IBM803324ED2DE4C3B08F169DF45DEBE6C1EA9A8B7E1AAC50635272FEDA912303A5Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow .
Vulnerability Details
CVEID:CVE-2020-26270
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a query-of-death flaw when running an LSTM/GRU model. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a CHECK failure when using the CUDA backend.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193281 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-26266
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw in Eigen types during code execution. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193277 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
CVEID:CVE-2020-26269
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the general implementation for matching filesystem paths to globbing pattern. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to causes the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193280 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-26268
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a modification of assumed-immutable data issue. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a segmentation fault.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193279 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
CVEID:CVE-2020-26271
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw while building the computation graph. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-26267
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw when validating the src_format and dst_format attributes by the tf.raw_ops.DataFormatVecPermute API. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193278 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-15265
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by a segfault in tf.quantization.quantize_and_dequantize. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190507 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-15266
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by a segfault in tf.image.crop_and_resize. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190506 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 2.0.0-2.2.0 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 2.2.1
<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| watson discovery | eq | 2.0.0 | |
| watson discovery | eq | 2.2.0 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P