CVE-2020-15206: Denial of Service in Tensorflow
First published: Fri Sep 25 2020(Updated: )
### Impact Changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. We have added fixes to this in f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. ### Patches We have patched the issue in adf095206f25471e864a8e63a0f1caef53a0e3a6 and will release patch releases for all versions between 1.15 and 2.3. Patch releases for versions between 1.15 and 2.1 will also contain cherry-picks of f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Shuaike Dong, from Alipay Tian Qian Security Lab && Lab for Applied Security Research, CUHK.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/tensorflow-gpu | =2.3.0 | 2.3.1 |
| pip/tensorflow-gpu | =2.2.0 | 2.2.1 |
| pip/tensorflow-gpu | >=2.1.0<2.1.2 | 2.1.2 |
| pip/tensorflow-gpu | >=2.0.0<2.0.3 | 2.0.3 |
| pip/tensorflow-gpu | <1.15.4 | 1.15.4 |
| pip/tensorflow-cpu | =2.3.0 | 2.3.1 |
| pip/tensorflow-cpu | =2.2.0 | 2.2.1 |
| pip/tensorflow-cpu | >=2.1.0<2.1.2 | 2.1.2 |
| pip/tensorflow-cpu | >=2.0.0<2.0.3 | 2.0.3 |
| pip/tensorflow-cpu | <1.15.4 | 1.15.4 |
| pip/tensorflow | =2.3.0 | 2.3.1 |
| pip/tensorflow | =2.2.0 | 2.2.1 |
| pip/tensorflow | >=2.1.0<2.1.2 | 2.1.2 |
| pip/tensorflow | >=2.0.0<2.0.3 | 2.0.3 |
| pip/tensorflow | <1.15.4 | 1.15.4 |
| TensorFlow Keras | <1.15.4 | |
| TensorFlow Keras | >=2.0.0<2.0.3 | |
| TensorFlow Keras | >=2.1.0<2.1.2 | |
| TensorFlow Keras | >=2.2.0<2.2.1 | |
| TensorFlow Keras | >=2.3.0<2.3.1 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
- https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6
- https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w5gh-2wr2-pm6g
- https://github.com/tensorflow/tensorflow/commit/f760f88b4267d981e13f4b302c437ae800445968
- https://github.com/tensorflow/tensorflow/commit/fcfef195637c6e365577829c4d67681695956e7d
- https://nvd.nist.gov/vuln/detail/CVE-2020-15206
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-286.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-321.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-129.yaml
- https://github.com/advisories/GHSA-w5gh-2wr2-pm6g (Advisory)
Frequently Asked Questions
What is the severity of CVE-2020-15206?
CVE-2020-15206 has a medium severity level due to potential denial of service conditions caused by segmentation faults and data corruption in TensorFlow models.
How do I fix CVE-2020-15206?
To fix CVE-2020-15206, upgrade TensorFlow to version 2.3.1 or later, or apply patches if available.
What products are affected by CVE-2020-15206?
CVE-2020-15206 affects TensorFlow versions 2.3.0, 2.2.0, 2.1.0 through 2.1.2, 2.0.0 through 2.0.3, and 1.15.4 and earlier.
What kind of vulnerabilities does CVE-2020-15206 introduce?
CVE-2020-15206 can lead to segmentation faults and data corruption when using modified TensorFlow models, impacting stability.
Is CVE-2020-15206 specific to certain platforms?
CVE-2020-15206 is associated with TensorFlow but is not limited to specific operating systems, as it is relevant across various environments using TensorFlow.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/severity
- agent/weakness
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-w5gh-2wr2-pm6g
- alias/CVE-2020-15206
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/github-advisory
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/pip
- vendor/google
- canonical/tensorflow keras
- version/tensorflow keras/2.0.0
- version/tensorflow keras/2.1.0
- version/tensorflow keras/2.2.0
- version/tensorflow keras/2.3.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.2