CVE-2020-15204
Segfault in Tensorflow
In short
TensorFlow crashes with a segmentation fault when certain session handle functions are called in eager mode because the code tries to access memory that doesn't exist. This can cause applications using TensorFlow to unexpectedly stop working.
Technical detail
In eager mode, TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 fail to initialize session state, causing null pointer dereference when tf.raw_ops.GetSessionHandle or tf.raw_ops.GetSessionHandleV2 are invoked. An attacker or malicious code with ability to call these functions can trigger a denial of service via segmentation fault.
Summary generated and translated by AI from the official description.
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
tensorflow · tensorflowWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8