Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow, an open source machine learning platform, has a bug in its shape inference code for the `tf.ragged.cross` function where it tries to use a null pointer (a reference to nothing), causing undefined behavior. The vulnerability is caused by accessing an uninitialized pointer (a memory location that hasn't been set up yet).
Fix: The fix will be included in TensorFlow 2.7.0. Patches will also be backported (applied to earlier versions) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseTensorFlow, an open source machine learning platform, has a vulnerability in its shape inference code for the `tf.ragged.cross` function that allows reading data outside the bounds of allocated memory (an out-of-bounds read, which can cause crashes or expose sensitive data). The vulnerability affects multiple versions of TensorFlow and has been patched in newer releases.
TensorFlow, an open-source machine learning platform, has a vulnerability in its shape inference code for the `QuantizeV2` function that allows reading memory outside of the intended boundaries (heap OOB read, or out-of-bounds read) when the `axis` parameter is given a negative value less than -1. This happens because the code doesn't properly validate that negative axis values stay within acceptable bounds before accessing memory.
TensorFlow, an open source platform for machine learning, has a vulnerability in its shape inference functions for `QuantizeAndDequantizeV*` operations that can cause the program to read data outside the bounds of allocated memory (an out-of-bounds read, which is a memory safety error). This affects multiple versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a bug in its Grappler optimizer (the part that optimizes computational graphs) where constant folding (simplifying calculations before running them) incorrectly tries to copy resource tensors (special data structures that shouldn't be modified), causing the program to crash. The issue affects multiple versions of TensorFlow.
TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause crashes or undefined behavior (unpredictable program execution) by modifying saved checkpoints (saved states of a trained model) from outside the system, because the checkpoint loading code doesn't properly validate file formats. This affects multiple versions of TensorFlow that are still being supported.
TensorFlow, an open source machine learning platform, had a vulnerability in its shape inference functions for `SparseCountSparseOutput` that could cause an out-of-bounds read (accessing memory outside the intended area of a heap-allocated array, which can crash the program or leak data). This vulnerability affected multiple versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a bug in the `EinsumHelper::ParseEquation()` function where it fails to properly initialize certain flags (variables that track whether ellipsis notation is used in inputs and outputs). The function only sets these flags to true but never to false, which can cause the program to read uninitialized memory (garbage values) if code calling this function assumes the flags are always set correctly.
TensorFlow (an open source platform for machine learning) has a bug where calling a specific function called `tf.summary.create_file_writer` with non-scalar arguments (values that aren't single numbers) causes the program to crash due to a failed assertion check. This vulnerability affects several versions of TensorFlow.
TensorFlow (an open source machine learning platform) has a bug in its `tf.image.resize` function where using very large input values causes the program to crash due to an integer overflow (when a number becomes too large for its storage type). The overflow is caught by a safety check that stops the entire process.
TensorFlow (an open source machine learning platform) crashes when the `tf.tile` function (which repeats tensor data) is called with very large inputs, because the number of output elements exceeds what an `int64_t` integer type can hold, causing an overflow that triggers a safety check and terminates the process.
TensorFlow (an open source machine learning platform) has a vulnerability where tensors (multi-dimensional arrays of numbers) with very large dimensions can cause an integer overflow (when a calculation produces a number too big to store), resulting in a crash or inconsistent behavior. The vulnerability occurs because the code checks for overflow incorrectly in some parts of the codebase.
TensorFlow (an open source machine learning platform) has a bug in its Keras pooling layers (functions that reduce data size by sampling from groups of values) that can cause a segfault (crash where the program tries to access invalid memory) if the pool size is 0 or if a dimension is negative, because the code doesn't check that these values are positive.
TensorFlow's `tf.math.segment_*` operations (functions that process data divided into segments) crash with a denial of service error when a segment ID is very large, because the code doesn't properly handle cases where the output size exceeds what an int64_t (a 64-bit integer type) can store. The crash happens in both CPU and GPU implementations when computing output shape.
CVE-2021-42694 is a vulnerability in the Unicode Specification (up to version 14.0) that allows attackers to create source code identifiers (like function names) using homoglyphs (characters that look identical but are technically different) to sneak malicious code into software. An attacker could use these visually identical but distinct characters in upstream dependencies (external code libraries), and developers reviewing the code might not catch the deception, allowing the malicious code to be used downstream (in other software that depends on it).
Rasa is a framework for building conversational AI systems, and versions before 2.8.10 have a vulnerability where a malicious model file (a compressed archive containing trained AI weights) can overwrite or replace important bot files. This happens because the software doesn't properly validate what's inside the model file before extracting it.
ParlAI, a framework for training AI models on dialogue datasets, has a vulnerability where it unsafely loads YAML files (a data format), allowing attackers to execute arbitrary code on affected systems. The vulnerability occurs because the framework uses an unsafe YAML loader that can be tricked into running malicious code hidden in data files.
TensorFlow, an open-source machine learning platform, had a bug where certain shape functions created temporary data structures (ShapeAndType structs) that were deleted too quickly, causing crashes (segfaults, or sudden program failures) if other code tried to access them. The issue was that while normal output shapes were being protected by copying them to safer ownership, the code wasn't doing the same protection for shapes and types together.
TensorFlow (an open source machine learning platform) had a bug where Go code could crash the program during memory cleanup of string tensors if encoding failed. The problem occurred because the cleanup process assumed encoding always succeeded, but didn't check whether it actually did.
TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can create a specially crafted TFLite model (a lightweight version of TensorFlow for mobile and embedded devices) that causes a division by zero error (a crash that happens when code tries to divide a number by zero) in its LSH projection feature. This flaw affects multiple versions of TensorFlow.
Fix: The fix is included in TensorFlow 2.7.0. For users on earlier versions, patches were also released for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are still in the supported range.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The fix will also be applied to TensorFlow 2.6.1, as this is the only other version affected.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The patch will also be applied to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these versions are affected and still supported.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. Updates will also be available in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fixes will be included in TensorFlow 2.7.0. Additionally, patches will be cherry-picked (applied) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are also affected and still in the supported range.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.7.0. The patch was also cherry-picked (applied to earlier versions) for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which were still in the supported range at the time.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The fix will also be backported (cherry-picked) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The developers will also apply this fix to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are still in the supported range. Users can reference the patch commit at https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. The fix will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.7.0. The patch will also be backported (applied to older versions) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. Users of affected versions should update to TensorFlow 2.7.0, or apply cherrypicked patches available for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
NVD/CVE DatabaseFix: Update to TensorFlow 2.7.0, or apply the fix via cherrypicked commits in TensorFlow 2.6.1, TensorFlow 2.5.2, or TensorFlow 2.4.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.7.0. TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4 will also receive this patch as these versions are still supported.
NVD/CVE DatabaseFix: The Unicode Consortium provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and has documented this security vulnerability in Unicode Technical Report #36, Unicode Security Considerations.
NVD/CVE DatabaseFix: The vulnerability is fixed in Rasa 2.8.10. For users unable to update, ensure that users do not upload untrusted model files, and restrict CLI (command-line interface, a text-based way to control software) or API endpoint access (network connections that allow external programs to interact with Rasa) where a malicious actor could target a deployed Rasa instance.
NVD/CVE DatabaseFix: Update ParlAI to version v1.1.0 or above. If upgrading is not possible, change the Loader to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1 and fixed by applying the same cloning logic to output shapes and types. The fix is included in TensorFlow 2.6.0, and was also backported (added to earlier versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The fix defers calling the finalizer function (the cleanup code) until after the tensor is fully created, and changes how memory is deallocated for string tensors to be based on bytes actually written rather than assuming encoding succeeded. This was patched in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22 and will be included in TensorFlow 2.6.0 and will be backported to TensorFlow 2.5.1.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow 2.6.0 and will also be backported (applied to older versions) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
NVD/CVE Database