CVE-2020-26268
published 2020-12-10CVE-2020-26268: In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed…
medium4.4CVSS 3.1
AVLACLPRLUINSUCNILAL
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.15.5 | 1.15.5 | |
| tensorflow | >= 2.0.0 < 2.0.4 | 2.0.4 | |
| tensorflow | >= 2.1.0 < 2.1.3 | 2.1.3 | |
| tensorflow | >= 2.2.0 < 2.2.2 | 2.2.2 | |
| tensorflow | >= 2.3.0 < 2.3.2 | 2.3.2 | |
| intel | optimization_for_tensorflow | >= 0 < 1.15.5 | 1.15.5 |
| intel | optimization_for_tensorflow | >= 0 < c1e1fc899ad5f8c725dcbb6470069890b5060bc7 | c1e1fc899ad5f8c725dcbb6470069890b5060bc7 |
| intel | optimization_for_tensorflow | >= 2.0.0 < 2.0.4 | 2.0.4 |
| intel | optimization_for_tensorflow | >= 2.1.0 < 2.1.3 | 2.1.3 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.2 | 2.2.2 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.2 | 2.3.2 |
| tensorflow | tensorflow | < 1.15.5 | 1.15.5 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
GHSA
Write to immutable memory region in TensorFlow
ghsa·2020-12-10
CVE-2020-26268 [MEDIUM] CWE-471 Write to immutable memory region in TensorFlow
Write to immutable memory region in TensorFlow
### Impact
The `tf.raw_ops.ImmutableConst` operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area:
```python
>>> import tensorflow as tf
>>> with open('/tmp/test.txt','w') as f: f.write('a'*128)
>>> tf.raw_ops.ImmutableConst(dtype=tf.string,shape=2,
memory_region_name='/tmp/test.txt')
```
If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.
This is because the alocator used t
OSV
Write to immutable memory region in TensorFlow
osv·2020-12-10
CVE-2020-26268 [MEDIUM] Write to immutable memory region in TensorFlow
Write to immutable memory region in TensorFlow
### Impact
The `tf.raw_ops.ImmutableConst` operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area:
```python
>>> import tensorflow as tf
>>> with open('/tmp/test.txt','w') as f: f.write('a'*128)
>>> tf.raw_ops.ImmutableConst(dtype=tf.string,shape=2,
memory_region_name='/tmp/test.txt')
```
If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.
This is because the alocator used t
OSV
CVE-2020-26268: In affected versions of TensorFlow the tf
osv·2020-12-10
CVE-2020-26268 CVE-2020-26268: In affected versions of TensorFlow the tf
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Debian
CVE-2020-26268: tensorflow - In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation retur...
vendor_debian·2020·CVSS 4.4
CVE-2020-26268 [MEDIUM] CVE-2020-26268: tensorflow - In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation retur...
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Scope: local
forky: resolv
No detection rules found.
No public exploits indexed.
https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6
2020-12-10
Published