CVE-2020-15191 — MEDIUM (5.3)

Vulnerability Description

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Google	Tensorflow	2.2.0
Opensuse	Leap	15.2

Related Weaknesses (CWE)

CWE-20 CWE-476 CWE-252

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea1PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphrExploitThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea1PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphrExploitThird Party Advisory

FAQ

What is CVE-2020-15191?

CVE-2020-15191 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` va...

How severe is CVE-2020-15191?

CVE-2020-15191 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15191?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow, Opensuse Leap.