CVE-2020-15204

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1

Description In eager mode, TensorFlow does not set the session state, resulting in a null pointer dereference when calling tf.raw ops.GetSessionHandle or tf.raw ops.GetSessionHandleV2. This occurs because ctx->session state() returns nullptr and the code immediately dereferences it, causing a segmentation fault.

Recommendations Upgrade to TensorFlow version 1.15.4 or later Upgrade to TensorFlow version 2.0.3 or later Upgrade to TensorFlow version 2.1.2 or later Upgrade to TensorFlow version 2.2.1 or later Upgrade to TensorFlow version 2.3.1 or later

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BIT-TENSORFLOW-2020-15204

CVE-2020-15204

GHSA-Q8GV-Q7WR-9JF8

OPENSUSE-SU-2020:1766-1

OPENSUSE-SU-2020_1766-1

OPENSUSE-SU-2024:12116-1

PYSEC-2020-127

PYSEC-2020-284

PYSEC-2020-319

Affected Products

Suse

Tensorflow

CVE-2020-15204

Weakness Enumeration

Related Identifiers

Affected Products

References · 37