CVE-2020-15204
published 2020-09-25CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.15.4 | 1.15.4 | |
| tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 | |
| tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 | |
| tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 | |
| tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 | |
| intel | optimization_for_tensorflow | >= 0 < 1.15.4 | 1.15.4 |
| intel | optimization_for_tensorflow | >= 0 < 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1 | 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1 |
| intel | optimization_for_tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 |
| intel | optimization_for_tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 |
| opensuse | leap | — | — |
| tensorflow | tensorflow | < 1.15.4 | 1.15.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
Debian
CVE-2020-15204: tensorflow - In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 ...
vendor_debian·2020·CVSS 5.3
CVE-2020-15204 [MEDIUM] CVE-2020-15204: tensorflow - In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 ...
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Scope: local
forky: resolved
sid: resolved
GHSA
Segfault in Tensorflow
ghsa·2020-09-25
CVE-2020-15204 [MEDIUM] CWE-476 Segfault in Tensorflow
Segfault in Tensorflow
### Impact
In eager mode, TensorFlow does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/session_ops.cc#L45
In the above snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault.
### Patches
We have patched the issue in 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1 and will release patch releases for all versions between 1.15 and 2.3.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
### For more information
Please consult [our security guide](https:/
OSV
CVE-2020-15204: In eager mode, TensorFlow before versions 1
osv·2020-09-25
CVE-2020-15204 CVE-2020-15204: In eager mode, TensorFlow before versions 1
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
OSV
Segfault in Tensorflow
osv·2020-09-25
CVE-2020-15204 [MEDIUM] Segfault in Tensorflow
Segfault in Tensorflow
### Impact
In eager mode, TensorFlow does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/session_ops.cc#L45
In the above snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault.
### Patches
We have patched the issue in 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1 and will release patch releases for all versions between 1.15 and 2.3.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
### For more information
Please consult [our security guide](https:/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8
2020-09-25
Published