CVE-2020-15214

Name of the Vulnerable Software and Affected Versions TensorFlow Lite versions prior to 2.2.1 TensorFlow Lite versions prior to 2.3.1

Description The issue arises when models using segment sum have unsorted segment ids, causing the code to assume they are in increasing order. This leads to insufficient memory allocation for the output tensor and a potential write outside the bounds of the output array, usually resulting in a segmentation fault. Depending on runtime conditions, it can also provide a write gadget for future memory corruption-based exploits.

Recommendations For versions prior to 2.2.1, upgrade to TensorFlow 2.2.1. For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1. As a temporary workaround for some cases, consider adding a custom Verifier to the model loading code to ensure that the segment ids are sorted. If the segment ids are generated as outputs of a tensor during inference steps, there are no possible workarounds and users are advised to upgrade to patched code.