Bug ID 1179928
Summary VUL-0: CVE-2020-26271:tensorflow, tensorflow2: Loading a saved model can result in accessing uninitialized memory in the MakeEdge function
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
URL https://smash.suse.de/issue/273152/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee cgoll@suse.com
Reporter jsegitz@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

CVE-2020-26271

In affected versions of TensorFlow under certain cases, loading a saved model
can result in accessing uninitialized memory while building the computation
graph. The MakeEdge function creates an edge between one output tensor of the
src node (given by output_index) and the input slot of the dst node (given by
input_index). This is only possible if the types of the tensors on both sides
coincide, so the function begins by obtaining the corresponding DataType values
and comparing these for equality. However, there is no check that the indices
point to inside of the arrays they index into. Thus, this can result in
accessing data out of bounds of the corresponding heap allocated arrays. In
most
scenarios, this can manifest as unitialized data access, but if the index
points
far away from the boundaries of the arrays this can be used to leak addresses
from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2,
and 2.4.0.

Affects Leap 15.2 and Factory in both packages. Also tensorflow2 is in a lower
version in Factory than in Leap, that shouldn't be the case

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26271
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26271
https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b

You are receiving this mail because: