Kang Hong Jin

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 **Description** TensorFlow is an open source platform for machine learning. An input `sparse matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw ops.SparseMatrixNNZ`. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow version 2.10.1, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version. For TensorFlow version 2.9.3, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version. For TensorFlow version 2.8.4, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue can be triggered by providing non-scalar inputs to the SobolSampleOp function. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the SobolSampleOp function with non-scalar inputs until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The `UnbatchGradOp` function in TensorFlow takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch index` to contain three times the number of elements as indicated in its `batch index.dim size(0)`. An incorrect `batch index` can trigger a `CHECK` failure and crash the program. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider disabling the `UnbatchGradOp` function until a patch is available. Restrict access to the `batch index` and `id` parameters in the affected API endpoint until the issue is resolved. Avoid using the `id` parameter with nonscalar values in the affected API endpoint until the issue is resolved. Avoid using the `batch index` parameter with incorrect sizes in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises in `core/kernels/list kernels.cc's TensorListReserve` where `num elements` is assumed to be a tensor of size 1. When a `num elements` of more than 1 element is provided, then `tf.raw ops.TensorListReserve` fails the `CHECK EQ` in `CheckIsAlignedAndSingleElement`. This vulnerability has been reported by Kang Hong Jin from Singapore Management University. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `tf.raw ops.TensorListReserve` with `num elements` of more than 1 element until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The implementation of `tf.reshape` op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue can be exploited by passing a large shape to the `tf.reshape` function, causing the program to crash. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited. **Recommendations** For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `tf.reshape` function with large shapes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `tf.sparse.cross` function receives an input `separator` that is not a scalar, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. This can happen when the `separator` input is not properly validated, allowing an attacker to cause the program to crash or become unresponsive. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later to resolve the issue. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later to resolve the issue. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later to resolve the issue. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later to resolve the issue. As a temporary workaround, consider validating the `separator` input to ensure it is a scalar before passing it to the `tf.sparse.cross` function.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when `EmptyTensorList` receives an input `element shape` with more than one dimension, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. This can be exploited by providing a specially crafted input to the `tf.raw ops.EmptyTensorList` function, such as `element shape=tf.ones(dtype=tf.int32, shape=[1, 0])`. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `tf.raw ops.EmptyTensorList` with `element shape` having more than one dimension until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `tf.linalg.matrix rank` function receives an empty input `a`, causing the GPU kernel to give a `CHECK` fail that can be used to trigger a denial of service attack. This can be achieved by passing an empty tensor to the `tf.linalg.matrix rank` function, such as `tf.constant([], shape=[0, 1, 1], dtype=tf.float32)`. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `tf.linalg.matrix rank` function with empty inputs until a patch is available.