http://bugzilla.opensuse.org/show_bug.cgi?id=1179946 Bug ID: 1179946 Summary: VUL-1: CVE-2020-26266: tensorflow, tensorflow2: Use of unitialized values Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/273147/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cgoll@suse.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-26266 In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Leap and Factory affected References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26266 https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabb... https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-... -- You are receiving this mail because: You are on the CC list for the bug.