Lucene search
PRIOn knowledge basePRION:CVE-2020-15193HistorySep 25, 2020 - 7:15 p.m.
Memory corruption
2020-09-2519:15:00
PRIOn knowledge base
www.prio-n.com
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 2.2.0 | |
| tensorflow | eq | 2.3.0 | |
| leap | eq | 15.2 |
Related
cvelist
cvelist
CVE-2020-15193 Memory corruption in Tensorflow
2020-09-25 18:40:51
osv
osv
CVE-2020-15193
2020-09-25 19:15:14
PYSEC-2020-273
2020-09-25 19:15:00
Memory corruption in Tensorflow
2020-09-25 18:28:27
veracode
veracode
Arbitrary Code Execution
2020-09-28 02:05:10
nvd
nvd
CVE-2020-15193
2020-09-25 19:15:14
cve
cve
CVE-2020-15193
2020-09-25 19:15:14
github
github
Memory corruption in Tensorflow
2020-09-25 18:28:27
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
