Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2020-15204

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.raw_ops.GetSessionHandle or tf.raw_ops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx->session_state() returns nullptr. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
google / tensorflow - 1.15.4
google / tensorflow 2.0.0 2.0.3
google / tensorflow 2.1.0 2.1.2
google / tensorflow 2.2.0 2.2.1
google / tensorflow 2.3.0 2.3.1
opensuse / leap 15.2 15.2.x
Python icon tensorflow - 1.15.4
Python icon tensorflow 2.0.0 2.0.3
Python icon tensorflow 2.1.0 2.1.2
Python icon tensorflow 2.2.0 2.2.0.x
Python icon tensorflow 2.2.0 2.2.1
Python icon tensorflow 2.3.0 2.3.0.x
Python icon tensorflow 2.3.0 2.3.1
Python icon tensorflow-cpu - 1.15.4
Python icon tensorflow-cpu 2.0.0 2.0.3
Python icon tensorflow-cpu 2.1.0 2.1.2
Python icon tensorflow-cpu 2.2.0 2.2.0.x
Python icon tensorflow-cpu 2.2.0 2.2.1
Python icon tensorflow-cpu 2.3.0 2.3.0.x
Python icon tensorflow-cpu 2.3.0 2.3.1
Python icon tensorflow-gpu - 1.15.4
Python icon tensorflow-gpu 2.0.0 2.0.3
Python icon tensorflow-gpu 2.1.0 2.1.2
Python icon tensorflow-gpu 2.2.0 2.2.0.x
Python icon tensorflow-gpu 2.2.0 2.2.1
Python icon tensorflow-gpu 2.3.0 2.3.0.x
Python icon tensorflow-gpu 2.3.0 2.3.1