Bug 1179944 (CVE-2020-26267) - VUL-1: CVE-2020-26267: tensorflow, tensorflow2: tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes leading to DoS if not a permutation
Summary: VUL-1: CVE-2020-26267: tensorflow, tensorflow2: tf.raw_ops.DataFormatVecPermu...
Status: RESOLVED FIXED
Alias: CVE-2020-26267
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P4 - Low : Minor (vote)
Target Milestone: ---
Assignee: Christian Goll
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/273148/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-11 10:31 UTC by Johannes Segitz
Modified: 2024-03-28 13:48 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2020-12-11 10:31:31 UTC 
CVE-2020-26267

In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does
not validate the src_format and dst_format attributes. The code assumes that
these two arguments define a permutation of NHWC. This can result in
uninitialized memory accesses, read outside of bounds and even crashes. This is
fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Leap and Factory affected 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26267
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26267
https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae
Comment 1 Christian Goll 2020-12-18 10:00:20 UTC 
SR#856850 to devel repo fixes this
Comment 2 Christian Goll 2024-03-28 13:48:49 UTC 
Tensorflow 2.7 is in factory (although doesn't build actually), so closing this one