Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
`CHECK` failures in `UnbatchGradOp` in TensorFlow
Vulnerability Description
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
Google TensorFlow 安全漏洞
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 存在安全漏洞,该漏洞源于 UnbatchGradOp 函数接受一个假定为标量的参数 id 。非标量 id 可以触发断言失败并使程序崩溃。它还要求其参数 batch_index 包含三倍于其 batch_index.dim_size(0) 中指示的元素数量。不正确的 batch_index 可能会触发断言失败并使程序崩溃。该漏洞将在 2.10.0 版本, 2.9.1 版本
CVSS Information
N/A
Vulnerability Type
N/A