IBME8D2C56DC1DDDC5A23A0389982E5C5B947BCF94B678670A424E7EEB0F8B03BFFSecurity Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has had various reported CVEID’s included below. These issues have been patched and users should update to the latest available versions.
Vulnerability Details
CVEID:CVE-2020-26270
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a query-of-death flaw when running an LSTM/GRU model. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a CHECK failure when using the CUDA backend.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193281 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-26266
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw in Eigen types during code execution. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193277 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
CVEID:CVE-2020-26269
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the general implementation for matching filesystem paths to globbing pattern. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to causes the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193280 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-26268
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a modification of assumed-immutable data issue. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a segmentation fault.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193279 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
CVEID:CVE-2020-26271
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw while building the computation graph. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-26267
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw when validating the src_format and dst_format attributes by the tf.raw_ops.DataFormatVecPermute API. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193278 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Machine Learning Community Edition | 1.6.2 |
| IBM Watson Machine Learning Community Edition | 1.7.0 |
Remediation/Fixes
New versions of TensorFlow have been published to the Watson Machine Learning Community Edition channel.
<https://public.dhe.ibm.com/ibmdl/export/pub/software/server/ibm-ai/conda/#/>
Users should update to the latest point releases for both Watson Machine Learning Community Edition 1.6.2 and 1.7.0 using the conda package manger tool.
For WML-CE 1.6.2, update using:
conda install tensorflow-gpu=1.15.5
or
conda install tensorflow=1.15.5
For WML-CE 1.7.0, update using:
conda install tensorflow-gpu=2.1.3
or
conda install tensorflow=2.1.3
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm powerai | eq | 1.6.2 | |
| ibm powerai | eq | 1.7.0 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P