Vulnerability Name:

CVE-2020-26270 (CCN-193281)

Assigned:2020-12-09
Published:2020-12-09
Updated:2020-12-14
Summary:In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-26270

Source: XF
Type: UNKNOWN
tensorflow-cve202026270-dos(193281)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3

Source: CCN
Type: TensorFlow GIT Repository
CHECK-fail in LSTM with zero-length input

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp

Source: CCN
Type: IBM Security Bulletin 6412349 (Watson Machine Learning Community Edition)
TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.

Source: CCN
Type: IBM Security Bulletin 6416135 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Source: CCN
Type: IBM Security Bulletin 6469403 (Watson Machine Learning on CP4D)
Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version < 1.15.5)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.4)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.1.0 and < 2.1.3)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.2.0 and < 2.2.2)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.3.0 and < 2.3.2)

    • Configuration CCN 1:
  • cpe:/a:google:tensorflow:2.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.3.0:*:*:*:-:*:*:*
  • AND
  • cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_machine_learning:1.6.2:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:watson_machine_learning:1.7.0:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google tensorflow *
    google tensorflow *
    google tensorflow *
    google tensorflow *
    google tensorflow *
    tensorflow tensorflow 2.0.0 -
    tensorflow tensorflow 2.1.1
    tensorflow tensorflow 2.2.0
    tensorflow tensorflow 2.3.0
    ibm watson discovery 2.0.0
    ibm watson machine learning 1.6.2
    ibm watson machine learning 1.7.0
    ibm watson discovery 2.2.0