#dos

### Impact The implementation of [`tf.raw_ops.QuantizeAndDequantizeV4Grad`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=tf.constant(1, shape=[2,2], dtype=tf.float64), input=tf.constant(1, shape=[2,2], dtype=tf.float64), input_min=tf.constant([], shape=[0], dtype=tf.float64), input_max=tf.constant(-10, shape=[], dtype=tf.float64), axis=-1) ``` The code assumes `input_min` and `input_max` are scalars but there is no validation for this. ### Patches We have patched the issue in GitHub commit [098e7762d909bac47ce1dbabe6dfd06294cb9d58](https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58). The fix will be included ...

### Impact The implementation of [`tf.raw_ops.GetSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.GetSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [48305e8ffe5246d67570b64096a96f8e315a7281](https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as th...

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

Ubuntu Security Notice 5439-1 - Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service.

Ubuntu Security Notice 5438-1 - It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 5437-1 - Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.