Vulnerability Details : CVE-2020-26271

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Published 2020-12-10 22:15:12

Updated 2020-12-14 18:35:46

Source GitHub, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-26271

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-26271

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	1.8	2.5	security-advisories@github.com
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2020-26271

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-26271

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw

Heap out of bounds access in MakeEdge · Advisory · tensorflow/tensorflow · GitHub
Exploit;Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b

Prevent unitialized memory access in `GraphConstructor::MakeEdge` · tensorflow/tensorflow@0cc38aa · GitHub
Patch;Third Party Advisory

Products affected by CVE-2020-26271

Google » Tensorflow
Versions from including (>=) 2.1.0 and before (<) 2.1.3
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.2.0 and before (<) 2.2.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.0.0 and before (<) 2.0.4
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions before (<) 1.15.5
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.3.0 and before (<) 2.3.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions