vulnerability
SUSE: CVE-2020-15204: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Sep 25, 2020 | May 27, 2021 | Oct 22, 2021 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Sep 25, 2020
Added
May 27, 2021
Modified
Oct 22, 2021
Description
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Solutions
suse-upgrade-libtensorflow2suse-upgrade-libtensorflow2-gnu-hpcsuse-upgrade-libtensorflow2-gnu-openmpi2-hpcsuse-upgrade-libtensorflow_cc2suse-upgrade-libtensorflow_cc2-gnu-hpcsuse-upgrade-libtensorflow_cc2-gnu-openmpi2-hpcsuse-upgrade-libtensorflow_framework2suse-upgrade-libtensorflow_framework2-gnu-hpcsuse-upgrade-libtensorflow_framework2-gnu-openmpi2-hpcsuse-upgrade-tensorflow2suse-upgrade-tensorflow2-develsuse-upgrade-tensorflow2-docsuse-upgrade-tensorflow2-gnu-hpcsuse-upgrade-tensorflow2-gnu-openmpi2-hpcsuse-upgrade-tensorflow2-litesuse-upgrade-tensorflow2-lite-develsuse-upgrade-tensorflow2_2_1_2-gnu-hpcsuse-upgrade-tensorflow2_2_1_2-gnu-hpc-develsuse-upgrade-tensorflow2_2_1_2-gnu-hpc-docsuse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpcsuse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpc-develsuse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpc-doc
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.