Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV4Grad` function where a negative integer is incorrectly converted to an unsigned integer, causing an integer overflow (when a number becomes too large for its data type) and potentially allocating excessive memory. This bug could allow attackers to crash the system or cause other harmful effects.
Fix: The issue was patched in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. Users should update to TensorFlow 2.6.0, or apply the cherrypicked fix available in TensorFlow 2.5.1 and TensorFlow 2.4.3.
NVD/CVE DatabaseTensorFlow (an open source machine learning platform) has a vulnerability where passing a negative number to the `num_elements` argument of `tf.raw_ops.TensorListReserve` causes the program to crash. The problem occurs because the code uses `std::vector.resize()` (a function that changes the size of a data container) with user input without checking if that input is valid first.
TensorFlow, a machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedGather` function where invalid input arguments can cause the program to read memory outside the bounds of allocated buffers (a heap buffer overflow). The bug occurs because the code reads tensor dimensions without first checking that the tensor has at least one dimension, and doesn't verify that required tensor lists aren't empty.
TensorFlow, a popular machine learning platform, has a bug in its sparse reduction operations (functions that combine data in a specific way) that can cause the software to access memory outside its allocated boundaries. The problem occurs because the code doesn't properly check that reduction groups stay within valid limits or that index values point to valid parts of the input data.
TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.UncompressElement` function where it tries to use a pointer (a reference to a location in memory) without checking if that pointer is valid, causing a null pointer dereference (crash when accessing an empty memory location). An attacker could exploit this by providing specially crafted data to crash the program.
TensorFlow (an open source platform for machine learning) has a vulnerability where the `tf.raw_ops.SparseTensorSliceDataset` function can crash by trying to access memory that doesn't exist (null pointer dereference) when a user provides incomplete arguments for a sparse tensor (a data structure optimized for data with many zero values). The bug occurs because the code doesn't properly validate the case when one part of the sparse tensor is empty but the other part is provided.
TensorFlow has a vulnerability where the MatrixDiagPartOp function doesn't check if input data exists before reading from it, causing either a null pointer dereference (a crash from accessing memory that doesn't exist) or incorrect behavior that ignores most of the data. This happens when users don't provide valid padding values to this operation.
TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the program or read memory they shouldn't access by providing incomplete or missing tensor names when restoring data. The bug happens because the code doesn't check if there are enough items in a list before trying to access them, leading to either a null pointer dereference (a crash from accessing invalid memory) or an out-of-bounds read (accessing memory outside the intended storage area).
A vulnerability in TensorFlow (a machine learning platform) allows attackers to crash the program by sending an invalid empty list to the `tf.raw_ops.RaggedTensorToTensor` function, which tries to access the first element without checking if the list is empty first, causing undefined behavior (unpredictable program actions). This is a null pointer dereference (attempting to use a memory location that contains no valid data).
TensorFlow, an open source platform for machine learning, has a vulnerability where passing invalid input to a specific function (tf.raw_ops.CompressElement) can cause a null pointer dereference (an error that occurs when code tries to access memory that hasn't been properly initialized). The bug happened because the code checked the size of a data buffer without first verifying that the buffer itself was valid.
TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can crash the system by causing a floating point exception (a math error that stops the program) through specially crafted inputs to inplace operations (functions that modify data in place). The bug exists because the code uses the wrong logical operator, checking if either condition is true instead of checking if both are true.
TensorFlow, a machine learning platform, has a vulnerability where an attacker can crash the system through a floating point exception (a math error that occurs when dividing by zero) in the `tf.raw_ops.ResourceGather` function. The problem happens because the code divides by a value without first checking if that value is zero.
TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResourceScatterDiv` function that causes a division by 0 error (attempting to divide by zero, which crashes programs). The problem exists because the code treats all division operations the same way without special handling for the case when the divisor is zero.
TensorFlow, an open-source machine learning platform, has a bug in the `tf.raw_ops.SparseReshape` function where it can crash with a division by zero error (dividing a number by zero). This happens because the code doesn't check if the target shape has any elements before dividing by it, allowing attackers to trigger this crash by providing specially crafted input.
TensorFlow, an open source platform for machine learning, has a vulnerability in its `tf.raw_ops.SparseDenseCwiseDiv` function where division by zero is not properly handled, causing the program to crash or behave unexpectedly. The vulnerability affects multiple older versions of TensorFlow that are still being supported.
TensorFlow versions up to 2.5.0 have a vulnerability where attackers can overwrite arbitrary files by providing a specially crafted archive when the tf.keras.utils.get_file function is used with the extract=True setting. This happens because the function doesn't properly validate file paths during extraction (a weakness called path traversal, where attackers manipulate file paths to access files outside intended directories). The vendor notes that this function was not designed to handle untrusted archives.
TensorFlow (an open-source platform for machine learning) has a bug where passing invalid arguments to a specific function called `tf.raw_ops.SparseCountSparseOutput` causes a segfault (a crash where the program tries to access memory it shouldn't). This happens because the function doesn't properly handle exceptional conditions (unexpected or invalid inputs).
TensorFlow (an open source machine learning platform) crashes when you pass a complex argument to the `tf.transpose` function while also using the `conjugate=True` argument. This happens because the software doesn't properly handle this unusual combination of inputs.
TensorFlow is a machine learning platform that had a vulnerability where an attacker could crash the system by sending invalid arguments to the `tf.strings.substr` function, which performs string operations. This vulnerability was caused by improper error handling (not properly catching and managing exceptional conditions that shouldn't happen).
TensorFlow, a machine learning platform, has a vulnerability where TrySimplify (a code optimization component) can crash by dereferencing a null pointer (trying to access memory that doesn't exist) when optimizing nodes with no inputs. This undefined behavior can cause the program to fail unexpectedly.
Fix: The issue was patched in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0 and will be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix is included in TensorFlow 2.6.0 and was also backported (applied to older versions) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix is included in TensorFlow 2.6.0 and will be cherry-picked (backported to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix is included in TensorFlow 2.6.0 and has been backported (applied to earlier versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0, and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The fix was patched in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314 and will be included in TensorFlow 2.6.0. The patch was also applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0 and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow 2.6.0, and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix is included in TensorFlow 2.6.0 and will also be applied to TensorFlow 2.5.1.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix is included in TensorFlow 2.6.0, and the patch was also applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. Patches will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are also affected and still supported.
NVD/CVE DatabaseFix: Update to TensorFlow 2.5.0 or later. If you're using an older supported version, updates are also available for TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be backported (applied to older versions) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which are still supported.
NVD/CVE Database