Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server

Summary

TensorFlow is vulnerable to a heap-based buffer overflow and denial of service on IBM Watson Machine Learning Server

Vulnerability Details

CVEID:CVE-2020-15201
**DESCRIPTION:**TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the RaggedCountSparseOutput implementation . By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188940 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-15196
**DESCRIPTION:**TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SparseCountSparseOutput and RaggedCountSparseOutput implementations implementations. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188925 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-15213
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out of memory allocation in the TFLite implementation of segment sum. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188972 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-15192
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a memory leak when passing a list of strings to dlpack.to_dlpack. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-15209
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in TFLite. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188960 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-15205
**DESCRIPTION:**TensorFlow could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the data_splits argument of tf.raw_ops.StringNGrams. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain contents of the memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188944 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-15191
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the dlpack.to_dlpack function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188920 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-15208
**DESCRIPTION:**TensorFlow could allow a remote attacker to bypass security restrictions, caused by a data corruption flaw when a dimension mismatch occurs in TFLite. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and write outside of bounds of memory.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188959 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2020-15204
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when calling tf.raw_ops.GetSessionHandle or tf.raw_ops.GetSessionHandleV2 functions in eager mode. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188943 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-15200
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a improper input validation by the RaggedCountSparseOutput implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188939 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-15195
**DESCRIPTION:**TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SparseFillEmptyRowsGrad implementation. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188924 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-15212
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds access flaw in the TFLite implementation of segment sum. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault and memory corruption.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188971 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H)

CVEID:CVE-2020-15199
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation in the RaggedCountSparseOutput function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188938 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-15194
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the SparseFillEmptyRowsGrad implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188923 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-15211
**DESCRIPTION:**TensorFlow could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds access flaw in the TFLite operators. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and write from outside the bounds of heap allocated arrays.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-15207
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault data corruption flaw when using negative indexing in TFLite. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 8.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188958 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H)

CVEID:CVE-2020-15203
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the fill argument in tf.strings.as_string. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-15206
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a flaw when changing the SavedModel protocol buffer and altering the name of required keys. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause segmentation fault and data corruption.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188945 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-15202
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer truncation in Shard API. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault, read or write outside of heap allocated arrays, stack overflows, or data corruption.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188941 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-15197
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the SparseCountSparseOutput implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188926 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H)

CVEID:CVE-2020-15214
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds write flaw in the TFLite implementation of segment sum. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition and memory corruption.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188973 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H)

CVEID:CVE-2020-15193
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a memory corruption in the implementation of dlpack.to_dlpack. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188922 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)

CVEID:CVE-2020-15210
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault and data corruption flaw when using an invalid TFLite model. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)

Affected Products and Versions

Remediation/Fixes

Fix is available on WMLServer 2.0.0.1 release .
Download WMLS from Passport Advantage: <https://www.ibm.com/support/pages/passport-advantage-and-passport-advantage-express&gt;

Workarounds and Mitigations

None