rpm package
opensuse/tensorflow2-lite&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/tensorflow2-lite&distro=openSUSE%20Leap%2015.3
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37644 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negativ | ||
| CVE-2021-37654 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API | ||
| CVE-2021-37641 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://g | ||
| CVE-2021-37635 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow | ||
| CVE-2021-37664 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](htt | ||
| CVE-2021-37659 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations) | ||
| CVE-2021-37655 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten | ||
| CVE-2021-37637 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69 | ||
| CVE-2021-37649 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor | ||
| CVE-2021-37647 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.c | ||
| CVE-2021-37643 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after | ||
| CVE-2021-37639 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocat | ||
| CVE-2021-37638 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens | ||
| CVE-2021-37660 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorfl | ||
| CVE-2021-37653 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181 | ||
| CVE-2021-37642 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e | ||
| CVE-2021-37640 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf | ||
| CVE-2021-37636 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825f | ||
| CVE-2020-26266 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating poi | ||
| CVE-2020-26267 | — | < 2.6.0-bp153.2.3.1 | 2.6.0-bp153.2.3.1 | Dec 10, 2020 | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds |
- CVE-2021-37644Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negativ
- CVE-2021-37654Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API
- CVE-2021-37641Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://g
- CVE-2021-37635Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow
- CVE-2021-37664Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](htt
- CVE-2021-37659Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations)
- CVE-2021-37655Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten
- CVE-2021-37637Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69
- CVE-2021-37649Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor
- CVE-2021-37647Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.c
- CVE-2021-37643Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after
- CVE-2021-37639Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocat
- CVE-2021-37638Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens
- CVE-2021-37660Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorfl
- CVE-2021-37653Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181
- CVE-2021-37642Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e
- CVE-2021-37640Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf
- CVE-2021-37636Aug 12, 2021affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825f
- CVE-2020-26266Dec 10, 2020affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating poi
- CVE-2020-26267Dec 10, 2020affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds
Page 3 of 4