CVE-2020-26268Modification of Assumed-Immutable Data in Tensorflow

CWE-471Modification of Assumed-Immutable Data7 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 95.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedDec 10
Latest updateJul 11

Description

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, th

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages3 packages

NVDgoogle/tensorflow2.0.02.0.4+4
CVEListV5tensorflow/tensorflow< 1.15.5+4
PyPIintel/optimization_for_tensorflow2.0.02.0.4+5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Write to immutable memory region in TensorFlow2020-12-10
CVEList
Write to immutable memory region in TensorFlow2020-12-10
OSV
Write to immutable memory region in TensorFlow2020-12-10
OSV
CVE-2020-26268: In affected versions of TensorFlow the tf2020-12-10

📋Vendor Advisories

1
Debian
CVE-2020-26268: tensorflow - In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation retur...2020

📄Research Papers

1
arXiv
ConFL: Constraint-guided Fuzzing for Machine Learning Framework2023-07-11
CVE-2020-26268 — Modification of Assumed-Immutable Data | cvebase