Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow, an open source machine learning framework, has a bug in its shape inference for the `ReverseSequence` operation where it doesn't properly check if the `batch_dim` parameter is a negative number, allowing it to read memory outside the intended array bounds (a heap OOB read, or out-of-bounds read that accesses invalid memory). While the code checks that `batch_dim` isn't larger than the input rank, it fails to reject negative values that are too extreme, which can cause the program to access memory before the start of the array.
Fix: The fix will be included in TensorFlow 2.8.0 and will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 through cherrypicking (applying the same commit to older versions).
NVD/CVE DatabaseTensorFlow, an open source machine learning framework, has a vulnerability in its shape inference for the `Dequantize` operation where the `axis` argument is not properly validated. An attacker can provide an unexpectedly large `axis` value that causes an integer overflow (when a number becomes too large and wraps around to a negative or incorrect value) when the code adds 1 to it.
TensorFlow, an open-source machine learning framework, has a bug in its `Dequantize` function where the `axis` parameter (which specifies which dimension to operate on) isn't properly validated. This allows attackers to read past the end of an array in memory, potentially causing crashes or exposing sensitive data through a heap OOB (out-of-bounds) access, which means reading memory locations outside the intended storage area.
A vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition's JAXP component (a Java library for processing XML data) allows an attacker on the network to read some data they shouldn't have access to without needing to log in. The vulnerability affects several older versions of Java and can be exploited through web services or untrusted code running in a Java sandbox (a restricted environment meant to safely run untrusted programs).
pytorch-lightning (a popular machine learning library) contains a vulnerability related to deserialization of untrusted data (CWE-502, where a program unsafely processes data from an untrusted source, potentially allowing an attacker to run malicious code). The vulnerability was identified and reported through the huntr.dev bug bounty program.
Sockeye, an open-source tool for Neural Machine Translation (a type of AI that translates text between languages), had a security flaw in versions before 2.3.24 where it used unsafe YAML loading (a method to read configuration files without proper safety checks). An attacker could hide malicious code in a model's configuration file, and if a user downloaded and ran that model, the hidden code would execute on their computer.
Aim is an open-source tool for tracking machine learning experiments. Versions before 3.1.0 have a path traversal vulnerability (a type of attack where special sequences like '../' are used to access files outside the intended directory), which could allow attackers to read sensitive files like source code, configuration files, or system files on the server.
TensorFlow's `saved_model_cli` tool (a command-line utility for working with machine learning models) has a code injection vulnerability because it runs `eval` on user-supplied strings, which could allow attackers to execute arbitrary code on the system. The risk is limited since the tool is only run manually by users, not automatically.
TensorFlow (an open source machine learning platform) has a vulnerability in the `ImmutableConst` operation that allows attackers to read arbitrary memory contents. The issue occurs because the operation doesn't properly handle a special type of string called `tstring` that can reference memory-mapped data.
TensorFlow's Grappler optimizer (the part of TensorFlow that improves how machine learning models run) has a bug where a variable called `dequeue_node` is never initialized if a saved model doesn't contain a specific type of operation called a `Dequeue` node. This uninitialized variable could cause the optimizer to behave unpredictably or crash.
TensorFlow, an open source platform for machine learning, has a vulnerability in the `SplitV` function where supplying negative arguments can cause a segfault (a crash from accessing invalid memory). The crash happens when the `size_splits` parameter contains multiple values with at least one being negative.
TensorFlow (an open source machine learning platform) has a vulnerability where shape inference code for certain operations can be tricked into accessing invalid memory through a heap buffer overflow (where a program writes data beyond the allocated memory space). This happens because the code doesn't verify that certain input parameters have the correct structure before using them.
TensorFlow, an open source platform for machine learning, had a memory leak and use-after-free bug (a mistake where the program tries to access data after it has already been deleted) in its `CollectiveReduceV2` function due to improper handling of asynchronous operations. The vulnerability was caused by objects being moved from memory while still being accessed elsewhere in the code.
TensorFlow (an open source platform for machine learning) contains a vulnerability in its shape inference function for the `Transpose` operation where negative values in the `perm` parameter can cause a heap buffer overflow (writing data outside the intended memory boundaries). The issue stems from insufficient validation of the indices in `perm` before they are processed.
TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.function` API (a feature that converts Python functions into optimized operations) where mutually recursive functions (functions that call each other back and forth) can cause a deadlock using a non-reentrant Lock (a mechanism that prevents simultaneous access but doesn't allow the same thread to re-enter it). An attacker could cause a denial of service by tricking users into loading vulnerable models, though this scenario is uncommon.
TensorFlow, an open source machine learning platform, has a bug in its shape inference code for the `AllToAll` function that causes a division by zero error (when a value is divided by 0, causing the program to crash) whenever the `split_count` argument is set to 0. This vulnerability could allow an attacker to crash or disrupt a TensorFlow application.
TensorFlow (an open source platform for machine learning) has a bug where its convolution operators (mathematical functions that process data in neural networks) crash with a division by zero error when given empty filter tensors (arrays of parameters). This vulnerability affects multiple versions of TensorFlow.
TensorFlow's boosted trees code (a machine learning feature for building multiple decision trees together) lacks proper input validation, allowing attackers to crash the system (denial of service, where a service becomes unavailable), read sensitive data from memory, or write malicious data to memory buffers. The TensorFlow developers recommend stopping use of these APIs since the boosted trees code is no longer actively maintained.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `ParallelConcat` function that lacks proper input validation and can cause a division by zero error (a crash caused by dividing a number by zero). The affected versions have known fixes available through updates to TensorFlow 2.7.0 and earlier supported versions.
Fix: The fix will be included in TensorFlow 2.8.0. It will also be backported (applied to earlier versions) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 through backported commits (cherrypicks).
NVD/CVE DatabaseFix: A patch is available in the pytorch-lightning repository at commit 62f1e82e032eb16565e676d39e0db0cac7e34ace. Users should update to this patched version to fix the deserialization vulnerability.
NVD/CVE DatabaseGradio, a framework for building interactive machine learning demos, had a vulnerability in versions before 2.5.0 where users could read any file on the host computer if they knew the file path, since file access wasn't restricted (though files could only be opened in read-only mode). This meant anyone with a link to a Gradio interface could potentially access sensitive files on the server.
Fix: Update to Gradio version 2.5.0 or later, where the vulnerability has been patched.
NVD/CVE DatabaseFix: The issue is fixed in version 2.3.24. Users should update to this version or later.
NVD/CVE DatabaseFix: Upgrade to Aim v3.1.0, where the vulnerability is resolved.
NVD/CVE DatabaseFix: The developers patched this by adding a `safe` flag that defaults to `True` and an explicit warning for users. The fix is included in TensorFlow 2.7.0, and will also be backported (applied to older versions still being supported) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The patch will also be backported (applied to older supported versions) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: Update to TensorFlow 2.7.0 or later. If you need to stay on earlier versions, update to TensorFlow 2.6.1, 2.5.2, or 2.4.4, which will include the fix through a cherrypick (backport of the specific fix to older versions).
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The patch will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are still in the supported range. Users can reference the specific commit at https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The patch will also be backported (adapted and released) for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.7.0, and the patch was also backported to TensorFlow 2.6.1, which was the only other affected version.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. Users of affected versions should upgrade to TensorFlow 2.7.0 or the patched versions: TensorFlow 2.6.1, TensorFlow 2.5.2, or TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The fix will also be backported (applied to older supported versions) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.7.0. For users on earlier versions still receiving support, the patch will also be applied to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.7.0 and has also been backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. Security patches will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: Update to TensorFlow 2.7.0. For users on earlier versions still in the supported range, apply patches for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4. The fix is available in the commit: https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235
NVD/CVE Database