Faysal Hossain Shezan

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** The implementation of `MapStage` is vulnerable to a `CHECK`-fail if the key tensor is not a scalar. This issue can be triggered by passing a non-scalar key tensor to the `MapStage` function. For example, using the `tf.raw ops.MapStage` function with a key tensor that has a shape of `(1,2)` can cause the `CHECK`-fail. **Recommendations** For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow version 2.7.1, update to a patched version that includes the fix for this issue. For TensorFlow version 2.6.3, update to a patched version that includes the fix for this issue. For TensorFlow version 2.5.3, update to a patched version that includes the fix for this issue. As a temporary workaround, consider validating the shape of the key tensor before passing it to the `MapStage` function to prevent the `CHECK`-fail.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. This issue can be exploited by providing specific inputs to the `FractionalMaxPool` function, such as a `pooling ratio` that causes a division by zero. The `FractionalMaxPool` function is used in TensorFlow for max pooling operations. **Recommendations** For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow version 2.7.1, update to a patched version that includes the fix for this issue. For TensorFlow version 2.6.3, update to a patched version that includes the fix for this issue. For TensorFlow version 2.5.3, update to a patched version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the `FractionalMaxPool` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** The implementation of `SparseTensorSliceDataset` has an undefined behavior, which can cause a `nullptr` value to be dereferenced under certain conditions. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor, but the preconditions for these arguments are not validated in the implementation. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later to resolve the issue. For version 2.7.1, update to a version that includes the cherrypicked commit. For version 2.6.3, update to a version that includes the cherrypicked commit. For version 2.5.3, update to a version that includes the cherrypicked commit. As a temporary workaround, consider validating the input arguments to `SparseTensorSliceDataset` to ensure they satisfy the required preconditions.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `*Bincount` operations in TensorFlow allows malicious users to cause denial of service by passing in arguments that trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy, some of which are not caught during shape inference and others during kernel implementation, resulting in `CHECK` failures when output tensors are allocated. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the use of `*Bincount` operations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider avoiding the use of `SparseCountSparseOutput` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** The implementation of `QuantizedMaxPool` has an undefined behavior where user-controlled inputs can trigger a reference binding to a null pointer. This issue can be exploited when using the `tf.raw ops.QuantizedMaxPool` function with specific parameters, such as `input`, `min input`, `max input`, `ksize`, `strides`, and `padding`. For example, the following code snippet demonstrates the vulnerability: ```python import tensorflow as tf tf.raw ops.QuantizedMaxPool( input = tf.constant([[[[4]]]], dtype=tf.quint8), min input = [], max input = [1], ksize = [1, 1, 1, 1], strides = [1, 1, 1, 1], padding = "SAME", name=None ) ``` The issue has been reported by Faysal Hossain Shezan from the University of Virginia. **Recommendations** For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow versions 2.7.1, 2.6.3, and 2.5.3, update to the respective patched versions to resolve the issue. As a temporary workaround, consider avoiding the use of the `QuantizedMaxPool` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** The implementation of `SparseCountSparseOutput` in TensorFlow is vulnerable to a heap overflow. This issue can be exploited using the `tf.raw ops.SparseCountSparseOutput` function with specific parameters, such as `indices=[[-1,-1]]`, `values=[2]`, `dense shape=[1, 1]`, `weights=[1]`, `binary output=True`, `minlength=-1`, and `maxlength=-1`. The vulnerability was reported by Faysal Hossain Shezan from the University of Virginia. **Recommendations** For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow versions 2.7.1, 2.6.3, and 2.5.3, apply the cherrypicked commit to fix the vulnerability. As a temporary workaround, consider avoiding the use of the `SparseCountSparseOutput` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementations of `Sparse*Cwise*` ops in TensorFlow are vulnerable to integer overflows. These can be used to trigger large allocations, resulting in OOM-based denial of service, or `CHECK`-fails when building new `TensorShape` objects, leading to assert failures-based denial of service. The issue arises from missing validation on the shapes of the input tensors and directly constructing a large `TensorShape` with user-provided dimensions. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider disabling the `Sparse*Cwise*` ops until a patch is available. Restrict access to the `TensorShape` constructor to minimize the risk of exploitation. Avoid using user-provided dimensions when constructing a `TensorShape` object until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier **Description** The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow, resulting in a `CHECK`-fail when building new `TensorShape` objects. This can cause an assert failure-based denial of service. The issue is due to missing validation on the shapes of the input tensors and directly constructing a large `TensorShape` with user-provided dimensions. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider disabling the `AddManySparseToTensorsMap` function until a patch is available. Restrict access to the `TensorShape` constructor to minimize the risk of exploitation. Avoid using user-provided dimensions when constructing `TensorShape` objects until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected **Description** Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This issue is similar to previous instances and has similar fixes. The reported issues have been patched in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, and fixes will be issued as these are discovered. **Recommendations** For versions prior to 2.8.0, update to TensorFlow 2.8.0 to resolve the issue. For version 2.7.1, update to a newer version that includes the cherrypicked commit. For version 2.6.3, update to a newer version that includes the cherrypicked commit. For version 2.5.3, update to a newer version that includes the cherrypicked commit. As a temporary workaround, consider disabling the `CHECK`-fails (i.e., assertion failures) until a patch is available.