Vulnerabilities > CVE-2020-15204
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Vulnerable Configurations
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
- https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1
- https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1
- https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8