CVE-2020-26267
published 2020-12-10CVE-2020-26267: In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.15.5 | 1.15.5 | |
| tensorflow | >= 2.0.0 < 2.0.4 | 2.0.4 | |
| tensorflow | >= 2.1.0 < 2.1.3 | 2.1.3 | |
| tensorflow | >= 2.2.0 < 2.2.2 | 2.2.2 | |
| tensorflow | >= 2.3.0 < 2.3.2 | 2.3.2 | |
| intel | optimization_for_tensorflow | >= 0 < 1.15.5 | 1.15.5 |
| intel | optimization_for_tensorflow | >= 0 < ebc70b7a592420d3d2f359e4b1694c236b82c7ae | ebc70b7a592420d3d2f359e4b1694c236b82c7ae |
| intel | optimization_for_tensorflow | >= 2.0.0 < 2.0.4 | 2.0.4 |
| intel | optimization_for_tensorflow | >= 2.1.0 < 2.1.3 | 2.1.3 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.2 | 2.2.2 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.2 | 2.3.2 |
| tensorflow | tensorflow | < 1.15.5 | 1.15.5 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
GHSA
Lack of validation in data format attributes in TensorFlow
ghsa·2020-12-10
CVE-2020-26267 [LOW] CWE-125 Lack of validation in data format attributes in TensorFlow
Lack of validation in data format attributes in TensorFlow
### Impact
The `tf.raw_ops.DataFormatVecPermute` API does not validate the `src_format` and `dst_format` attributes. [The code](https://github.com/tensorflow/tensorflow/blob/304b96815324e6a73d046df10df6626d63ac12ad/tensorflow/core/kernels/data_format_ops.cc) assumes that these two arguments define a permutation of `NHWC`.
However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.
```python
>>> import tensorflow as tf
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='1234', dst_format='1234')
...
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='HHHH', dst_format='WWWW')
...
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='H', d
OSV
CVE-2020-26267: In affected versions of TensorFlow the tf
osv·2020-12-10
CVE-2020-26267 CVE-2020-26267: In affected versions of TensorFlow the tf
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
OSV
Lack of validation in data format attributes in TensorFlow
osv·2020-12-10
CVE-2020-26267 [LOW] Lack of validation in data format attributes in TensorFlow
Lack of validation in data format attributes in TensorFlow
### Impact
The `tf.raw_ops.DataFormatVecPermute` API does not validate the `src_format` and `dst_format` attributes. [The code](https://github.com/tensorflow/tensorflow/blob/304b96815324e6a73d046df10df6626d63ac12ad/tensorflow/core/kernels/data_format_ops.cc) assumes that these two arguments define a permutation of `NHWC`.
However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.
```python
>>> import tensorflow as tf
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='1234', dst_format='1234')
...
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='HHHH', dst_format='WWWW')
...
>>> tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='H', d
Debian
CVE-2020-26267: tensorflow - In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does ...
vendor_debian·2020·CVSS 4.4
CVE-2020-26267 [MEDIUM] CVE-2020-26267: tensorflow - In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does ...
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Scope: local
forky: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7aehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7aehttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7
2020-12-10
Published