[Bug 1179943] New: VUL-1: CVE-2020-26268: tensorflow, tensorflow2: Segfault due to invalid assumption (immutable memory mapped file)
http://bugzilla.opensuse.org/show_bug.cgi?id=1179943 Bug ID: 1179943 Summary: VUL-1: CVE-2020-26268: tensorflow, tensorflow2: Segfault due to invalid assumption (immutable memory mapped file) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/273149/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cgoll@suse.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-26268 In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26268 https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb647006... https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-... -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com