Moderate severityNVD Advisory· Published Dec 10, 2020· Updated Aug 4, 2024
CHECK-fail in LSTM with zero-length input in TensorFlow
CVE-2020-26270
Description
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 1.15.5 | 1.15.5 |
tensorflowPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflowPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflowPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflowPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
tensorflow-cpuPyPI | < 1.15.5 | 1.15.5 |
tensorflow-cpuPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflow-cpuPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflow-cpuPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
tensorflow-gpuPyPI | < 1.15.5 | 1.15.5 |
tensorflow-gpuPyPI | >= 2.0.0, < 2.0.4 | 2.0.4 |
tensorflow-gpuPyPI | >= 2.1.0, < 2.1.3 | 2.1.3 |
tensorflow-gpuPyPI | >= 2.2.0, < 2.2.2 | 2.2.2 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
Affected products
1- Range: < 1.15.5
Patches
114755416e364Prevent CHECK-fail in LSTM/GRU with zero-length input.
1 file changed · +6 −2
tensorflow/stream_executor/cuda/cuda_dnn.cc+6 −2 modified@@ -1468,7 +1468,9 @@ class CudnnRnnSequenceTensorDescriptor static port::StatusOr<CudnnRnnSequenceTensorDescriptor> Create( GpuExecutor* parent, int max_seq_length, int batch_size, int data_size, cudnnDataType_t data_type) { - CHECK_GT(max_seq_length, 0); + if (max_seq_length <= 0) { + return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0"); + } int dims[] = {batch_size, data_size, 1}; int strides[] = {dims[1] * dims[2], dims[2], 1}; TensorDescriptor tensor_desc = CreateTensorDescriptor(); @@ -1486,7 +1488,9 @@ class CudnnRnnSequenceTensorDescriptor GpuExecutor* parent, int max_seq_length, int batch_size, int data_size, const absl::Span<const int>& seq_lengths, bool time_major, cudnnDataType_t data_type) { - CHECK_GT(max_seq_length, 0); + if (max_seq_length <= 0) { + return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0"); + } int dims[] = {batch_size, data_size, 1}; int strides[] = {dims[1] * dims[2], dims[2], 1}; TensorDescriptor tensor_desc = CreateTensorDescriptor();
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-m648-33qf-v3gpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26270ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-301.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-336.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-256.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gpghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.