CVE-2020-26266

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-26266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-26266

Aliases

Downstream

openSUSE-SU-2022:10014-1

openSUSE-SU-2024:12116-1

Related

Published

2020-12-10T23:15:12.647Z

Modified

2026-02-05T21:47:37.792710Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Fixed

3db52be7be81a87c623cdeb7f03d3767521c5246

Introduced

e5bf8de410005de06a7ff5393fafdf832ef1d4ad

Fixed

77f47d6ed6ca1f50b6f2c4919097e625d50398a9

Introduced

b36436b087bd8e8701ef51718179037cccdfc26e

Fixed

9edbe5075f79a4a95ed14a2be831f9b59e61f49d

Fixed

ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2

Introduced

64c3d382cadf7bbe8e7e99884bede8284ff67f56

Fixed

cdf2c541c3dd3fb6d03cce4d23fc6c548bc9017c

Introduced

2b96f3662bd776e277f86997659e61046b56c315

Fixed

d745ff2a48cebf18e847e8b602a744e97e058946

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2",
        "id": "CVE-2020-26266-f0f3d529",
        "target": {
            "file": "third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h"
        },
        "digest": {
            "line_hashes": [
                "231289252184868460530183455252448555701",
                "91757656206247693469837762295996955821",
                "66970839959035880307393909995951173698",
                "11518239365843261293496394939609917096",
                "242992934956458659375590923280164619168",
                "206277749462441338750747845374400206475",
                "86034811856627147695209182625229439334",
                "301585017095876410194697264531438450888",
                "207633293496491729828571013863742450776",
                "106132110187779549802454677573216740439",
                "198031268189036871478006492995747145398",
                "35830025694834872425823996469298033687",
                "214103932759733219701062748452444376",
                "258797823279588062531381319958224446467",
                "193686778271171616397672057532987456773",
                "283270390044034441146718569701339457380",
                "243696162080901553351425793210896891130",
                "60562352571251926566214593113919123499",
                "240740306320204458167942422132404988553",
                "3000219045584667782366701494661908717"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26266.json"