CVE-2020-15204: NULL Pointer Dereference
(updated )
In eager mode, TensorFlow does not set the session state. Hence, calling tf.raw_ops.GetSessionHandle
or tf.raw_ops.GetSessionHandleV2
results in a null pointer dereference In linked snippet, in eager mode, ctx->session_state()
returns nullptr
. Since code immediately dereferences this, we get a segmentation fault.
References
Detect and mitigate CVE-2020-15204 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →