Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2020-15208: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

SUSE: CVE-2020-15208: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/25/2020
Created
05/22/2021
Added
05/20/2021
Modified
10/22/2021

Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Solution(s)

  • suse-upgrade-libtensorflow2
  • suse-upgrade-libtensorflow2-gnu-hpc
  • suse-upgrade-libtensorflow2-gnu-openmpi2-hpc
  • suse-upgrade-libtensorflow_cc2
  • suse-upgrade-libtensorflow_cc2-gnu-hpc
  • suse-upgrade-libtensorflow_cc2-gnu-openmpi2-hpc
  • suse-upgrade-libtensorflow_framework2
  • suse-upgrade-libtensorflow_framework2-gnu-hpc
  • suse-upgrade-libtensorflow_framework2-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2
  • suse-upgrade-tensorflow2-devel
  • suse-upgrade-tensorflow2-doc
  • suse-upgrade-tensorflow2-gnu-hpc
  • suse-upgrade-tensorflow2-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2-lite
  • suse-upgrade-tensorflow2-lite-devel
  • suse-upgrade-tensorflow2_2_1_2-gnu-hpc
  • suse-upgrade-tensorflow2_2_1_2-gnu-hpc-devel
  • suse-upgrade-tensorflow2_2_1_2-gnu-hpc-doc
  • suse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpc-devel
  • suse-upgrade-tensorflow2_2_1_2-gnu-openmpi2-hpc-doc

References

  • CVE-2020-15208

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;