tensorflow-gpu

PyPI421 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tensorflow-gpupage 8 of 9

CVE-2022-35988MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in …
CVE-2022-35989MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a …
CVE-2022-35990MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of s…
CVE-2022-35991MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We …
CVE-2022-35992MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue …
CVE-2022-35993MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in…
CVE-2022-35994MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub comm…
CVE-2022-35995MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched …
CVE-2022-35996MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used…
CVE-2022-35997MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.8.1
2022-09-16
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue …
CVE-2022-35999MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be …
CVE-2022-36000MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc0722…
CVE-2022-36001MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in …
CVE-2022-36002MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b…
CVE-2022-36003MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfc…
CVE-2022-36004MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfc…
CVE-2022-36005MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. …
CVE-2022-36011MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8…
CVE-2022-36012MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070…
CVE-2022-36013MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f…
CVE-2022-36014MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21…
CVE-2022-36015MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will b…
CVE-2022-36016MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have pat…
CVE-2022-36017MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a…
CVE-2022-36018MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of s…
CVE-2022-36019MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attac…
CVE-2022-36026MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the…
CVE-2022-36027MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa…
CVE-2022-41880MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.9.3
2022-11-18
vulnerable: 2.9.0, 2.9.1, 2.9.2
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c94…
CVE-2022-41883MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68…
CVE-2022-41884MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b…
CVE-2022-41885MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.9.1
2022-11-18
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix…
CVE-2022-41886MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The …
CVE-2022-41887MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will c…
CVE-2022-41888MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf3…
CVE-2022-41889MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.c…
CVE-2022-41890MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer…
CVE-2022-41891MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in G…
CVE-2022-41893MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the …
CVE-2022-41895MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. T…
CVE-2022-41896MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub co…
CVE-2022-41897MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca3…
CVE-2022-41898MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be inc…
CVE-2022-41899MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97d…
CVE-2022-41900HIGHCVSS 7.1EG 7.1✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory whic…
CVE-2022-41901MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856…
CVE-2022-41902HIGHCVSS 7.1EG 7.1✓ Fixed in 2.10.1
2022-12-06
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an…
CVE-2022-41907MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The f…
CVE-2022-41908MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f23…
CVE-2022-41909MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.1
2022-11-18
vulnerable: 2.10.0
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in Git…

Check whether tensorflow-gpu is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow-gpu CVEs against the assets you own.

Start Free Scan →