CVE-2020-15200: Segfault in Tensorflow
(updated )
The RaggedCountSparseOutput
implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits
tensor generate a valid partitioning of the values
tensor. Thus, the following code sets up conditions to cause a heap buffer overflow:
auto per_batch_counts = BatchedMap<W>(num_batches);
int batch_idx = 0;
for (int idx = 0; idx < num_values; ++idx) {
while (idx >= splits_values(batch_idx)) {
batch_idx++;
}
const auto& value = values_values(idx);
if (value >= 0 && (maxlength_ <= 0 || value < maxlength_)) {
per_batch_counts[batch_idx - 1][value] = 1;
}
}
A BatchedMap
is equivalent to a vector where each element is a hashmap. However, if the first element of splits_values
is not 0, batch_idx
will never be 1, hence there will be no hashmap at index 0 in per_batch_counts
. Trying to access that in the user code results in a segmentation fault.
References
- github.com/advisories/GHSA-x7rp-74x2-mjf3
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-280.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-315.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-123.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02
- github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3
- nvd.nist.gov/vuln/detail/CVE-2020-15200
Detect and mitigate CVE-2020-15200 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →