Jingyi Shi

**Name of the Vulnerable Software and Affected Versions** Intel(R) Optimization for TensorFlow versions prior to 2.13.0 **Description** The issue is related to improper buffer restrictions, which may allow an authenticated user to potentially enable escalation of privilege via local access. It is also described as a vulnerability related to the incorrect neutralization of special elements in output, which can be exploited by an attacker to elevate their privileges. **Recommendations** For versions prior to 2.13.0, update to version 2.13.0 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Optimization for Tensorflow versions prior to 2.12 **Description** The issue is related to improper buffer restrictions, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.12, update to version 2.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `MaxPool` function receives a window size input array `ksize` with dimensions greater than its input tensor `input`, causing the GPU kernel to give a `CHECK` fail that can be used to trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `MaxPool` function with window size input arrays `ksize` that have dimensions greater than the input tensor `input` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 **Description** The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, cherrypick the commit 37cefa91bee4eace55715eeef43720b958a01192 to resolve the issue. As a temporary workaround, consider avoiding the use of very large float values for the `limits` argument in the `RaggedRangOp` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 **Description** The issue occurs when `Conv2DBackpropInput` receives empty `out backprop` inputs, causing the current CPU/GPU kernels `CHECK` to fail. This can be used to trigger a denial of service attack. The estimated number of potentially affected devices is not provided. **Recommendations** For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.0, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.0, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.0 through 2.7.1, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of empty `out backprop` inputs in the `Conv2DBackpropInput` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 **Description** The issue occurs when the `Conv2D` function is given an empty `input` and valid `filter` and `padding` sizes, resulting in an all-zeros output. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.0, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.0, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.0 and 2.7.1, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `Conv2D` function with empty `input` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.1 TensorFlow versions 2.8.0 through 2.8.1 TensorFlow versions 2.7.0 through 2.7.2 **Description** The `AvgPoolOp` function in TensorFlow takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.0 through 2.9.1, update to version 2.9.1 or later. For TensorFlow versions 2.8.0 through 2.8.1, update to version 2.8.1 or later. For TensorFlow versions 2.7.0 through 2.7.2, update to version 2.7.2 or later. As a temporary workaround, consider validating the `ksize` argument to ensure it is positive before passing it to the `AvgPoolOp` function.