VYPR

PyPI package

tensorflow-gpu

pkg:pypi/tensorflow-gpu

Vulnerabilities (421)

  • CVE-2021-41225Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_nod

  • CVE-2021-41222Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. T

  • CVE-2021-41228Nov 5, 2021
    affected >= 2.5.0, < 2.5.2fixed 2.5.2

    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI too

  • CVE-2021-41220Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()

  • CVE-2021-41221Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` an

  • CVE-2021-41216Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the i

  • CVE-2021-41213Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Load

  • CVE-2021-41218Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherry

  • CVE-2021-41206Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-f

  • CVE-2021-41208Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse unde

  • CVE-2021-41207Nov 5, 2021
    affected < 2.4.4fixed 2.4.4

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.

  • CVE-2021-41202Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branch

  • CVE-2021-41209Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Ten

  • CVE-2021-41203Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints load

  • CVE-2021-41215Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with posit

  • CVE-2021-41217Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the

  • CVE-2021-41219Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one

  • CVE-2021-41214Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on

  • CVE-2021-41204Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be i

  • CVE-2021-41226Nov 5, 2021
    affected >= 2.6.0, < 2.6.1fixed 2.6.1

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The

Page 10 of 22