R3Pwnx

**Nome do software vulnerável e versões afetadas** NVIDIA Triton Inference Server (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma falha de leitura fora dos limites no NVIDIA Triton Inference Server, que pode ser causada pela liberação de uma região de memória compartilhada enquanto ela está em uso. Isso pode levar a uma negação de serviço. A vulnerabilidade pode permitir que um invasor remoto cause uma interrupção no serviço. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do NVIDIA CUDA Toolkit anteriores à 12.6 **Descrição** O problema está relacionado ao comando `cuobjdump` no NVIDIA CUDA Toolkit, onde a passagem de um arquivo ELF malformado pode causar uma falha no sistema. Isso pode levar a uma leitura fora dos limites na memória do processo sem privilégios, resultando em uma negação de serviço limitada. **Recomendações** Para versões anteriores à 12.6, aplique a correção para a versão mais recente o mais rápido possível para resolver o problema. Como solução alternativa temporária, considere restringir o uso do comando `cuobjdump` até que uma correção esteja disponível.

**Nome do software vulnerável e versões afetadas** NVIDIA CUDA Toolkit (versões afetadas não especificadas) **Descrição** O problema está relacionado ao comando `cuobjdump` no NVIDIA CUDA Toolkit, onde um usuário pode causar uma gravação fora dos limites ao passar um arquivo ELF malformado. Isso pode levar à execução de código ou à negação de serviço. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** NVIDIA CUDA Toolkit (versões afetadas não especificadas) **Descrição** O problema está relacionado ao comando ‘cuobjdump’ no NVIDIA CUDA Toolkit, que pode ser explorado através do envio de um arquivo ELF malformado. Isso pode causar uma falha no sistema ou gerar resultados incorretos, levando potencialmente a uma negação de serviço limitada ou à adulteração de dados. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 and 2.11.1 **Description** The issue arises when the stride and window size are not positive for `tf.raw ops.AvgPoolGrad`, potentially causing a floating point exception. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider validating the stride and window size to ensure they are positive before using `tf.raw ops.AvgPoolGrad`.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** TensorFlow is an open source platform for machine learning. The issue is a null point error in `QuantizedMatMulWithBiasAndDequantize` with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider disabling the `QuantizedMatMulWithBiasAndDequantize` function with MKL enabled until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11.1 TensorFlow versions prior to 2.12.0 **Description** The function `tf.raw ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives a Null Pointer Exception (NPE). TensorFlow is an open source platform for machine learning. **Recommendations** For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. As a temporary workaround, consider avoiding the use of scalars in the `values` parameter of the `tf.raw ops.LookupTableImportV2` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 and 2.11.1 **Description** The issue is a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. The error can be triggered by using the `tf.raw ops.RandomShuffle` function with specific parameters, such as `value`, `seed`, and `seed2`. For example, using the parameters `{'value': 1e+20, 'seed': -4294967297, 'seed2': -2147483649}` can cause the error. **Recommendations** To resolve the issue, update to TensorFlow 2.12.0 or 2.11.1, as these versions include the fix for the null pointer error in RandomShuffle with XLA enabled. As a temporary workaround, consider disabling the XLA enable feature for the `tf.raw ops.RandomShuffle` function until a patch is available. Restrict access to the `tf.raw ops.RandomShuffle` function to minimize the risk of exploitation. Avoid using the parameters `value`, `seed`, and `seed2` in the affected `tf.raw ops.RandomShuffle` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** TensorFlow is an open source machine learning platform. When running with XLA, `tf.raw ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. **Recommendations** For versions prior to 2.12.0, update to TensorFlow 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to TensorFlow 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of `tf.raw ops.Bincount` with XLA when the `weights` parameter does not match the shape of `arr` or is not a length-0 tensor.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** The issue occurs when running TensorFlow with XLA, where `tf.raw ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. **Recommendations** For versions prior to 2.12.0, update to TensorFlow 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to TensorFlow 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of `tf.raw ops.ParallelConcat` with a `shape` parameter of rank not greater than zero until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** TensorFlow is an open source platform for machine learning. The issue is related to a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of `tf.raw ops.TensorListSplit` with vulnerable parameters, such as `element shape` set to -1 and `lengths` set to [0], until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 and 2.11.1 **Description** TensorFlow, an open source platform for machine learning, has an issue where an out of bounds read occurs in GRUBlockCellGrad. The function `tf.raw ops.GRUBlockCellGrad` is affected, with parameters such as `x`, `h prev`, `w ru`, `w c`, `b ru`, `b c`, `r`, `u`, `c`, and `d h` being used. This issue has been reported and a fix is included in versions 2.12.0 and 2.11.1. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `tf.raw ops.GRUBlockCellGrad` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** The issue is related to an integer overflow in the EditDistance function of TensorFlow, which can cause a deadlock when the `hypothesis shape t` is empty. This occurs because `hypothesis shape t->NumElements() - 1` will result in an integer overflow. The vulnerability can be exploited by passing a specific set of parameters to the `tf.raw ops.EditDistance` function, including empty `hypothesis shape` and `truth shape`. **Recommendations** For versions prior to 2.12.0, update to TensorFlow version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to TensorFlow version 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the `tf.raw ops.EditDistance` function with empty `hypothesis shape` and `truth shape` parameters until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 and 2.11.1 **Description** The issue is related to a floating point exception in the AudioSpectrogram function. The exception occurs when the stride is set to 0. This can be exploited by passing a `stride` value of 0 to the `AudioSpectrogram` function, which can cause a division by zero error. The vulnerability is present in versions prior to 2.12.0 and 2.11.1. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 or later. For versions prior to 2.11.1, update to version 2.11.1 or later. As a temporary workaround, consider avoiding the use of the `AudioSpectrogram` function with a `stride` value of 0 until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit SDK (affected versions not specified) **Description** The issue is related to a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read. This may result in a limited denial of service and limited information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.