Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.
Fix: The fix will be included in TensorFlow 2.5.0. It will also be backported (added to earlier versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseTensorFlow has a vulnerability in its RaggedBincount operation where invalid input arguments can cause a heap buffer overflow (a crash or memory corruption from accessing memory outside allocated bounds). An attacker can craft malicious input to make the code read or write to memory it shouldn't access, potentially compromising the system running the code.
TensorFlow, a machine learning platform, has a vulnerability where operations that expect numeric tensors (data types representing numbers) crash when given non-numeric tensors instead, due to a type confusion bug (mixing up data types) in the conversion from Python code to C++ code. The developers have fixed this issue and will release it in multiple versions.
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) through a FPE (floating-point exception, a math error when dividing by zero) in a specific operation. The bug exists because the code divides by a value computed from user input without first checking if that value is zero.
TensorFlow, an open-source machine learning platform, has a vulnerability in its `RaggedBincount` operation where improper validation of the `splits` argument can allow an attacker to trigger a heap buffer overflow (reading memory outside the intended bounds). An attacker could craft malicious input that causes the code to read from invalid memory locations, potentially leading to crashes or information disclosure.
CVE-2021-20289 is a flaw in RESTEasy (a framework for building web services) versions up to 4.6.0.Final where error messages expose sensitive information about the internal code. When RESTEasy cannot process certain parts of a request, it returns the class and method names of the endpoint in its error response, which could leak details about how the application is structured (CWE-209, generation of error messages containing sensitive information).
Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).
CVE-2020-26270 is a vulnerability in TensorFlow where LSTM/GRU models (types of neural network layers used for processing sequences) crash when they receive input with zero length on NVIDIA GPU systems, causing a denial of service (making the system unavailable). This happens because the system fails input validation (checking whether data is acceptable before processing it).
TensorFlow's release candidate versions 2.4.0rc* contain a vulnerability in the code that matches filesystem paths to globbing patterns (a method of searching for files using wildcards), which can cause the program to read memory outside the bounds of an array holding directory information. The vulnerability stems from missing checks on assumptions made by the parallel implementation, but this issue only affects the development version and release candidates, not the final release.
A bug in TensorFlow's tf.raw_ops.ImmutableConst operation (a function that creates fixed tensors from memory-mapped files) causes the Python interpreter to crash when the tensor type is not an integer type, because the code tries to write to memory that should be read-only. This crash happens when the file is large enough to contain the tensor data, resulting in a segmentation fault (a critical memory access error).
CVE-2020-26267 is a vulnerability in TensorFlow where the tf.raw_ops.DataFormatVecPermute API (a function for converting data format layout) fails to check the src_format and dst_format inputs, leading to uninitialized memory accesses (using memory that hasn't been set to a known value), out-of-bounds reads (accessing data outside intended boundaries), and potential crashes. The vulnerability was patched across multiple TensorFlow versions.
CVE-2020-26266 is a vulnerability in TensorFlow where saved models can accidentally use uninitialized values (memory locations that haven't been set to a starting value) during execution because certain floating point data types weren't properly initialized in the Eigen library (a math processing component). This is a use of uninitialized resource (CWE-908) type bug that could lead to unpredictable behavior when running affected models.
TensorFlow has a vulnerability where loading a saved model can access uninitialized memory (data that hasn't been set to a known value) when building a computation graph. The bug occurs in the MakeEdge function, which connects parts of a neural network together, because it doesn't verify that array indices are valid before accessing them, potentially allowing attackers to leak memory addresses from the library.
A bug was found in the Linux kernel before version 5.7.3 in the get_user_pages function (a mechanism that allows programs to access memory pages), where it incorrectly grants write access when it should only allow read access for copy-on-write pages (memory regions shared between processes that are copied when modified). This happens because the function doesn't properly respect read-only restrictions, creating a security vulnerability.
A vulnerability in Libsvm v324 (a machine learning library used by scikit-learn 0.23.2) allows attackers to crash a program by sending a specially crafted machine learning model with an extremely large value in the _n_support array, causing a segmentation fault (a type of crash where the program tries to access memory it shouldn't). The scikit-learn developers noted this only happens if an application violates the library's API by modifying private attributes.
TensorFlow versions before 2.4.0 have a bug in the `tf.image.crop_and_resize` function where very large values in the `boxes` argument are converted to NaN (a special floating point value meaning "not a number"), causing undefined behavior and a segmentation fault (a crash from illegal memory access). This vulnerability affects the CPU implementation of the function.
In TensorFlow before version 2.4.0, an attacker can provide an invalid `axis` parameter (a setting that specifies which dimension of data to work with) to a quantization function, causing the program to access memory outside the bounds of an array, which crashes the system. The vulnerability exists because the code only uses DCHECK (a debug-only validation that is disabled in normal builds) rather than proper runtime validation.
TensorFlow Lite versions before 2.2.1 and 2.3.1 have a bug where the segment sum operation (a function that groups and sums data) crashes or causes memory corruption if the segment IDs (labels that organize the data) are not sorted in increasing order. The code incorrectly assumes the IDs are sorted, so it allocates too little memory, leading to a segmentation fault (a crash caused by accessing memory it shouldn't).
TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) before versions 2.2.1 and 2.3.1 has a vulnerability where attackers can crash an application by making it try to allocate too much memory through the segment sum operation (a function that groups and sums data). The vulnerability works because the code uses the largest value in the input data to determine how much memory to request, so an attacker can provide a very large number to exhaust available memory.
TensorFlow Lite versions before 2.2.1 and 2.3.1 have a vulnerability where negative values in the segment_ids tensor (an array of numbers used to group data) can cause the software to write data outside its allocated memory area, potentially crashing the program or corrupting memory. This vulnerability can be exploited by anyone who can modify the segment_ids data.
Fix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. A cherrypick (a targeted code fix applied to older versions) will also be included in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: Update to Qiita::Markdown version 0.33.0 or later. Details of the fix are available in the patch release notes at https://github.com/increments/qiita-markdown/compare/v0.32.0...v0.33.0.
NVD/CVE DatabaseFix: This is fixed in TensorFlow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: This is patched in version 2.4.0. The implementation was completely rewritten to fully specify and validate the preconditions.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
NVD/CVE DatabaseFix: This vulnerability is fixed in TensorFlow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: Update the Linux kernel to version 5.7.3 or later. A patch is available at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f. Debian users should refer to security updates referenced in the Debian mailing list announcements and DSA-5096.
NVD/CVE DatabaseFix: A patch is available in scikit-learn at commit 1bf13d567d3cd74854aa8343fd25b61dd768bb85 on GitHub, as referenced in the source material.
NVD/CVE DatabaseFix: Upgrade to TensorFlow version 2.4.0 or later, which contains the patch. TensorFlow nightly packages (development builds) after commit eccb7ec454e6617738554a255d77f08e60ee0808 also have the issue resolved.
NVD/CVE DatabaseFix: The issue is patched in commit eccb7ec454e6617738554a255d77f08e60ee0808. Upgrade to TensorFlow 2.4.0 or later, or use TensorFlow nightly packages released after this commit.
NVD/CVE DatabaseFix: Upgrade to TensorFlow Lite version 2.2.1 or 2.3.1. As a partial workaround for cases where segment IDs are stored in the model file, add a custom Verifier to the model loading code to check that segment IDs are sorted; however, this workaround does not work if segment IDs are generated during inference (when the model is running), in which case upgrading to patched code is necessary.
NVD/CVE DatabaseFix: Upgrade to TensorFlow versions 2.2.1 or 2.3.1. As a partial workaround (only if segment IDs are fixed in the model file), add a custom `Verifier` to limit the maximum value allowed in the segment IDs tensor. If segment IDs are generated during inference, similar validation can be added between inference steps. However, if segment IDs are generated as outputs of a tensor during inference, no workaround is possible and upgrading is required.
NVD/CVE DatabaseFix: The issue is patched in TensorFlow versions 2.2.1 or 2.3.1. As a workaround for unpatched versions, users can add a custom Verifier (a validation tool) to the model loading code to check that all segment IDs are positive if they are stored in the model file, or add similar validation at runtime if they are generated during execution. However, if segment IDs are generated as outputs during inference, no workaround is available and upgrading to patched code is required.
NVD/CVE Database