VYPR
Moderate severityNVD Advisory· Published Dec 10, 2020· Updated Aug 4, 2024

Write to immutable memory region in TensorFlow

CVE-2020-26268

Description

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 1.15.51.15.5
tensorflowPyPI
>= 2.0.0, < 2.0.42.0.4
tensorflowPyPI
>= 2.1.0, < 2.1.32.1.3
tensorflowPyPI
>= 2.2.0, < 2.2.22.2.2
tensorflowPyPI
>= 2.3.0, < 2.3.22.3.2
tensorflow-cpuPyPI
< 1.15.51.15.5
tensorflow-cpuPyPI
>= 2.0.0, < 2.0.42.0.4
tensorflow-cpuPyPI
>= 2.1.0, < 2.1.32.1.3
tensorflow-cpuPyPI
>= 2.2.0, < 2.2.22.2.2
tensorflow-cpuPyPI
>= 2.3.0, < 2.3.22.3.2
tensorflow-gpuPyPI
< 1.15.51.15.5
tensorflow-gpuPyPI
>= 2.0.0, < 2.0.42.0.4
tensorflow-gpuPyPI
>= 2.1.0, < 2.1.32.1.3
tensorflow-gpuPyPI
>= 2.2.0, < 2.2.22.2.2
tensorflow-gpuPyPI
>= 2.3.0, < 2.3.22.3.2

Affected products

17

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.