CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26266 – Uninitialized memory access in Eigen types in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26266
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, en determinados casos, un modelo guardado puede activar el uso de valores no inicializados durante la ejecución del código. Esto es debido a que los búferes de tensor se llenan con el valor predeterminado del tipo, pero se olvidan de inicializar por defecto los tipos de punto flotante cuantificados en Eigen. • https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26267 – Lack of validation in data format attributes in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26267
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow, la API tf.raw_ops.DataFormatVecPermute no comprueba los atributos src_format y dst_format. • https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26268 – Write to immutable memory region in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26268
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. • https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6 • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-26269 – Heap out of bounds read in filesystem glob matching in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26269
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. • https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26270 – CHECK-fail in LSTM with zero-length input in TensorFlow
https://notcve.org/view.php?id=CVE-2020-26270
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. En las versiones afectadas de TensorFlow que ejecutan un modelo LSTM/GRU donde la capa LSTM/GRU recibe una entrada con longitud cero, se produce un fallo de COMPROBACIÓN cuando se usa el backend CUDA. Esto puede resultar en una vulnerabilidad query-of-death, por medio de la denegación de servicio, si los usuarios pueden controlar la entrada a la capa. • https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp • CWE-20: Improper Input Validation •