GHSA-c9f3-9wfr-wgh7
Vulnerability from github
2.1 (Low) - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Impact
The tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC.
However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.
```python
import tensorflow as tf tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='1234', dst_format='1234') ... tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='HHHH', dst_format='WWWW') ... tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='H', dst_format='W') tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='1253') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='1223') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1224', dst_format='1423') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='432') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='12345678', dst_format='87654321') munmap_chunk(): invalid pointer Aborted ... tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]],
src_format='12345678', dst_format='87654321') ... tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]], src_format='12345678', dst_format='87654321') free(): invalid next size (fast) Aborted ```
A similar issue occurs in tf.raw_ops.DataFormatDimMap, for the same reasons:
```python
tf.raw_ops.DataFormatDimMap(x=[[1,5],[2,6],[3,7],[4,8]], src_format='1234', dst_format='8765') ```
Patches
We have patched the issue in GitHub commit ebc70b7a592420d3d2f359e4b1694c236b82c7ae and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.
Since this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26267"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": true,
"github_reviewed_at": "2020-12-10T19:05:08Z",
"nvd_published_at": "2020-12-10T23:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe `tf.raw_ops.DataFormatVecPermute` API does not validate the `src_format` and `dst_format` attributes. [The code](https://github.com/tensorflow/tensorflow/blob/304b96815324e6a73d046df10df6626d63ac12ad/tensorflow/core/kernels/data_format_ops.cc) assumes that these two arguments define a permutation of `NHWC`.\n\nHowever, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.\n\n```python\n\u003e\u003e\u003e import tensorflow as tf\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u00271234\u0027, dst_format=\u00271234\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 757100143], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u0027HHHH\u0027, dst_format=\u0027WWWW\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u0027H\u0027, dst_format=\u0027W\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 32701], dtype=int32)\u003e\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], \n src_format=\u00271234\u0027, dst_format=\u00271253\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 2, 939037184, 3], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n src_format=\u00271234\u0027, dst_format=\u00271223\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 32701, 2, 3], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n src_format=\u00271224\u0027, dst_format=\u00271423\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([1, 4, 3, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format=\u00271234\u0027, dst_format=\u0027432\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 3, 2, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\nmunmap_chunk(): invalid pointer\nAborted\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]], \n src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\n\u003ctf.Tensor: shape=(4, 2), dtype=int32, numpy=\narray([[71364624, 0],\n [71365824, 0],\n [ 560, 0],\n [ 48, 0]], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]], \n src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\nfree(): invalid next size (fast)\nAborted\n```\n\nA similar issue occurs in `tf.raw_ops.DataFormatDimMap`, for the same reasons:\n\n```python\n\u003e\u003e\u003e tf.raw_ops.DataFormatDimMap(x=[[1,5],[2,6],[3,7],[4,8]], src_format=\u00271234\u0027,\n\u003e\u003e\u003e dst_format=\u00278765\u0027)\n\u003ctf.Tensor: shape=(4, 2), dtype=int32, numpy=\narray([[1954047348, 1954047348],\n [1852793646, 1852793646],\n [1954047348, 1954047348],\n [1852793632, 1852793632]], dtype=int32)\u003e\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ebc70b7a592420d3d2f359e4b1694c236b82c7ae](https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae) and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.\n\nSince this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-c9f3-9wfr-wgh7",
"modified": "2024-10-28T20:02:35Z",
"published": "2020-12-10T19:07:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26267"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-298.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-333.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-140.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Lack of validation in data format attributes in TensorFlow"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.