CVE-2020-15208: Data corruption in tensorflow-lite
(updated )
When determining the common dimension size of two tensors, TFLite uses a DCHECK
which is no-op outside of debug compilation modes:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.h#L437-L442
Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors.
References
- github.com/advisories/GHSA-mxjj-953w-2c2v
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-288.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-323.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-131.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d
- github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-mxjj-953w-2c2v
- nvd.nist.gov/vuln/detail/CVE-2020-15208
Detect and mitigate CVE-2020-15208 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →