CVE-2020-15265

Segfault in Tensorflow

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

En Tensorflow versiones anteriores a 2.4.0, un atacante puede pasar un valor de "axis" no válido a la función "tf.quantization.quantize_and_dequantize". Esto resulta en el acceso a una dimensión fuera del rango del tensor de entrada en la implementación del kernel de C++. Sin embargo, dim_size solo hace un DCHECK para comprobar el argumento y luego lo usa para acceder al elemento correspondiente de una matriz. Dado que en las compilaciones normales, las macros similares a "DCHECK" no son operativas, esto resulta en un fallo de segmentación y un acceso fuera de los límites de la matriz. El problema está parcheado en eccb7ec454e6617738554a255d77f08e60ee0808 y TensorFlow versión 2.4.0 se publicará con el parche. Los paquetes nocturnos de TensorFlow después de esta confirmación también resolverán el problema

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-25 CVE Reserved
2020-10-21 CVE Published
2023-05-28 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrfp-j2mp-hq9c	2024-08-04

URL	Date	SRC
https://github.com/tensorflow/tensorflow/commit/eccb7ec454e6617738554a255d77f08e60ee0808	2021-08-17
https://github.com/tensorflow/tensorflow/issues/42105	2021-08-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				< 2.4.0 Search vendor "Google" for product "Tensorflow" and version " < 2.4.0"		-		Affected