CVE-2020-15193:TensorFlow before versions 2.2.1 and 2.3.1 contains a vulnerability in the `dlpack.to_dlpack` implementation where passing a Python object instead of a tensor can lead to uninitialized memory usage and memory corruption.

splash
Back

Description Preview

In TensorFlow versions prior to 2.2.1 and 2.3.1, a vulnerability exists in the `dlpack.to_dlpack` implementation. The pybind11 glue code incorrectly assumes that the argument passed to this function is always a tensor. However, there is no validation to prevent users from passing a Python object instead. When a non-tensor Python object is passed, a `reinterpret_cast` operation causes the code to use uninitialized memory, which can result in memory corruption. This occurs because when a regular Python object is passed, the cast to `EagerTensor` fails, leading to undefined behavior. This vulnerability is classified as CWE-908 (Use of Uninitialized Resource).

Overview

The vulnerability in TensorFlow's dlpack.to_dlpack implementation stems from improper type checking in the pybind11 interface layer. When users pass a Python object that is not a TensorFlow tensor to this function, the code attempts to reinterpret_cast the object to an EagerTensor type. This cast fails silently, resulting in the use of uninitialized memory. Such uninitialized memory access can lead to memory corruption, potentially allowing attackers to execute arbitrary code, cause denial of service, or access sensitive information depending on the context in which TensorFlow is running.

Remediation

Users should upgrade to TensorFlow version 2.2.1, 2.3.1, or later to address this vulnerability. The issue was fixed in commit 22e07fb204386768e5bcbea563641ea11f96ceb8, which has been incorporated into the mentioned releases. If upgrading is not immediately possible, users should ensure that only proper tensor objects are passed to the dlpack.to_dlpack function and implement additional validation in their code to prevent passing incorrect object types.

For openSUSE users, apply the security update referenced in openSUSE-SU-2020:1766.

References

  1. GitHub commit with fix: https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8
  2. TensorFlow release with fix: https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
  3. GitHub security advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v
  4. openSUSE security announcement: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Finance and Insurance
    Finance and Insurance
  2. Manufacturing
    Manufacturing
  3. Retail Trade
    Retail Trade
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Management of Companies & Enterprises
    Management of Companies & Enterprises
  6. Accommodation & Food Services
    Accommodation & Food Services
  7. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  8. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  9. Construction
    Construction
  10. Educational Services
    Educational Services
  11. Health Care & Social Assistance
    Health Care & Social Assistance
  12. Information
    Information
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Public Administration
    Public Administration
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database