PyPI package
tensorflow-gpu
pkg:pypi/tensorflow-gpu
Vulnerabilities (421)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41223 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2. | ||
| CVE-2021-41224 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in Tenso | ||
| CVE-2021-41212 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Tenso | ||
| CVE-2021-41211 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing | ||
| CVE-2021-41205 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also che | ||
| CVE-2021-41210 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this co | ||
| CVE-2021-41201 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the correspond | ||
| CVE-2021-41200 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorF | ||
| CVE-2021-41197 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an over | ||
| CVE-2021-41198 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for t | ||
| CVE-2021-41199 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too mu | ||
| CVE-2021-41196 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in th | ||
| CVE-2021-41195 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and | ||
| CVE-2021-37690 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a | ||
| CVE-2021-37678 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo | ||
| CVE-2021-37692 | — | >= 2.5.0rc0, < 2.5.1 | 2.5.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. | ||
| CVE-2021-37669 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf | ||
| CVE-2021-37673 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1 | ||
| CVE-2021-37663 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap | ||
| CVE-2021-37682 | — | < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens |
- CVE-2021-41223Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.
- CVE-2021-41224Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in Tenso
- CVE-2021-41212Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Tenso
- CVE-2021-41211Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing
- CVE-2021-41205Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also che
- CVE-2021-41210Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this co
- CVE-2021-41201Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the correspond
- CVE-2021-41200Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorF
- CVE-2021-41197Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an over
- CVE-2021-41198Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for t
- CVE-2021-41199Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too mu
- CVE-2021-41196Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in th
- CVE-2021-41195Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and
- CVE-2021-37690Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a
- CVE-2021-37678Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo
- CVE-2021-37692Aug 12, 2021affected >= 2.5.0rc0, < 2.5.1fixed 2.5.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function.
- CVE-2021-37669Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf
- CVE-2021-37673Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1
- CVE-2021-37663Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap
- CVE-2021-37682Aug 12, 2021affected < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens
Page 11 of 22