PT-2020-14280 · Google+1 · Tensorflow+1
Published
2020-09-25
·
Updated
2024-03-06
·
CVE-2020-15209
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 1.15.4
TensorFlow versions prior to 2.0.3
TensorFlow versions prior to 2.1.2
TensorFlow versions prior to 2.2.1
TensorFlow versions prior to 2.3.1
Description
A crafted TFLite model can force a node to have as input a tensor backed by a
nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with nullptr. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.Recommendations
Upgrade to TensorFlow 1.15.4
Upgrade to TensorFlow 2.0.3
Upgrade to TensorFlow 2.1.2
Upgrade to TensorFlow 2.2.1
Upgrade to TensorFlow 2.3.1
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Tensorflow