CVE-2020-15193

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15193

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15193.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15193

Aliases

Downstream

openSUSE-SU-2020:1766-1

Related

Published

2020-09-25T19:15:14Z

Modified

2025-10-21T06:00:55.981631Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator

Summary

[none]

Details

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22e07fb204386768e5bcbea563641ea11f96ceb8

Fixed

fcc4b966f1265f466e82617020af93670141b009

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.3.0

v2.3.0-rc0

v2.3.0-rc1

v2.3.0-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
        "target": {
            "function": "TFE_HandleToDLPack",
            "file": "tensorflow/c/eager/dlpack.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-15193-28b47c62",
        "signature_version": "v1",
        "digest": {
            "length": 1068.0,
            "function_hash": "302909230814631908500873842520316055001"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
        "target": {
            "function": "PYBIND11_MODULE",
            "file": "tensorflow/python/tfe_wrapper.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-15193-5c62b918",
        "signature_version": "v1",
        "digest": {
            "length": 40733.0,
            "function_hash": "24753109135250677179816536229137657275"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
        "target": {
            "file": "tensorflow/python/tfe_wrapper.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-15193-61b62625",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203184394093938566735101442339476286402",
                "5057783822461729014686159011822875566",
                "276337694304556640652692797546760300494",
                "324519683375647210480153687631467865768",
                "150394200301454229501015301415659583403",
                "193926713344694573779654214522808465940"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
        "target": {
            "file": "tensorflow/c/eager/dlpack.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-15193-ba7f858a",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "292945338278192546795872999715438919692",
                "8499956686667079679287218720624198012",
                "307114024074474464007071230750556435264",
                "328636996453833581469835052556533486484",
                "330074296641229322375849268324042839247",
                "297098567421169699229427655622528681499",
                "5005939368759929207605833461930312587",
                "71125840436849761506943478301431655003",
                "188619440248625237133937985021060796580",
                "238407969739438406160217647691629800386",
                "270117986294955159119535060630390044808",
                "195004349352804827391322080325011119731",
                "141444573330419127191167987337461451144",
                "150569583603784431261765181427430532486",
                "153618812154243453255623643549632453896",
                "48503017837638972005747806247883235751",
                "132225355395750670746629296731937542309",
                "96071311886532311406221375120395617570",
                "105512974983660108519637253708194445101",
                "78023981141124778261323221962248709649",
                "291525630689812036460554464906136495752",
                "200733148512573282717005722123763233839"
            ]
        },
        "signature_type": "Line"
    }
]