An AI exploration on how to create maps and a infrastructure to display it in an exhibition space. A collaboration between Birds On Mars and Technologiestiftung Berlin/CityLAB.
MIT License
0
stars
0
forks
source link
chore(deps): update dependency tensorflow to v2 [security] #100
The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming input(0), input(1), and input(2) to be scalar.
import tensorflow as tf
tf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by:
Kang Hong Jin from Singapore Management University
Neophytos Christou, Secure Systems Labs, Brown University
刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
import tensorflow as tf
tf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64))
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hui Peng from Baidu Security.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Lukas Geiger via Github issue.
The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hui Peng from Baidu Security.
If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
num_bits = 8
narrow_range = False
inputs = tf.constant(0, shape=[4], dtype=tf.float32)
min = tf.constant([], shape=[4,0,0], dtype=tf.float32)
max = tf.constant(0, shape=[4], dtype=tf.float32)
tf.raw_ops.FakeQuantWithMinMaxVarsPerChannel(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
If RaggedTensorToVariant is given a rt_nested_splits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
If QuantizeAndDequantizeV3 is given a nonscalar num_bits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
// We pre-allocate the array of operands and populate it using the
// `output_name_to_position` and `control_output_to_position` populated
// previously.
SmallVector<Value> ret_vals(func.ret_size() + func.control_ret_size(),
Value());
for (const auto& ret_val : func.ret()) {
auto position = output_name_to_position.find(ret_val.first);
if (position == output_name_to_position.end())
return InvalidArgument(
"Can't import function, returned value references unknown output "
"argument ",
ret_val.first);
ret_vals[position->second] =
value_manager.GetValueOrCreatePlaceholder(ret_val.second);
}
for (const auto& ret_val : func.control_ret()) {
auto position = control_output_to_position.find(ret_val.first);
if (position == control_output_to_position.end())
return InvalidArgument(
"Can't import function, returned value references unknown output "
"argument ",
ret_val.first);
Value result = value_manager.GetValueOrCreatePlaceholder(
(Twine("^") + ret_val.second).str());
ret_val.second cannot be empty. Neither can input.
// Process every node and create a matching MLIR operation
for (const NodeDef& node : nodes) {
if (node.op().empty()) return InvalidArgument("empty op type");
OperationState state(unknown_loc, absl::StrCat("tfg.", node.op()));
// Fetch the inputs, creating placeholder if an input hasn't been visited.
for (const std::string& input : node.input())
state.operands.push_back(
value_manager.GetValueOrCreatePlaceholder(input));
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
When RangeSize receives values that do not fit into an int64_t, it crashes.
auto size = (std::is_integral<T>::value
? ((Eigen::numext::abs(limit - start) +
Eigen::numext::abs(delta) - T(1)) /
Eigen::numext::abs(delta))
: (Eigen::numext::ceil(
Eigen::numext::abs((limit - start) / delta))));
// This check does not cover all cases.
if (size > std::numeric_limits<int64_t>::max()) {
return errors::InvalidArgument("Requires ((limit - start) / delta) <= ",
std::numeric_limits<int64_t>::max());
}
c->set_output(0, c->Vector(static_cast<int64_t>(size)));
return Status::OK();
}
Patches
We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
StatusOr<unsigned> GraphDefImporter::ArgNumType(const NamedAttrList &attrs,
const OpDef::ArgDef &arg_def,
SmallVectorImpl<Type> &types) {
// Check whether a type list attribute is specified.
if (!arg_def.type_list_attr().empty()) {
if (auto v = attrs.get(arg_def.type_list_attr()).dyn_cast<ArrayAttr>()) {
for (Attribute attr : v) {
if (auto dtype = attr.dyn_cast<TypeAttr>()) {
types.push_back(UnrankedTensorType::get(dtype.getValue()));
} else {
return InvalidArgument("Expected '", arg_def.type_list_attr(),
"' to be a list of types");
}
}
return v.size();
}
return NotFound("Type attr not found: ", arg_def.type_list_attr());
}
unsigned num = 1;
// Check whether a number attribute is specified.
if (!arg_def.number_attr().empty()) {
if (auto v = attrs.get(arg_def.number_attr()).dyn_cast<IntegerAttr>()) {
num = v.getValue().getZExtValue();
} else {
return NotFound("Type attr not found: ", arg_def.number_attr());
}
}
// Check for a type or type attribute.
Type dtype;
if (arg_def.type() != DataType::DT_INVALID) {
TF_RETURN_IF_ERROR(ConvertDataType(arg_def.type(), b_, &dtype));
} else if (arg_def.type_attr().empty()) {
return InvalidArgument("Arg '", arg_def.name(),
"' has invalid type and no type attribute");
} else {
if (auto v = attrs.get(arg_def.type_attr()).dyn_cast<TypeAttr>()) {
dtype = v.getValue();
} else {
return NotFound("Type attr not found: ", arg_def.type_attr());
}
}
types.append(num, UnrankedTensorType::get(dtype));
return num;
}
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
When AudioSummaryV2 receives an input sample_rate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
When tf.quantization.fake_quant_with_min_max_vars_gradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by
刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
Neophytos Christou, Secure Systems Labs, Brown University
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
If Requantize is given input_min, input_max, requested_output_min, requested_output_max tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
// Import the function attributes with a `tf.` prefix to match the current
// infrastructure expectations.
for (const auto& namedAttr : func.attr()) {
const std::string& name = "tf." + namedAttr.first;
const AttrValue& tf_attr = namedAttr.second;
TF_ASSIGN_OR_RETURN(Attribute attr,
ConvertAttributeValue(tf_attr, builder, tfgDialect));
attrs.append(name, attr);
}
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Status GraphDefImporter::ConvertNodeDef(OpBuilder &builder, ConversionState &s,
const NodeDef &node) {
VLOG(4) << "Importing: " << node.name();
OperationState state(ConvertLocation(node), absl::StrCat("tfg.", node.op()));
// The GraphImporter does light shape inference, but here we will defer all of
// that to the shape inference pass.
const OpDef *op_def;
const OpRegistrationData *op_reg_data = nullptr;
if ((op_reg_data = registry_.LookUp(node.op()))) {
op_def = &op_reg_data->op_def;
} else {
auto it = function_op_defs_.find(node.op());
if (it == function_op_defs_.end())
return InvalidArgument("Unable to find OpDef for ", node.op());
op_def = it->second;
}
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
If EmptyTensorList receives an input element_shape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
tf.raw_ops.EmptyTensorList(element_shape=tf.ones(dtype=tf.int32, shape=[1, 0]), max_num_elements=tf.constant(1),element_dtype=tf.int32)
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin.
If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.
import tensorflow as tf
import numpy as np
with tf.device("CPU"): # also can be triggerred on GPU
input = np.ones([1, 0, 2, 1])
filter = np.ones([1, 1, 1, 1])
strides = ([1, 1, 1, 1])
padding = "EXPLICIT"
explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]
data_format = "NHWC"
res = tf.raw_ops.Conv2D(
input=input,
filter=filter,
strides=strides,
padding=padding,
explicit_paddings=explicit_paddings,
data_format=data_format,
)
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
The implementation of AvgPool3DGradOp does not fully validate the input orig_input_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack:
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
In core/kernels/list_kernels.cc's TensorListReserve, num_elements is assumed to be a tensor of size 1. When a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleElement.
import tensorflow as tf
tf.raw_ops.TensorListReserve(element_shape=(1,1), num_elements=tf.constant([1,1], dtype=tf.int32), element_dtype=tf.int8)
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program.
import tensorflow as tf
tf.raw_ops.RaggedRange(starts=[1.1,0.1],limits=[10.0,1e20],deltas=[1,1])
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program.
import numpy as np
import tensorflow as tf
# `id` is not scalar
tf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0,0 ], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,1,], dtype=tf.int64))
It also requires its argument batch_index to contain three times the number of elements as indicated in its batch_index.dim_size(0). An incorrect batch_index can trigger a CHECK failure and crash the program.
import numpy as np
import tensorflow as tf
# batch_index's size is not 3
tf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,], dtype=tf.int64))
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University and 刘力源 from the Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
The implementation of FractionalAvgPoolGrad does not fully validate the input orig_input_tensor_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
### Patches
We have patched the issue in GitHub commit [2a458fc4866505be27c62f81474ecb2b870498fa](https://togithub.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa).
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
### For more information
Please consult [our security guide](https://togithub.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
### Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
#### [CVE-2022-35993](https://togithub.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9)
### Impact
When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack.
```python
import tensorflow as tf
arg_0=1
arg_1=[1,1]
arg_2=1
arg_3=True
arg_4=''
tf.raw_ops.SetSize(set_indices=arg_0, set_values=arg_1, set_shape=arg_2,
validate_indices=arg_3, name=arg_4)
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
If LowerBound or UpperBound is given an emptysorted_inputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
When TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
When tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to
This PR contains the following updates:
==1.14.0
->==2.7.2
GitHub Vulnerability Alerts
CVE-2022-35935
Impact
The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming
input(0)
,input(1)
, andinput(2)
to be scalar.Patches
We have patched the issue in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by:
CVE-2022-35934
Impact
The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
This is another instance of TFSA-2021-198 (https://github.com/advisories/GHSA-prcg-wp5q-rv7p).
Patches
We have patched the issue in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
CVE-2022-35937
Impact
The
GatherNd
function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered.Patches
We have patched the issue in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hui Peng from Baidu Security.
CVE-2022-36027
Impact
When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.
Patches
We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Lukas Geiger via Github issue.
CVE-2022-35939
Impact
The
ScatterNd
function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash.Patches
We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hui Peng from Baidu Security.
CVE-2022-36019
Impact
If
FakeQuantWithMinMaxVarsPerChannel
is givenmin
ormax
tensors of a rank other than one, it results in aCHECK
fail that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-36018
Impact
If
RaggedTensorToVariant
is given art_nested_splits
list that contains tensors of ranks other than one, it results in aCHECK
fail that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-36026
Impact
If
QuantizeAndDequantizeV3
is given a nonscalarnum_bits
input tensor, it results in aCHECK
fail that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-35941
Impact
The
AvgPoolOp
function takes an argumentksize
that must be positive but is not checked. A negativeksize
can trigger aCHECK
failure and crash the program.Patches
We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
CVE-2022-35987
Impact
DenseBincount
assumes its input tensorweights
to either have the same shape as its input tensorinput
or to be length-0. A differentweights
shape will trigger aCHECK
fail that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
CVE-2022-36012
Impact
When
mlir::tfg::ConvertGenericFunctionToFunctionDef
is given empty function attributes, it crashes.ret_val.second
cannot be empty. Neither caninput
.Patches
We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-36015
Impact
When
RangeSize
receives values that do not fit into anint64_t
, it crashes.Patches
We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-36014
Impact
When
mlir::tfg::TFOp::nameAttr
receives null type list attributes, it crashes.Patches
We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-36004
Impact
When
tf.random.gamma
receives large input shape and rates, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-36016
Impact
When
tensorflow::full_type::SubstituteFromAttrs
receives aFullTypeDef& t
that is not exactly three args, it triggers aCHECK
-fail instead of returning a status.Patches
We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-35995
Impact
When
AudioSummaryV2
receives an inputsample_rate
with more than one element, it gives aCHECK
fails that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-36005
Impact
When
tf.quantization.fake_quant_with_min_max_vars_gradient
receives inputmin
ormax
that is nonscalar, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by
CVE-2022-36003
Impact
When
RandomPoissonV2
receives large input shape and rates, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-36017
Impact
If
Requantize
is giveninput_min
,input_max
,requested_output_min
,requested_output_max
tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-36011
Impact
When
mlir::tfg::ConvertGenericFunctionToFunctionDef
is given empty function attributes, it gives a null dereference.If
namedAttr.first
is empty, it will crash.Patches
We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-36013
Impact
When
mlir::tfg::GraphDefImporter::ConvertNodeDef
tries to convert NodeDefs without an op name, it crashes.node.op().empty()
cannot be empty.Patches
We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
CVE-2022-36002
Impact
When
Unbatch
receives a nonscalar inputid
, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-36000
Impact
Eig
can be fed an incorrectTout
input, resulting in aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-36001
Impact
When
DrawBoundingBoxes
receives an inputboxes
that is not of dtypefloat
, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-35998
Impact
If
EmptyTensorList
receives an inputelement_shape
with more than one dimension, it gives aCHECK
fail that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin.
CVE-2022-35996
Impact
If
Conv2D
is given emptyinput
and thefilter
andpadding
sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
CVE-2022-35959
Impact
The implementation of
AvgPool3DGradOp
does not fully validate the inputorig_input_shape
. This results in an overflow that results in aCHECK
failure which can be used to trigger a denial of service attack:Patches
We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-35960
Impact
In
core/kernels/list_kernels.cc's TensorListReserve
,num_elements
is assumed to be a tensor of size 1. When anum_elements
of more than 1 element is provided, thentf.raw_ops.TensorListReserve
fails theCHECK_EQ
inCheckIsAlignedAndSingleElement
.Patches
We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
CVE-2022-35994
Impact
When
CollectiveGather
receives an scalar inputinput
, it gives aCHECK
fails that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-35940
Impact
The
RaggedRangOp
function takes an argumentlimits
that is eventually used to construct aTensorShape
as anint64
. Iflimits
is a very large float, it can overflow when converted to anint64
. This triggers anInvalidArgument
but also throws an abort signal that crashes the program.Patches
We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
CVE-2022-35952
Impact
The
UnbatchGradOp
function takes an argumentid
that is assumed to be a scalar. A nonscalarid
can trigger aCHECK
failure and crash the program.It also requires its argument
batch_index
to contain three times the number of elements as indicated in itsbatch_index.dim_size(0)
. An incorrectbatch_index
can trigger aCHECK
failure and crash the program.Patches
We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University and 刘力源 from the Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
CVE-2022-35963
Impact
The implementation of
FractionalAvgPoolGrad
does not fully validate the inputorig_input_tensor_shape
. This results in an overflow that results in aCHECK
failure which can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-35964
Impact
The implementation of
BlockLSTMGradV2
does not fully validate its inputs.wci
,wcf
,wco
,b
must be rank 1w
, cs_prev,
h_prev` must be rank 2x
must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack.use_peephole = False seq_len_max = tf.constant(1, shape=[], dtype=tf.int64) x = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) cs_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) h_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) w = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wcf = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wco = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) b = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) i = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) cs = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) f = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) o = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) ci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) co = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) h = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) cs_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) h_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) tf.raw_ops.BlockLSTMGradV2(seq_len_max=seq_len_max, x=x, cs_prev=cs_prev, h_prev=h_prev, w=w, wci=wci, wcf=wcf, wco=wco, b=b, i=i, cs=cs, f=f, o=o, ci=ci, co=co, h=h, cs_grad=cs_grad, h_grad=h_grad, use_peephole=use_peephole)
Patches
We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-35992
Impact
When
TensorListFromTensor
receives anelement_shape
of a rank greater than one, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-35965
Impact
If
LowerBound
orUpperBound
is given an emptysorted_inputs
input, it results in anullptr
dereference, leading to a segfault that can be used to trigger a denial of service attack.Patches
We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
CVE-2022-35991
Impact
When
TensorListScatter
andTensorListScatterV2
receive anelement_shape
of a rank greater than one, they give aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
CVE-2022-35990
Impact
When
tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient
receives inputmin
ormax
of rank other than 1, it gives aCHECK
fail that can trigger a denial of service attack.Patches
We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to