Pak-Laura

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 **Description** TensorFlow is an open source platform for machine learning. Attackers using TensorFlow can access heap memory which is not in the control of the user, leading to a crash or remote code execution. The issue occurs when the axis is larger than the dimension of the input, causing `c->Dim(input,axis)` to go out of bounds. This problem also affects the `QuantizeAndDequantizeV2/V3/V4/V4Grad` operations. **Recommendations** For TensorFlow versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For TensorFlow versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider restricting access to the `QuantizeAndDequantizeV2/V3/V4/V4Grad` operations until a patch is available. Avoid using the `axis` parameter with large values in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.11.0 TensorFlow version 2.10.1 and earlier **Description** The issue results in FractionalMax(AVG)Pool with an illegal pooling ratio, allowing attackers to access heap memory not under user control, potentially leading to a crash or remote code execution. An input `pooling ratio` that is smaller than 1 will trigger a heap out-of-bounds in `tf.raw ops.FractionalMaxPool` and `tf.raw ops.FractionalAvgPool`. **Recommendations** For TensorFlow versions prior to 2.11.0, update to TensorFlow 2.11.0 to resolve the issue. For TensorFlow version 2.10.1 and earlier, cherry pick the commit 216525144ee7c910296f5b05d214ca1327c9ce48 or update to a version that includes this commit to fix the vulnerability. As a temporary workaround, consider validating the `pooling ratio` input to ensure it is not smaller than 1 to prevent heap out-of-bounds in `tf.raw ops.FractionalMaxPool` and `tf.raw ops.FractionalAvgPool`.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when `mlir::tfg::TFOp::nameAttr` receives null type list attributes, causing it to crash. There are no known workarounds for this issue. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, apply the cherrypicked commits to resolve the issue. As a temporary workaround, consider restricting the use of the `mlir::tfg::TFOp::nameAttr` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `mlir::tfg::ConvertGenericFunctionToFunctionDef` function is given empty function attributes, resulting in a null dereference. This happens when the `namedAttr.first` is empty, causing the program to crash. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later, or apply the patch from GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later, or apply the patch from GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later, or apply the patch from GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. As a temporary workaround, consider adding a check to ensure that `namedAttr.first` is not empty before processing it.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when `tensorflow::full type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, triggering a `CHECK`-fail instead of returning a status. This happens in the `SubstituteForEach` function where it checks if `t.args size()` equals 3. The function uses `t.args(0)`, `t.args(1)`, and `t.args(2)` to access the arguments. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `RangeSize` function receives values that do not fit into an `int64 t`, causing it to crash. This happens due to insufficient checks on the calculated size, which can exceed the maximum limit of `int64 t`. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider adding additional checks to prevent `RangeSize` from receiving values that exceed the `int64 t` limit until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier **Description** The issue occurs when the `mlir::tfg::GraphDefImporter::ConvertNodeDef` function tries to convert NodeDefs without an op name, causing it to crash. The `node.op()` cannot be empty. There are no known workarounds for this issue. **Recommendations** For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later. For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later. For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later. As a temporary workaround, consider disabling the `ConvertNodeDef` function until a patch is available.