earlier versions 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these versions or later.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix is included in TensorFlow 2.10.0 and will also be backported to (applied to earlier versions of) TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The vulnerability was patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix is included in TensorFlow 2.10.0 and will also be backported (applied to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and will be cherrypicked into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. No workarounds are available.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43 and will be included in TensorFlow 2.10.0. The fix will also be included in earlier versions: TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. If you cannot update to 2.10.0 yet, cherrypicked fixes are also available in TensorFlow 2.9.1, 2.8.1, and 2.7.2. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0 and will also be backported (added to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and will be backported (added to older versions) in TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and has been cherrypicked (backported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.10.0 or apply the patch from GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix is also being included in TensorFlow 2.9.1, 2.8.1, and 2.7.2.
NVD/CVE Database