Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow (an open source platform for machine learning) has a vulnerability in its `LRNGrad` function where passing an incorrectly formatted input tensor (one that is not 4-dimensional) causes the program to crash, allowing attackers to trigger a denial of service attack (making the system unavailable).
Fix: The issue was patched in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseTensorFlow (an open source machine learning platform) has a bug in the `ParameterizedTruncatedNormal` function where it only accepts one data type (`int32`) for the `shape` parameter, but crashes when given the correct type (`int64`), which could allow an attacker to cause a denial of service (making the software unavailable).
TensorFlow (an open source machine learning platform) has a vulnerability where running certain save operations on data types (formats for storing numbers) that aren't supported causes the program to crash, which could be used for a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a vulnerability in the `SparseBincount` function where invalid sparse tensor (a compressed way of storing data with mostly empty values) inputs can crash the program, potentially allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a vulnerability in its `FractionalMaxPoolGrad` function (a component that processes pooling operations) where it uses CHECK failures instead of returning errors to validate inputs. If someone sends incorrectly sized inputs to this function, they can trigger a denial of service attack (making the system crash or become unresponsive).
TensorFlow (an open-source machine learning platform) has a vulnerability where two functions called `QuantizedRelu` and `QuantizedRelu6` crash when given certain types of incorrect inputs for their `min_features` or `max_features` parameters, which attackers could exploit to cause a denial of service attack (making the system unavailable).
TensorFlow (an open source machine learning platform) has a bug where a function called `QuantizeDownAndShrinkRange` crashes if it receives nonscalar inputs (arrays or objects with multiple values instead of single values) for certain parameters, allowing attackers to cause a denial of service attack (making the system unavailable).
TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedMatMul` function that crashes when given certain types of improper input (nonscalar values for min/max parameters), allowing attackers to trigger a denial of service attack (making the system unavailable). The issue has been fixed and will be released in updated versions of TensorFlow.
TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedBiasAdd` function that crashes when given certain tensor inputs of nonzero rank (multi-dimensional arrays), allowing attackers to launch a denial of service attack (making the system unavailable). The developers have identified and patched the issue.
TensorFlow, an open source machine learning platform, has a vulnerability in the `FakeQuantWithMinMaxVars` function where providing certain types of input tensors (multidimensional arrays of numbers) causes the program to crash, enabling a denial of service attack (making a system unavailable to users). The vulnerability has been identified and fixed in the codebase.
TensorFlow (an open source platform for machine learning) has a bug in the `QuantizedInstanceNorm` function where passing certain tensor inputs (`x_min` or `x_max` with nonzero rank, which are multi-dimensional arrays of numerical data) causes a segfault (a crash from accessing invalid memory), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability was fixed and will be released in TensorFlow 2.10.0, with backported patches for earlier versions.
TensorFlow (an open-source machine learning platform) has a bug in the `Conv2DBackpropInput` function where it crashes if the `input_sizes` parameter is not 4-dimensional, allowing attackers to cause a denial of service (making the system unavailable). The issue has been fixed and will be released in upcoming versions.
TensorFlow, an open source machine learning platform, has a bug in the `AvgPoolGrad` function where it doesn't properly check the input parameter `orig_input_shape`. This incomplete validation causes a CHECK failure (a crash that stops the program), which attackers can exploit to perform a denial of service attack (making the system unavailable to legitimate users).
TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedAdd` function (a tool for adding quantized numbers, which are rounded values used to save memory). If this function receives certain tensor inputs of nonzero rank (multi-dimensional arrays), it crashes the program, which can be exploited to cause a denial of service attack (making the system unavailable to legitimate users).
A bug in TensorFlow (an open source platform for machine learning) called `QuantizedAvgPool` can crash when given certain types of inputs, allowing attackers to launch a denial of service attack (making a system unavailable). The issue has been fixed and will be released in upcoming versions of the software.
TensorFlow (an open source platform for machine learning) has a bug where the `LowerBound` or `UpperBound` functions crash if given an empty input list, causing a nullptr dereference (trying to access memory that doesn't exist). This crash can be exploited to launch a denial of service attack (making the system unavailable to legitimate users).
TensorFlow (an open source platform for machine learning) has a bug in the `BlockLSTMGradV2` function that doesn't properly check its inputs, allowing attackers to crash the system with a denial of service attack (causing the program to stop working). The vulnerability affects multiple versions of TensorFlow.
A bug in TensorFlow (an open source machine learning platform) within a function called `FractionalAvgPoolGrad` doesn't properly check its input data, causing an overflow (when a number becomes too large for the program to handle) that crashes the program and can be exploited to launch a denial of service attack (making a service unavailable to users).
TensorFlow (an open source machine learning platform) has a bug in its TensorListReserve function where it assumes `num_elements` is a tensor with only one value, but crashes if given multiple values. This causes the function to fail when users try to use `tf.raw_ops.TensorListReserve` with improperly sized input.
TensorFlow (an open source machine learning platform) has a bug in `AvgPool3DGradOp` (a function that calculates gradients for 3D average pooling operations) where it doesn't properly check the `orig_input_shape` input value. This causes an overflow (when a number gets too large for its container) that crashes the system with a CHECK failure, allowing attackers to perform a denial of service attack (making the system unavailable).
Fix: The issue was patched in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0 and will also be backported (added to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and will be backported (added to older versions) in TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and has been cherrypicked (backported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.10.0 or apply the patch from GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix is also being included in TensorFlow 2.9.1, 2.8.1, and 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available, so users must update to a patched version.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The fix is available in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48 and will be included in TensorFlow 2.10.0. Users of TensorFlow 2.9.1, 2.8.1, and 2.7.2 should update to the patched versions of those releases (2.9.1, 2.8.1, and 2.7.2 respectively), as the fix will be cherry-picked into these supported versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0 and will also be backported to TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0. Users of earlier versions should update to TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, which will receive the patch through a cherry-pick (backporting the fix to older versions). No workarounds are available.
NVD/CVE DatabaseFix: Update to TensorFlow 2.10.0 or apply the cherrypick commits to TensorFlow 2.9.1, 2.8.1, or 2.7.2. The fix is available in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. No workarounds exist for this issue.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.10.0. For users on older versions, the patch will be available in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Update to one of these versions or later.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0, and will be backported (added to older versions still being supported) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue is patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) as TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The fix is available in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The patch will be included in TensorFlow 2.10.0 and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0 and will also be back-ported (applied retroactively) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0 and will be back-ported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0 and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix is included in TensorFlow 2.10.0, and will also be released in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE DatabaseFix: The issue was patched in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix is included in TensorFlow 2.10.0 and will be backported (adapted for older versions) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
NVD/CVE Database