CVE-2020-26271

Heap out of bounds access in MakeEdge in TensorFlow

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

En las versiones afectadas de TensorFlow en determinados casos, cargar un modelo guardado puede resultar en el acceso a la memoria no inicializada mientras se construye el gráfico de computación. La función MakeEdge crea un perímetro entre un tensor de salida del nodo src (dado por output_index) y la ranura de entrada del nodo dst (dado por input_index). Esto solo es posible si los tipos de tensores en ambos lados coinciden, por lo que la función comienza obteniendo los valores de DataType correspondientes y comparándolos para la igualdad. Sin embargo, no se comprueba que los índices apunten al interior de las matrices en las que indexan. Por lo tanto, esto puede resultar en un acceso a datos fuera de límites de los correspondientes arreglos asignados a la pila. En la mayoría de los escenarios, esto puede manifestarse como un acceso a los datos no inicializados, pero si el índice apunta lejos de los límites de las matrices, esto se puede usar para filtrar direcciones de la biblioteca. Esto es corregido en las versiones 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 y 2.4.0.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-01 CVE Reserved
2020-12-10 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read
CWE-908: Use of Uninitialized Resource

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw	2024-08-04

URL	Date	SRC
https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b	2020-12-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				< 1.15.5 Search vendor "Google" for product "Tensorflow" and version " < 1.15.5"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.0.0 < 2.0.4 Search vendor "Google" for product "Tensorflow" and version " >= 2.0.0 < 2.0.4"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.1.0 < 2.1.3 Search vendor "Google" for product "Tensorflow" and version " >= 2.1.0 < 2.1.3"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.2.0 < 2.2.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.2.0 < 2.2.2"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.3.0 < 2.3.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.3.0 < 2.3.2"		-		Affected