Published: 25/09/2020 Updated: 18/11/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Tensorflow prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google tensorflow
opensuse leap 15.2

CWE-20 CWE-476 https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4 https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15190

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect