Release 2.7.4
Note: This is the last release in the 2.7.x series
This releases introduces several vulnerability fixes:
- Fixes a
CHECKfailure in tf.reshape caused by overflows (CVE-2022-35934) - Fixes a
CHECKfailure inSobolSamplecaused by missing validation (CVE-2022-35935) - Fixes an OOB read in
Gather_ndop in TF Lite (CVE-2022-35937) - Fixes a
CHECKfailure inTensorListReservecaused by missing validation (CVE-2022-35960) - Fixes an OOB write in
Scatter_ndop in TF Lite (CVE-2022-35939) - Fixes an integer overflow in
RaggedRangeOp(CVE-2022-35940) - Fixes a
CHECKfailure inAvgPoolOp(CVE-2022-35941) - Fixes a
CHECKfailures inUnbatchGradOp(CVE-2022-35952) - Fixes a segfault TFLite converter on per-channel quantized transposed convolutions (CVE-2022-36027)
- Fixes a
CHECKfailures inAvgPool3DGrad(CVE-2022-35959) - Fixes a
CHECKfailures inFractionalAvgPoolGrad(CVE-2022-35963) - Fixes a segfault in
BlockLSTMGradV2(CVE-2022-35964) - Fixes a segfault in
LowerBoundandUpperBound(CVE-2022-35965) - Fixes a segfault in
QuantizedAvgPool(CVE-2022-35966) - Fixes a segfault in
QuantizedAdd(CVE-2022-35967) - Fixes a
CHECKfail inAvgPoolGrad(CVE-2022-35968) - Fixes a
CHECKfail inConv2DBackpropInput(CVE-2022-35969) - Fixes a segfault in
QuantizedInstanceNorm(CVE-2022-35970) - Fixes a
CHECKfail inFakeQuantWithMinMaxVars(CVE-2022-35971) - Fixes a segfault in
Requantize(CVE-2022-36017) - Fixes a segfault in
QuantizedBiasAdd(CVE-2022-35972) - Fixes a
CHECKfail inFakeQuantWithMinMaxVarsPerChannel(CVE-2022-36019) - Fixes a segfault in
QuantizedMatMul(CVE-2022-35973) - Fixes a segfault in
QuantizeDownAndShrinkRange(CVE-2022-35974) - Fixes segfaults in
QuantizedReluandQuantizedRelu6(CVE-2022-35979) - Fixes a
CHECKfail inFractionalMaxPoolGrad(CVE-2022-35981) - Fixes a
CHECKfail inRaggedTensorToVariant(CVE-2022-36018) - Fixes a
CHECKfail inQuantizeAndDequantizeV3(CVE-2022-36026) - Fixes a segfault in
SparseBincount(CVE-2022-35982) - Fixes a
CHECKfail inSaveandSaveSlices(CVE-2022-35983) - Fixes a
CHECKfail inParameterizedTruncatedNormal(CVE-2022-35984) - Fixes a
CHECKfail inLRNGrad(CVE-2022-35985) - Fixes a segfault in
RaggedBincount(CVE-2022-35986) - Fixes a
CHECKfail inDenseBincount(CVE-2022-35987) - Fixes a
CHECKfail intf.linalg.matrix_rank(CVE-2022-35988) - Fixes a
CHECKfail inMaxPool(CVE-2022-35989) - Fixes a
CHECKfail inConv2DBackpropInput(CVE-2022-35999) - Fixes a
CHECKfail inEmptyTensorList(CVE-2022-35998) - Fixes a
CHECKfail intf.sparse.cross(CVE-2022-35997) - Fixes a floating point exception in
Conv2D(CVE-2022-35996) - Fixes a
CHECKfail inAudioSummaryV2(CVE-2022-35995) - Fixes a
CHECKfail inCollectiveGather(CVE-2022-35994) - Fixes a
CHECKfail inSetSize(CVE-2022-35993) - Fixes a
CHECKfail inTensorListFromTensor(CVE-2022-35992) - Fixes a
CHECKfail inTensorListScatterandTensorListScatterV2(CVE-2022-35991) - Fixes a
CHECKfail inFakeQuantWithMinMaxVarsPerChannelGradient(CVE-2022-35990) - Fixes a
CHECKfail inFakeQuantWithMinMaxVarsGradient(CVE-2022-36005) - Fixes a
CHECKfail intf.random.gamma(CVE-2022-36004) - Fixes a
CHECKfail inRandomPoissonV2(CVE-2022-36003) - Fixes a
CHECKfail inUnbatch(CVE-2022-36002) - Fixes a
CHECKfail inDrawBoundingBoxes(CVE-2022-36001) - Fixes a
CHECKfail inEig(CVE-2022-36000) - Fixes a null dereference on MLIR on empty function attributes (CVE-2022-36011)
- Fixes an assertion failure on MLIR empty edge names (CVE-2022-36012)
- Fixes a null-dereference in
mlir::tfg::GraphDefImporter::ConvertNodeDef(CVE-2022-36013) - Fixes a null-dereference in
mlir::tfg::TFOp::nameAttr(CVE-2022-36014) - Fixes an integer overflow in math ops (CVE-2022-36015)
- Fixes a
CHECK-fail intensorflow::full_type::SubstituteFromAttrs(CVE-2022-36016) - Fixes an OOB read in
Gather_ndop in TF Lite Micro (CVE-2022-35938)