CVE-2020-15209: Null pointer dereference in tensorflow-lite
(updated )
A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with nullptr:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L1224-L1227
However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.
References
- github.com/advisories/GHSA-qh32-6jjc-qprm
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-289.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-324.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-132.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8
- github.com/tensorflow/tensorflow/releases/tag/v2.3.1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm
- nvd.nist.gov/vuln/detail/CVE-2020-15209
Detect and mitigate CVE-2020-15209 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →