CVE-2020-26270
critical
CVSS v3
—
CVSS v2
—
VIR risk
9.5
Description
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-26270
Vendor advisory: arch — https://security.archlinux.org/ASA-202012-22
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 2.4.0-1 | |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | tensorflow-gpu | >=2.3.0,<2.3.2 | 2.3.2 |
| PyPI | tensorflow | <1.15.5 | 1.15.5 |
| PyPI | tensorflow | >=2.0.0,<2.0.4 | 2.0.4 |
| PyPI | tensorflow | >=2.1.0,<2.1.3 | 2.1.3 |
| PyPI | tensorflow | >=2.2.0,<2.2.2 | 2.2.2 |
| PyPI | tensorflow | >=2.3.0,<2.3.2 | 2.3.2 |
| PyPI | tensorflow-cpu | <1.15.5 | 1.15.5 |
| PyPI | tensorflow-cpu | >=2.0.0,<2.0.4 | 2.0.4 |
| PyPI | tensorflow-cpu | >=2.1.0,<2.1.3 | 2.1.3 |
| PyPI | tensorflow-cpu | >=2.2.0,<2.2.2 | 2.2.2 |
| PyPI | tensorflow-cpu | >=2.3.0,<2.3.2 | 2.3.2 |
| PyPI | tensorflow-gpu | <1.15.5 | 1.15.5 |
| PyPI | tensorflow-gpu | >=2.0.0,<2.0.4 | 2.0.4 |
| PyPI | tensorflow-gpu | >=2.1.0,<2.1.3 | 2.1.3 |
| PyPI | tensorflow-gpu | >=2.2.0,<2.2.2 | 2.2.2 |
| PyPI | tensorflow | <14755416e364f17fb1870882fa778c7fec7f16e3||>=2.3.0,<2.3.2 | 14755416e364f17fb1870882fa778c7fec7f16e3 |
| PyPI | tensorflow-cpu | <14755416e364f17fb1870882fa778c7fec7f16e3||>=2.3.0,<2.3.2 | 14755416e364f17fb1870882fa778c7fec7f16e3 |
| PyPI | tensorflow-gpu | <14755416e364f17fb1870882fa778c7fec7f16e3||>=2.3.0,<2.3.2 | 14755416e364f17fb1870882fa778c7fec7f16e3 |
References
- https://security.archlinux.org/ASA-202012-22
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp
- https://nvd.nist.gov/vuln/detail/CVE-2020-26270
- https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-301.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-336.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-256.yaml
- https://github.com/tensorflow/tensorflow
- https://security-tracker.debian.org/tracker/CVE-2020-26270
Verify integrity in audit chain (admin only). AS-IS.