CVE-2020-5215: Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
(updated )
Converting a string (from Python) to a tf.float16
value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode.
This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16
value.
Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16
value with a scalar string will trigger this issue due to automatic conversions.
This can be easily reproduced by tf.constant("hello", tf.float16)
, if eager execution is enabled.
References
- github.com/advisories/GHSA-977j-xj7q-2jr9
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-303.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-338.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-258.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf
- github.com/tensorflow/tensorflow/releases/tag/v1.15.2
- github.com/tensorflow/tensorflow/releases/tag/v2.0.1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9
- nvd.nist.gov/vuln/detail/CVE-2020-5215
Detect and mitigate CVE-2020-5215 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →