Vulnerability Name:

CVE-2020-26271 (CCN-193282)

Assigned:2020-12-09
Published:2020-12-09
Updated:2020-12-14
Summary:In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-125
CWE-908
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-26271

Source: XF
Type: UNKNOWN
tensorflow-cve202026271-info-disc(193282)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b

Source: CCN
Type: TensorFlow GIT Repository
Heap out of bounds access in MakeEdge

Source: CONFIRM
Type: Exploit, Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw

Source: CCN
Type: IBM Security Bulletin 6412349 (Watson Machine Learning Community Edition)
TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.

Source: CCN
Type: IBM Security Bulletin 6416135 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Source: CCN
Type: IBM Security Bulletin 6469403 (Watson Machine Learning on CP4D)
Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version < 1.15.5)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.4)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.1.0 and < 2.1.3)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.2.0 and < 2.2.2)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.3.0 and < 2.3.2)

    • Configuration CCN 1:
  • cpe:/a:google:tensorflow:2.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.3.0:*:*:*:-:*:*:*
  • AND
  • cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_machine_learning:1.6.2:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:watson_machine_learning:1.7.0:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google tensorflow *
    google tensorflow *
    google tensorflow *
    google tensorflow *
    google tensorflow *
    tensorflow tensorflow 2.0.0 -
    tensorflow tensorflow 2.1.1
    tensorflow tensorflow 2.2.0
    tensorflow tensorflow 2.3.0
    ibm watson discovery 2.0.0
    ibm watson machine learning 1.6.2
    ibm watson machine learning 1.7.0
    ibm watson discovery 2.2.0