Home > Vulnerability Database > CVE-2020-26268

Mend.io Vulnerability Database

CVE-2020-26268

Date: December 10, 2020

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Language: C++

Severity Score

4.4

Related Resources (4)

Url: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6

Url: https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-26268

Url: https://www.mend.io/vulnerability-database/CVE-2020-26268

Severity Score

4.4

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-26268

Date: December 10, 2020

Language: C++

Severity Score

Related Resources (4)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?