Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15211 (GCVE-0-2020-15211)
Vulnerability from cvelistv5
Published
2020-09-25 18:45
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Version: < 1.15.4 Version: >= 2.0.0, < 2.0.3 Version: >= 2.1.0, < 2.1.2 Version: >= 2.2.0, < 2.2.1 Version: >= 2.3.0, < 2.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"name": "openSUSE-SU-2020:1766",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "{\"CWE-125\":\"Out-of-bounds Read\"}",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "{\"CWE-787\":\"Out-of-bounds Write\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T15:06:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"name": "openSUSE-SU-2020:1766",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"source": {
"advisory": "GHSA-cvpc-8phh-8f45",
"discovery": "UNKNOWN"
},
"title": "Out of bounds access in tensorflow-lite",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15211",
"STATE": "PUBLIC",
"TITLE": "Out of bounds access in tensorflow-lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 1.15.4"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"version_value": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"version_value": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-125\":\"Out-of-bounds Read\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-787\":\"Out-of-bounds Write\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
},
"source": {
"advisory": "GHSA-cvpc-8phh-8f45",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15211",
"datePublished": "2020-09-25T18:45:24",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-15211\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-09-25T19:15:16.400\",\"lastModified\":\"2024-11-21T05:05:05.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.\"},{\"lang\":\"es\",\"value\":\"En TensorFlow Lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, los modelos guardados en formato flatbuffer usan un esquema de indexaci\u00f3n doble: un modelo tiene un conjunto de subgr\u00e1ficos, cada subgr\u00e1fico tiene un conjunto de operadores y cada operador tiene un conjunto de tensores de entrada/salida. El formato flatbuffer usa \u00edndices para los tensores, indexando en una matriz de tensores que es propiedad del subgr\u00e1fico. Esto resulta en un patr\u00f3n de indexaci\u00f3n de doble matriz cuando intenta obtener los datos de cada tensor. Sin embargo, algunos operadores pueden tener algunos tensores opcionales. Para manejar este escenario, el modelo flatbuffer usa un valor negativo \\\"-1\\\" como \u00edndice para estos tensores. Esto resulta en un cubierta especial durante la comprobaci\u00f3n en el momento de la carga del modelo. Desafortunadamente, esto significa que el \u00edndice \\\"-1\\\" es un \u00edndice tensorial v\u00e1lido para cualquier operador, incluyendo aquellos que no esperan entradas opcionales e incluso para tensores de salida. Por tanto, esto permite escribir y leer desde fuera de los l\u00edmites de los arreglos asignados de la pila, aunque solo en un desplazamiento espec\u00edfico desde el inicio de estos arreglos. Esto resulta en gadgets de lectura y escritura, aunque con un alcance muy limitado. El problema es parcheado en varias commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21 y fff2c83) y es publicado en TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1. Una soluci\u00f3n alternativa potencial ser\u00eda agregar un \\\"Verifier\\\" personalizado al c\u00f3digo de carga del modelo para garantizar que solo los operadores que aceptan entradas opcionales usen el valor especial \\\"-1\\\" y solo para los tensores que esperan que sean opcionales. Dado que este enfoque de tipo allow-list es propenso a errores, recomendamos actualizar al c\u00f3digo parcheado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionEndExcluding\":\"1.15.4\",\"matchCriteriaId\":\"7A5421A9-693F-472A-9A21-43950C884C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.3\",\"matchCriteriaId\":\"B0FEB74E-5E54-4A2F-910C-FA1812C73DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"47D83682-6615-49BC-8043-F36B9D017578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.1\",\"matchCriteriaId\":\"323B716A-E8F7-4CDA-B8FD-A56977D59C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.1\",\"matchCriteriaId\":\"C09502A8-B667-4867-BEBD-40333E98A601\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
pysec-2020-326
Vulnerability from pysec
Published
2020-09-25 19:15
Modified
2021-12-09 06:35
Details
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative -1 value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the -1 index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom Verifier to the model loading code to ensure that only operators which accept optional inputs use the -1 special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
Impacted products
| Name | purl | tensorflow-gpu | pkg:pypi/tensorflow-gpu |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu",
"purl": "pkg:pypi/tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"fixed": "cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"fixed": "46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"fixed": "00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"fixed": "fff2c8326280c07733828f990548979bdc893859"
},
{
"fixed": "1970c2158b1ffa416d159d03c3370b9a462aee35"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.12.0",
"0.12.1",
"1.0.0",
"1.0.1",
"1.1.0",
"1.10.0",
"1.10.1",
"1.11.0",
"1.12.0",
"1.12.2",
"1.12.3",
"1.13.1",
"1.13.2",
"1.14.0",
"1.15.0",
"1.15.2",
"1.15.3",
"1.2.0",
"1.2.1",
"1.3.0",
"1.4.0",
"1.4.1",
"1.5.0",
"1.5.1",
"1.6.0",
"1.7.0",
"1.7.1",
"1.8.0",
"1.9.0",
"2.0.0",
"2.0.1",
"2.0.2",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"details": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"id": "PYSEC-2020-326",
"modified": "2021-12-09T06:35:15.416974Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
pysec-2020-134
Vulnerability from pysec
Published
2020-09-25 19:15
Modified
2020-10-29 16:15
Details
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative -1 value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the -1 index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom Verifier to the model loading code to ensure that only operators which accept optional inputs use the -1 special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
Impacted products
| Name | purl | tensorflow | pkg:pypi/tensorflow |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow",
"purl": "pkg:pypi/tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"fixed": "cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"fixed": "46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"fixed": "00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"fixed": "fff2c8326280c07733828f990548979bdc893859"
},
{
"fixed": "1970c2158b1ffa416d159d03c3370b9a462aee35"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.12.0rc0",
"0.12.0rc1",
"0.12.0",
"0.12.1",
"1.0.0",
"1.0.1",
"1.1.0rc0",
"1.1.0rc1",
"1.1.0rc2",
"1.1.0",
"1.2.0rc0",
"1.2.0rc1",
"1.2.0rc2",
"1.2.0",
"1.2.1",
"1.3.0rc0",
"1.3.0rc1",
"1.3.0rc2",
"1.3.0",
"1.4.0rc0",
"1.4.0rc1",
"1.4.0",
"1.4.1",
"1.5.0rc0",
"1.5.0rc1",
"1.5.0",
"1.5.1",
"1.6.0rc0",
"1.6.0rc1",
"1.6.0",
"1.7.0rc0",
"1.7.0rc1",
"1.7.0",
"1.7.1",
"1.8.0rc0",
"1.8.0rc1",
"1.8.0",
"1.9.0rc0",
"1.9.0rc1",
"1.9.0rc2",
"1.9.0",
"1.10.0rc0",
"1.10.0rc1",
"1.10.0",
"1.10.1",
"1.11.0rc0",
"1.11.0rc1",
"1.11.0rc2",
"1.11.0",
"1.12.0rc0",
"1.12.0rc1",
"1.12.0rc2",
"1.12.0",
"1.12.2",
"1.12.3",
"1.13.0rc0",
"1.13.0rc1",
"1.13.0rc2",
"1.13.1",
"1.13.2",
"1.14.0rc0",
"1.14.0rc1",
"1.14.0",
"1.15.0rc0",
"1.15.0rc1",
"1.15.0rc2",
"1.15.0rc3",
"1.15.0",
"1.15.2",
"1.15.3",
"2.0.0",
"2.0.1",
"2.0.2",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"details": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"id": "PYSEC-2020-134",
"modified": "2020-10-29T16:15:00Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
pysec-2020-291
Vulnerability from pysec
Published
2020-09-25 19:15
Modified
2021-12-09 06:34
Details
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative -1 value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the -1 index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom Verifier to the model loading code to ensure that only operators which accept optional inputs use the -1 special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
Impacted products
| Name | purl | tensorflow-cpu | pkg:pypi/tensorflow-cpu |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu",
"purl": "pkg:pypi/tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"fixed": "cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"fixed": "46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"fixed": "00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"fixed": "fff2c8326280c07733828f990548979bdc893859"
},
{
"fixed": "1970c2158b1ffa416d159d03c3370b9a462aee35"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.15.0",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"details": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"id": "PYSEC-2020-291",
"modified": "2021-12-09T06:34:43.650264Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
opensuse-su-2020:1766-1
Vulnerability from csaf_opensuse
Published
2020-10-29 11:23
Modified
2020-10-29 11:23
Summary
Security update for tensorflow2
Notes
Title of the patch
Security update for tensorflow2
Description of the patch
This update for tensorflow2 fixes the following issues:
- updated to 2.1.2 with following fixes (boo#1177022):
* Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
* Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
* Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
* Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
* Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
* Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
* Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
* Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
* Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
* Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
* Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
Patchnames
openSUSE-2020-1766
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tensorflow2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tensorflow2 fixes the following issues:\n\n- updated to 2.1.2 with following fixes (boo#1177022):\n * Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)\n * Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)\n * Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)\n * Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)\n * Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)\n * Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)\n * Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)\n * Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)\n * Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)\n * Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)\n * Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1766",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1766-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1766-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1766-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"
},
{
"category": "self",
"summary": "SUSE Bug 1173314",
"url": "https://bugzilla.suse.com/1173314"
},
{
"category": "self",
"summary": "SUSE Bug 1175099",
"url": "https://bugzilla.suse.com/1175099"
},
{
"category": "self",
"summary": "SUSE Bug 1175789",
"url": "https://bugzilla.suse.com/1175789"
},
{
"category": "self",
"summary": "SUSE Bug 1177022",
"url": "https://bugzilla.suse.com/1177022"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15190 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15191 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15192 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15193 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15194 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15195 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15202 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15203 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15204 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15205 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15206 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15207 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15208 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15209 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15210 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15211/"
}
],
"title": "Security update for tensorflow2",
"tracking": {
"current_release_date": "2020-10-29T11:23:39Z",
"generator": {
"date": "2020-10-29T11:23:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1766-1",
"initial_release_date": "2020-10-29T11:23:39Z",
"revision_history": [
{
"date": "2020-10-29T11:23:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15190"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15190",
"url": "https://www.suse.com/security/cve/CVE-2020-15190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15190"
},
{
"cve": "CVE-2020-15191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15191"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15191",
"url": "https://www.suse.com/security/cve/CVE-2020-15191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15191"
},
{
"cve": "CVE-2020-15192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15192"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15192",
"url": "https://www.suse.com/security/cve/CVE-2020-15192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15192"
},
{
"cve": "CVE-2020-15193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15193"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15193",
"url": "https://www.suse.com/security/cve/CVE-2020-15193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15193"
},
{
"cve": "CVE-2020-15194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15194"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15194",
"url": "https://www.suse.com/security/cve/CVE-2020-15194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15194"
},
{
"cve": "CVE-2020-15195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15195"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15195",
"url": "https://www.suse.com/security/cve/CVE-2020-15195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15195"
},
{
"cve": "CVE-2020-15202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15202"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15202",
"url": "https://www.suse.com/security/cve/CVE-2020-15202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15202"
},
{
"cve": "CVE-2020-15203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15203"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15203",
"url": "https://www.suse.com/security/cve/CVE-2020-15203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15203"
},
{
"cve": "CVE-2020-15204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15204"
}
],
"notes": [
{
"category": "general",
"text": "In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx-\u003esession_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15204",
"url": "https://www.suse.com/security/cve/CVE-2020-15204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15204"
},
{
"cve": "CVE-2020-15205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15205"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15205",
"url": "https://www.suse.com/security/cve/CVE-2020-15205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "important"
}
],
"title": "CVE-2020-15205"
},
{
"cve": "CVE-2020-15206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15206"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow\u0027s `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15206",
"url": "https://www.suse.com/security/cve/CVE-2020-15206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15206"
},
{
"cve": "CVE-2020-15207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15207"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python\u0027s indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15207",
"url": "https://www.suse.com/security/cve/CVE-2020-15207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "critical"
}
],
"title": "CVE-2020-15207"
},
{
"cve": "CVE-2020-15208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15208"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15208",
"url": "https://www.suse.com/security/cve/CVE-2020-15208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "important"
}
],
"title": "CVE-2020-15208"
},
{
"cve": "CVE-2020-15209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15209"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15209",
"url": "https://www.suse.com/security/cve/CVE-2020-15209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15209"
},
{
"cve": "CVE-2020-15210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15210"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15210",
"url": "https://www.suse.com/security/cve/CVE-2020-15210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15210"
},
{
"cve": "CVE-2020-15211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15211"
}
],
"notes": [
{
"category": "general",
"text": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15211",
"url": "https://www.suse.com/security/cve/CVE-2020-15211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15211"
}
]
}
fkie_cve-2020-15211
Vulnerability from fkie_nvd
Published
2020-09-25 19:15
Modified
2024-11-21 05:05
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "7A5421A9-693F-472A-9A21-43950C884C77",
"versionEndExcluding": "1.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "B0FEB74E-5E54-4A2F-910C-FA1812C73DB2",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "47D83682-6615-49BC-8043-F36B9D017578",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "323B716A-E8F7-4CDA-B8FD-A56977D59C02",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "C09502A8-B667-4867-BEBD-40333E98A601",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code."
},
{
"lang": "es",
"value": "En TensorFlow Lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, los modelos guardados en formato flatbuffer usan un esquema de indexaci\u00f3n doble: un modelo tiene un conjunto de subgr\u00e1ficos, cada subgr\u00e1fico tiene un conjunto de operadores y cada operador tiene un conjunto de tensores de entrada/salida. El formato flatbuffer usa \u00edndices para los tensores, indexando en una matriz de tensores que es propiedad del subgr\u00e1fico. Esto resulta en un patr\u00f3n de indexaci\u00f3n de doble matriz cuando intenta obtener los datos de cada tensor. Sin embargo, algunos operadores pueden tener algunos tensores opcionales. Para manejar este escenario, el modelo flatbuffer usa un valor negativo \"-1\" como \u00edndice para estos tensores. Esto resulta en un cubierta especial durante la comprobaci\u00f3n en el momento de la carga del modelo. Desafortunadamente, esto significa que el \u00edndice \"-1\" es un \u00edndice tensorial v\u00e1lido para cualquier operador, incluyendo aquellos que no esperan entradas opcionales e incluso para tensores de salida. Por tanto, esto permite escribir y leer desde fuera de los l\u00edmites de los arreglos asignados de la pila, aunque solo en un desplazamiento espec\u00edfico desde el inicio de estos arreglos. Esto resulta en gadgets de lectura y escritura, aunque con un alcance muy limitado. El problema es parcheado en varias commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21 y fff2c83) y es publicado en TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1. Una soluci\u00f3n alternativa potencial ser\u00eda agregar un \"Verifier\" personalizado al c\u00f3digo de carga del modelo para garantizar que solo los operadores que aceptan entradas opcionales usen el valor especial \"-1\" y solo para los tensores que esperan que sean opcionales. Dado que este enfoque de tipo allow-list es propenso a errores, recomendamos actualizar al c\u00f3digo parcheado"
}
],
"id": "CVE-2020-15211",
"lastModified": "2024-11-21T05:05:05.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T19:15:16.400",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
gsd-2020-15211
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15211",
"description": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"id": "GSD-2020-15211",
"references": [
"https://www.suse.com/security/cve/CVE-2020-15211.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15211"
],
"details": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"id": "GSD-2020-15211",
"modified": "2023-12-13T01:21:43.584282Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15211",
"STATE": "PUBLIC",
"TITLE": "Out of bounds access in tensorflow-lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 1.15.4"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"version_value": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"version_value": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-125\":\"Out-of-bounds Read\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-787\":\"Out-of-bounds Write\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
},
"source": {
"advisory": "GHSA-cvpc-8phh-8f45",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-787",
"CWE-937"
],
"date": "2020-10-29",
"description": "In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope.",
"fixed_versions": [
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15211",
"identifiers": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow-cpu",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Out-of-bounds Write",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15211"
],
"uuid": "01eb50d7-88cf-42fa-8e44-2cb0222ac4cb"
},
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-787",
"CWE-937"
],
"date": "2020-10-29",
"description": "In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of `input/output` tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope.",
"fixed_versions": [
"1.15.4",
"2.0.3",
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15211",
"identifiers": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow-gpu",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Out-of-bounds Write",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15211"
],
"uuid": "059fbfa1-83f7-4b4a-9fb9-385cc3a17bcd"
},
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-787",
"CWE-937"
],
"date": "2021-09-16",
"description": "In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope.",
"fixed_versions": [
"1.15.4",
"2.0.3",
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15211",
"identifiers": [
"CVE-2020-15211",
"GHSA-cvpc-8phh-8f45"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Out-of-bounds Write",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15211"
],
"uuid": "27ef4580-ba7a-4a52-89d7-f8caacb038db"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15211"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
},
"lastModifiedDate": "2021-09-16T15:45Z",
"publishedDate": "2020-09-25T19:15Z"
}
}
}
ghsa-cvpc-8phh-8f45
Vulnerability from github
Published
2020-09-25 18:28
Modified
2024-10-28 15:02
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
6.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
Summary
Out of bounds access in tensorflow-lite
Details
Impact
In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/kernel_util.cc#L36
However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative -1 value as index for these tensors:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/c/common.h#L82
This results in special casing during validation at model loading time: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L566-L580
Unfortunately, this means that the -1 index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays.
This results in both read and write gadgets, albeit very limited in scope.
Patches
We have patched the issue in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). We will release patch releases for all versions between 1.15 and 2.3.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Workarounds
A potential workaround would be to add a custom Verifier to the model loading code to ensure that only operators which accept optional inputs use the -1 special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15211"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-25T18:13:16Z",
"nvd_published_at": "2020-09-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIn TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/kernel_util.cc#L36\n\nHowever, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/c/common.h#L82\n\nThis results in special casing during validation at model loading time: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L566-L580\n\nUnfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays.\n\nThis results in both read and write gadgets, albeit very limited in scope.\n\n### Patches\nWe have patched the issue in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). We will release patch releases for all versions between 1.15 and 2.3.\n\nWe recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\n\n### Workarounds\nA potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-cvpc-8phh-8f45",
"modified": "2024-10-28T15:02:07Z",
"published": "2020-09-25T18:28:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15211"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f911af101dc0ce0eec17a8740bec9b613ae4195e"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e6b213cebb56f485bd400961a2ed109aeeac9d3c"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e47eb1453f35666795a31e208c28922b08756c69"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d8f8236c29744b8e3247c083fd21c9a87180505c"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c22736982844d19af623ccd7d33e2d199493eee7"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/7e283f97d8c784d3eae5062d9de25d0f432ad239"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/42ed6ac86856956da65b5957a26fab130ff9471c"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/38cbad757b2e1c0d64b95e4582408fa66627a67c"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1a8528bfb572884eb8137dab1bf649705c960c47"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/0b5be2717a19ca7bf505369eb8bdd341405d263d"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/kernel_util.cc#L36"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L566-L580"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/c/common.h#L82"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-134.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-326.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-291.yaml"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Out of bounds access in tensorflow-lite"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…