Upstream information
Description
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5.5 |
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | Partial |
| National Vulnerability Database | |
|---|---|
| Base Score | 7.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | High |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2020:1766-1, published Thu Dec 7 12:55:41 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Leap 15.2 |
| Patchnames: openSUSE-2020-1766 |
SUSE Timeline for this CVE
CVE page created: Sat Sep 26 03:24:41 2020CVE page last modified: Thu Dec 7 13:28:23 2023