Neophytos Christou

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** TensorFlow is an open source platform for machine learning. When `tf.raw ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. As a temporary workaround, consider avoiding the use of `tf.raw ops.FusedResizeAndPadConv2D` with large tensor shapes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** The issue occurs when `tf.raw ops.ResizeNearestNeighborGrad` is given a large `size` input, causing an overflow. This can be exploited with a specific input, such as `size = tf.constant([1879048192,1879048192], shape=[2], dtype=tf.int32)`. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. As a temporary workaround, consider restricting the use of the `tf.raw ops.ResizeNearestNeighborGrad` function with large `size` inputs until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 **Description** TensorFlow is an open source platform for machine learning. When `tf.raw ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. The issue has been patched in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. **Recommendations** For TensorFlow versions prior to 2.11, update to version 2.11 or later. For TensorFlow version 2.10.1, update to a version that includes the cherrypicked commit. For TensorFlow version 2.9.3, update to a version that includes the cherrypicked commit. For TensorFlow version 2.8.4, update to a version that includes the cherrypicked commit. As a temporary workaround, consider avoiding the use of `tf.raw ops.ImageProjectiveTransformV2` with large output shapes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 **Description** The issue occurs when `QuantizedAvgPool` is given `min input` or `max input` tensors of a nonzero rank, resulting in a segfault that can be used to trigger a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, cherrypick the commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622 to resolve the issue. As a temporary workaround, consider avoiding the use of `QuantizedAvgPool` with `min input` or `max input` tensors of a nonzero rank until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The implementation of `Conv2DBackpropInput` requires `input sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider validating the dimensions of `input sizes` before passing it to `Conv2DBackpropInput` to prevent the `CHECK` failure.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when `QuantizedInstanceNorm` is given `x min` or `x max` tensors of a nonzero rank, resulting in a segfault that can be used to trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later. As a temporary workaround, consider avoiding the use of `QuantizedInstanceNorm` with `x min` or `x max` tensors of a nonzero rank until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 **Description** The issue arises when `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, update to the respective patched versions. As a temporary workaround, consider avoiding the use of `FakeQuantWithMinMaxVars` with `min` or `max` tensors of a nonzero rank until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when `QuantizedBiasAdd` is given `min input`, `max input`, `min bias`, `max bias` tensors of a nonzero rank, resulting in a segfault that can be used to trigger a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later. As a temporary workaround, consider avoiding the use of `QuantizedBiasAdd` with `min input`, `max input`, `min bias`, `max bias` tensors of a nonzero rank until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 **Description** The issue arises when `QuantizedMatMul` is given nonscalar input for: `min a`, `max a`, `min b`, or `max b`. This can trigger a segfault, leading to a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, update to the respective patched versions. As a temporary workaround, consider avoiding the use of `QuantizedMatMul` with nonscalar input for `min a`, `max a`, `min b`, or `max b` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input min` or `input max`, it results in a segfault that can be used to trigger a denial of service attack. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `QuantizeDownAndShrinkRange` with nonscalar inputs for `input min` or `input max` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue results in a segfault that can be used to trigger a denial of service attack when `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min features` or `max features`. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of nonscalar inputs for `min features` or `max features` in `QuantizedRelu` or `QuantizedRelu6` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue is related to the `FractionalMaxPoolGrad` function, which validates its inputs with `CHECK` failures instead of returning errors. If it receives incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. This can be achieved by providing specific input values to the `tf.raw ops.FractionalMaxPoolGrad` function, such as `orig input`, `orig output`, `out backprop`, `row pooling sequence`, and `col pooling sequence`. The estimated number of potentially affected devices is not provided. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `FractionalMaxPoolGrad` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when `tf.quantization.fake quant with min max vars per channel gradient` receives input `min` or `max` of rank other than 1, resulting in a `CHECK` fail that can trigger a denial of service attack. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `tf.quantization.fake quant with min max vars per channel gradient` with input `min` or `max` of rank other than 1 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when `tf.quantization.fake quant with min max vars gradient` receives input `min` or `max` that is nonscalar, resulting in a `CHECK` fail that can trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `tf.quantization.fake quant with min max vars gradient` with nonscalar `min` or `max` inputs until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue results in a segfault that can be used to trigger a denial of service attack when the `Requantize` function is given `input min`, `input max`, `requested output min`, `requested output max` tensors of a nonzero rank. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `Requantize` function with tensors of nonzero rank until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when `RaggedTensorToVariant` is given a `rt nested splits` list containing tensors of ranks other than one, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `RaggedTensorToVariant` with `rt nested splits` lists containing tensors of ranks other than one until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of `FakeQuantWithMinMaxVarsPerChannel` with `min` or `max` tensors of a rank other than one until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue arises when the `QuantizeAndDequantizeV3` function is given a nonscalar `num bits` input tensor, resulting in a `CHECK` fail that can be used to trigger a denial of service attack. There are no known workarounds for this issue. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the `QuantizeAndDequantizeV3` function with nonscalar `num bits` input tensors until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue can be triggered by providing non-scalar inputs to the SobolSampleOp function. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the SobolSampleOp function with non-scalar inputs until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The implementation of `AvgPool3DGradOp` does not fully validate the input `orig input shape`, resulting in an overflow that causes a `CHECK` failure, which can be used to trigger a denial of service attack. **Recommendations** For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider disabling the `AvgPool3DGradOp` function until a patch is available.