Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).
Fix: The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4 will also receive this fix through a cherrypick (backporting the security patch to older supported versions).
NVD/CVE DatabaseA vulnerability in TensorFlow (an open source platform for machine learning) allows a malicious user to crash the program by providing specially crafted input to the Conv3D function (a tool for processing 3D image data). The vulnerability occurs because the code performs a division or modulo operation (mathematical operations that can fail) based on user-provided data, and if certain values are zero, the program crashes.
TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.
TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.
TensorFlow has a vulnerability in its RaggedBincount operation where invalid input arguments can cause a heap buffer overflow (a crash or memory corruption from accessing memory outside allocated bounds). An attacker can craft malicious input to make the code read or write to memory it shouldn't access, potentially compromising the system running the code.
TensorFlow, a machine learning platform, has a vulnerability where operations that expect numeric tensors (data types representing numbers) crash when given non-numeric tensors instead, due to a type confusion bug (mixing up data types) in the conversion from Python code to C++ code. The developers have fixed this issue and will release it in multiple versions.
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) through a FPE (floating-point exception, a math error when dividing by zero) in a specific operation. The bug exists because the code divides by a value computed from user input without first checking if that value is zero.
TensorFlow, an open-source machine learning platform, has a vulnerability in its `RaggedBincount` operation where improper validation of the `splits` argument can allow an attacker to trigger a heap buffer overflow (reading memory outside the intended bounds). An attacker could craft malicious input that causes the code to read from invalid memory locations, potentially leading to crashes or information disclosure.
CVE-2021-20289 is a flaw in RESTEasy (a framework for building web services) versions up to 4.6.0.Final where error messages expose sensitive information about the internal code. When RESTEasy cannot process certain parts of a request, it returns the class and method names of the endpoint in its error response, which could leak details about how the application is structured (CWE-209, generation of error messages containing sensitive information).
Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).
CVE-2020-26270 is a vulnerability in TensorFlow where LSTM/GRU models (types of neural network layers used for processing sequences) crash when they receive input with zero length on NVIDIA GPU systems, causing a denial of service (making the system unavailable). This happens because the system fails input validation (checking whether data is acceptable before processing it).
TensorFlow's release candidate versions 2.4.0rc* contain a vulnerability in the code that matches filesystem paths to globbing patterns (a method of searching for files using wildcards), which can cause the program to read memory outside the bounds of an array holding directory information. The vulnerability stems from missing checks on assumptions made by the parallel implementation, but this issue only affects the development version and release candidates, not the final release.
A bug in TensorFlow's tf.raw_ops.ImmutableConst operation (a function that creates fixed tensors from memory-mapped files) causes the Python interpreter to crash when the tensor type is not an integer type, because the code tries to write to memory that should be read-only. This crash happens when the file is large enough to contain the tensor data, resulting in a segmentation fault (a critical memory access error).
CVE-2020-26267 is a vulnerability in TensorFlow where the tf.raw_ops.DataFormatVecPermute API (a function for converting data format layout) fails to check the src_format and dst_format inputs, leading to uninitialized memory accesses (using memory that hasn't been set to a known value), out-of-bounds reads (accessing data outside intended boundaries), and potential crashes. The vulnerability was patched across multiple TensorFlow versions.
CVE-2020-26266 is a vulnerability in TensorFlow where saved models can accidentally use uninitialized values (memory locations that haven't been set to a starting value) during execution because certain floating point data types weren't properly initialized in the Eigen library (a math processing component). This is a use of uninitialized resource (CWE-908) type bug that could lead to unpredictable behavior when running affected models.
TensorFlow has a vulnerability where loading a saved model can access uninitialized memory (data that hasn't been set to a known value) when building a computation graph. The bug occurs in the MakeEdge function, which connects parts of a neural network together, because it doesn't verify that array indices are valid before accessing them, potentially allowing attackers to leak memory addresses from the library.
A bug was found in the Linux kernel before version 5.7.3 in the get_user_pages function (a mechanism that allows programs to access memory pages), where it incorrectly grants write access when it should only allow read access for copy-on-write pages (memory regions shared between processes that are copied when modified). This happens because the function doesn't properly respect read-only restrictions, creating a security vulnerability.
A vulnerability in Libsvm v324 (a machine learning library used by scikit-learn 0.23.2) allows attackers to crash a program by sending a specially crafted machine learning model with an extremely large value in the _n_support array, causing a segmentation fault (a type of crash where the program tries to access memory it shouldn't). The scikit-learn developers noted this only happens if an application violates the library's API by modifying private attributes.
TensorFlow versions before 2.4.0 have a bug in the `tf.image.crop_and_resize` function where very large values in the `boxes` argument are converted to NaN (a special floating point value meaning "not a number"), causing undefined behavior and a segmentation fault (a crash from illegal memory access). This vulnerability affects the CPU implementation of the function.
In TensorFlow before version 2.4.0, an attacker can provide an invalid `axis` parameter (a setting that specifies which dimension of data to work with) to a quantization function, causing the program to access memory outside the bounds of an array, which crashes the system. The vulnerability exists because the code only uses DCHECK (a debug-only validation that is disabled in normal builds) rather than proper runtime validation.
Fix: The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be backported (added to earlier versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. A cherrypick (a targeted code fix applied to older versions) will also be included in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: Update to Qiita::Markdown version 0.33.0 or later. Details of the fix are available in the patch release notes at https://github.com/increments/qiita-markdown/compare/v0.32.0...v0.33.0.
NVD/CVE DatabaseFix: This is fixed in TensorFlow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: This is patched in version 2.4.0. The implementation was completely rewritten to fully specify and validate the preconditions.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
NVD/CVE DatabaseFix: This vulnerability is fixed in TensorFlow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: Update the Linux kernel to version 5.7.3 or later. A patch is available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f. Debian users should refer to security updates referenced in the Debian mailing list announcements and DSA-5096.
NVD/CVE DatabaseFix: A patch is available in scikit-learn at commit 1bf13d567d3cd74854aa8343fd25b61dd768bb85 on GitHub, as referenced in the source material.
NVD/CVE DatabaseFix: Upgrade to TensorFlow version 2.4.0 or later, which contains the patch. TensorFlow nightly packages (development builds) after commit eccb7ec454e6617738554a255d77f08e60ee0808 also have the issue resolved.
NVD/CVE DatabaseFix: The issue is patched in commit eccb7ec454e6617738554a255d77f08e60ee0808. Upgrade to TensorFlow 2.4.0 or later, or use TensorFlow nightly packages released after this commit.
NVD/CVE Database