Moderate severityNVD Advisory· Published Dec 10, 2020· Updated Aug 4, 2024
Uninitialized memory access in Eigen types in TensorFlow
CVE-2020-26266
Description
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 1.15.5 | 1.15.5 |
tensorflowPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflowPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflowPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflowPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
tensorflow-cpuPyPI | < 1.15.5 | 1.15.5 |
tensorflow-cpuPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflow-cpuPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflow-cpuPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
tensorflow-gpuPyPI | < 1.15.5 | 1.15.5 |
tensorflow-gpuPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflow-gpuPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflow-gpuPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
Affected products
1- Range: < 1.15.5
Patches
1ace0c15a22f7Default initialize fixed point Eigen types.
1 file changed · +5 −5
third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h+5 −5 modified@@ -49,7 +49,7 @@ struct scalar_product_traits<QInt32, double> { // the compiler from silently type cast the mantissa into a bigger or a smaller // representation. struct QInt8 { - QInt8() {} + QInt8() : value(0) {} QInt8(const int8_t v) : value(v) {} QInt8(const QInt32 v); @@ -59,7 +59,7 @@ struct QInt8 { }; struct QUInt8 { - QUInt8() {} + QUInt8() : value(0) {} QUInt8(const uint8_t v) : value(v) {} QUInt8(const QInt32 v); @@ -69,7 +69,7 @@ struct QUInt8 { }; struct QInt16 { - QInt16() {} + QInt16() : value(0) {} QInt16(const int16_t v) : value(v) {} QInt16(const QInt32 v); operator int() const { return static_cast<int>(value); } @@ -78,7 +78,7 @@ struct QInt16 { }; struct QUInt16 { - QUInt16() {} + QUInt16() : value(0) {} QUInt16(const uint16_t v) : value(v) {} QUInt16(const QInt32 v); operator int() const { return static_cast<int>(value); } @@ -87,7 +87,7 @@ struct QUInt16 { }; struct QInt32 { - QInt32() {} + QInt32() : value(0) {} QInt32(const int8_t v) : value(v) {} QInt32(const int32_t v) : value(v) {} QInt32(const uint32_t v) : value(static_cast<int32_t>(v)) {}
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-qhxx-j73r-qpm2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26266ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-297.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-332.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-254.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.