CVE-2020-15207 — HIGH (8.7)

Q: How severe is CVE-2020-15207?

CVE-2020-15207 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15207?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow, Opensuse Leap.

Vulnerability Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CVSS Score

8.7

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Tensorflow	< 1.15.4
Opensuse	Leap	15.2

Related Weaknesses (CWE)

CWE-119 CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34ExploitThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34ExploitThird Party Advisory

FAQ

What is CVE-2020-15207?

CVE-2020-15207 is a vulnerability with a CVSS score of 8.7 (HIGH). In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. How...

How severe is CVE-2020-15207?

CVE-2020-15207 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15207?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow, Opensuse Leap.