Memory corruption in Tensorflow
Description
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.2.0, < 2.2.1 | 2.2.1 |
tensorflowPyPI | >= 2.3.0, < 2.3.1 | 2.3.1 |
tensorflow-cpuPyPI | >= 2.2.0, < 2.2.1 | 2.2.1 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.1 | 2.3.1 |
tensorflow-gpuPyPI | >= 2.2.0, < 2.2.1 | 2.2.1 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.1 | 2.3.1 |
Affected products
9- osv-coords8 versionspkg:bitnami/tensorflowpkg:pypi/tensorflowpkg:pypi/tensorflow-cpupkg:pypi/tensorflow-gpupkg:rpm/opensuse/tensorflow2_2_1_2-gnu-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tensorflow2_2_1_2-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tensorflow2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tensorflow2-lite&distro=openSUSE%20Leap%2015.2
>= 2.2.0, < 2.2.1+ 7 more
- (no CPE)range: >= 2.2.0, < 2.2.1
- (no CPE)range: >= 2.2.0, < 2.2.1
- (no CPE)range: >= 2.2.0, < 2.2.1
- (no CPE)range: >= 2.2.0, < 2.2.1
- (no CPE)range: < 2.1.2-lp152.7.3.1
- (no CPE)range: < 2.1.2-lp152.7.3.1
- (no CPE)range: < 2.1.2-lp152.7.3.1
- (no CPE)range: < 2.1.2-lp152.7.3.1
- Range: = 2.2.0
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-rjjg-hgv6-h69vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15193ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-273.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-308.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-116.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.3.1ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69vghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.