Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15210 (GCVE-0-2020-15210)
Vulnerability from cvelistv5 – Published: 2020-09-25 18:45 – Updated: 2024-08-04 13:08
VLAI?
EPSS
Summary
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - {"CWE-20":"Improper Input Validation"}
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 1.15.4
Affected: >= 2.0.0, < 2.0.3 Affected: >= 2.1.0, < 2.1.2 Affected: >= 2.2.0, < 2.2.1 Affected: >= 2.3.0, < 2.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"name": "openSUSE-SU-2020:1766",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "{\"CWE-20\":\"Improper Input Validation\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T15:06:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"name": "openSUSE-SU-2020:1766",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"source": {
"advisory": "GHSA-x9j7-x98r-r4w2",
"discovery": "UNKNOWN"
},
"title": "Segmentation fault in tensorflow-lite",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15210",
"STATE": "PUBLIC",
"TITLE": "Segmentation fault in tensorflow-lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 1.15.4"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"version_value": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"version_value": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-20\":\"Improper Input Validation\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
},
"source": {
"advisory": "GHSA-x9j7-x98r-r4w2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15210",
"datePublished": "2020-09-25T18:45:30",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\", \"versionEndExcluding\": \"1.15.4\", \"matchCriteriaId\": \"7A5421A9-693F-472A-9A21-43950C884C77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.0.3\", \"matchCriteriaId\": \"B0FEB74E-5E54-4A2F-910C-FA1812C73DB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\", \"versionStartIncluding\": \"2.1.0\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"47D83682-6615-49BC-8043-F36B9D017578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.2.1\", \"matchCriteriaId\": \"323B716A-E8F7-4CDA-B8FD-A56977D59C02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndExcluding\": \"2.3.1\", \"matchCriteriaId\": \"C09502A8-B667-4867-BEBD-40333E98A601\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"}, {\"lang\": \"es\", \"value\": \"En tensorflow-lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, si un modelo guardado de TFLite usa el mismo tensor como entrada y salida de un operador, entonces, dependiendo del operador, podemos observar un fallo de segmentaci\\u00f3n o solo una corrupci\\u00f3n de la memoria.\u0026#xa0;Hemos parcheado el problema en d58c96946b y publicaremos parches para todas las versiones entre 1.15 y 2.3.\u0026#xa0;Recomendamos a los usuarios que actualicen a TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1\"}]",
"id": "CVE-2020-15210",
"lastModified": "2024-11-21T05:05:05.720",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-09-25T19:15:16.307",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-15210\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-09-25T19:15:16.307\",\"lastModified\":\"2024-11-21T05:05:05.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"},{\"lang\":\"es\",\"value\":\"En tensorflow-lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, si un modelo guardado de TFLite usa el mismo tensor como entrada y salida de un operador, entonces, dependiendo del operador, podemos observar un fallo de segmentaci\u00f3n o solo una corrupci\u00f3n de la memoria.\u0026#xa0;Hemos parcheado el problema en d58c96946b y publicaremos parches para todas las versiones entre 1.15 y 2.3.\u0026#xa0;Recomendamos a los usuarios que actualicen a TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionEndExcluding\":\"1.15.4\",\"matchCriteriaId\":\"7A5421A9-693F-472A-9A21-43950C884C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.3\",\"matchCriteriaId\":\"B0FEB74E-5E54-4A2F-910C-FA1812C73DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"47D83682-6615-49BC-8043-F36B9D017578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.1\",\"matchCriteriaId\":\"323B716A-E8F7-4CDA-B8FD-A56977D59C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.1\",\"matchCriteriaId\":\"C09502A8-B667-4867-BEBD-40333E98A601\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
PYSEC-2020-133
Vulnerability from pysec - Published: 2020-09-25 19:15 - Updated: 2020-10-29 16:15
VLAI?
Details
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Impacted products
| Name | purl | tensorflow | pkg:pypi/tensorflow |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow",
"purl": "pkg:pypi/tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "d58c96946b2880991d63d1dacacb32f0a4dfa453"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.12.0rc0",
"0.12.0rc1",
"0.12.0",
"0.12.1",
"1.0.0",
"1.0.1",
"1.1.0rc0",
"1.1.0rc1",
"1.1.0rc2",
"1.1.0",
"1.2.0rc0",
"1.2.0rc1",
"1.2.0rc2",
"1.2.0",
"1.2.1",
"1.3.0rc0",
"1.3.0rc1",
"1.3.0rc2",
"1.3.0",
"1.4.0rc0",
"1.4.0rc1",
"1.4.0",
"1.4.1",
"1.5.0rc0",
"1.5.0rc1",
"1.5.0",
"1.5.1",
"1.6.0rc0",
"1.6.0rc1",
"1.6.0",
"1.7.0rc0",
"1.7.0rc1",
"1.7.0",
"1.7.1",
"1.8.0rc0",
"1.8.0rc1",
"1.8.0",
"1.9.0rc0",
"1.9.0rc1",
"1.9.0rc2",
"1.9.0",
"1.10.0rc0",
"1.10.0rc1",
"1.10.0",
"1.10.1",
"1.11.0rc0",
"1.11.0rc1",
"1.11.0rc2",
"1.11.0",
"1.12.0rc0",
"1.12.0rc1",
"1.12.0rc2",
"1.12.0",
"1.12.2",
"1.12.3",
"1.13.0rc0",
"1.13.0rc1",
"1.13.0rc2",
"1.13.1",
"1.13.2",
"1.14.0rc0",
"1.14.0rc1",
"1.14.0",
"1.15.0rc0",
"1.15.0rc1",
"1.15.0rc2",
"1.15.0rc3",
"1.15.0",
"1.15.2",
"1.15.3",
"2.0.0",
"2.0.1",
"2.0.2",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"details": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"id": "PYSEC-2020-133",
"modified": "2020-10-29T16:15:00Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
PYSEC-2020-325
Vulnerability from pysec - Published: 2020-09-25 19:15 - Updated: 2021-12-09 06:35
VLAI?
Details
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Impacted products
| Name | purl | tensorflow-gpu | pkg:pypi/tensorflow-gpu |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu",
"purl": "pkg:pypi/tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "d58c96946b2880991d63d1dacacb32f0a4dfa453"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.12.0",
"0.12.1",
"1.0.0",
"1.0.1",
"1.1.0",
"1.10.0",
"1.10.1",
"1.11.0",
"1.12.0",
"1.12.2",
"1.12.3",
"1.13.1",
"1.13.2",
"1.14.0",
"1.15.0",
"1.15.2",
"1.15.3",
"1.2.0",
"1.2.1",
"1.3.0",
"1.4.0",
"1.4.1",
"1.5.0",
"1.5.1",
"1.6.0",
"1.7.0",
"1.7.1",
"1.8.0",
"1.9.0",
"2.0.0",
"2.0.1",
"2.0.2",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"details": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"id": "PYSEC-2020-325",
"modified": "2021-12-09T06:35:15.211180Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
PYSEC-2020-290
Vulnerability from pysec - Published: 2020-09-25 19:15 - Updated: 2021-12-09 06:34
VLAI?
Details
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Impacted products
| Name | purl | tensorflow-cpu | pkg:pypi/tensorflow-cpu |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu",
"purl": "pkg:pypi/tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "d58c96946b2880991d63d1dacacb32f0a4dfa453"
}
],
"repo": "https://github.com/tensorflow/tensorflow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
},
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
},
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.15.0",
"2.1.0",
"2.1.1",
"2.2.0",
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"details": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"id": "PYSEC-2020-290",
"modified": "2021-12-09T06:34:43.437178Z",
"published": "2020-09-25T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"type": "ADVISORY",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
GHSA-X9J7-X98R-R4W2
Vulnerability from github – Published: 2020-09-25 18:28 – Updated: 2024-10-28 14:55
VLAI?
Summary
Segmentation fault in tensorflow-lite
Details
Impact
If a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
Patches
We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Workarounds
A potential workaround would be to add a custom Verifier to the model loading code to ensure that no operator reuses tensors as both inputs and outputs. Care should be taken to check all types of inputs (i.e., constant or variable tensors as well as optional tensors).
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been discovered from a variant analysis of GHSA-cvpc-8phh-8f45.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15210"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-25T18:15:49Z",
"nvd_published_at": "2020-09-25T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nIf a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.\n\n### Patches\nWe have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3.\n\nWe recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\n\n### Workarounds\nA potential workaround would be to add a custom `Verifier` to the model loading code to ensure that no operator reuses tensors as both inputs and outputs. Care should be taken to check all types of inputs (i.e., constant or variable tensors as well as optional tensors).\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been discovered from a variant analysis of [GHSA-cvpc-8phh-8f45](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45).",
"id": "GHSA-x9j7-x98r-r4w2",
"modified": "2024-10-28T14:55:40Z",
"published": "2020-09-25T18:28:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15210"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/094329d0dcb8290bed2b1ee420934971f422c86d"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1c8709b437fec10875b0cf271889afec9bbf582e"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/8c2092e9f9ef78b3f9060f8bf5ce7a49d1ccdc8f"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f4159ccef23d11eb58ee4263beaaeac1be3343c7"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f50a14b00560a383865c2273e4a9094add3888d5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-290.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-325.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-133.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Segmentation fault in tensorflow-lite"
}
FKIE_CVE-2020-15210
Vulnerability from fkie_nvd - Published: 2020-09-25 19:15 - Updated: 2024-11-21 05:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| tensorflow | * | ||
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "7A5421A9-693F-472A-9A21-43950C884C77",
"versionEndExcluding": "1.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "B0FEB74E-5E54-4A2F-910C-FA1812C73DB2",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "47D83682-6615-49BC-8043-F36B9D017578",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "323B716A-E8F7-4CDA-B8FD-A56977D59C02",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"matchCriteriaId": "C09502A8-B667-4867-BEBD-40333E98A601",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
},
{
"lang": "es",
"value": "En tensorflow-lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, si un modelo guardado de TFLite usa el mismo tensor como entrada y salida de un operador, entonces, dependiendo del operador, podemos observar un fallo de segmentaci\u00f3n o solo una corrupci\u00f3n de la memoria.\u0026#xa0;Hemos parcheado el problema en d58c96946b y publicaremos parches para todas las versiones entre 1.15 y 2.3.\u0026#xa0;Recomendamos a los usuarios que actualicen a TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1"
}
],
"id": "CVE-2020-15210",
"lastModified": "2024-11-21T05:05:05.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T19:15:16.307",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-15210
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15210",
"description": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"id": "GSD-2020-15210",
"references": [
"https://www.suse.com/security/cve/CVE-2020-15210.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15210"
],
"details": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"id": "GSD-2020-15210",
"modified": "2023-12-13T01:21:43.411128Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15210",
"STATE": "PUBLIC",
"TITLE": "Segmentation fault in tensorflow-lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 1.15.4"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.3"
},
{
"version_value": "\u003e= 2.1.0, \u003c 2.1.2"
},
{
"version_value": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.1"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-20\":\"Improper Input Validation\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
},
"source": {
"advisory": "GHSA-x9j7-x98r-r4w2",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2020-10-29",
"description": "If a `TFLite` saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.",
"fixed_versions": [
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15210",
"identifiers": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow-cpu",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15210"
],
"uuid": "844a7f93-f12a-4e95-89e6-135d8c4a0efa"
},
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2020-10-29",
"description": "If a `TFLite` saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.",
"fixed_versions": [
"1.15.4",
"2.0.3",
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15210",
"identifiers": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow-gpu",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15210"
],
"uuid": "a74c03ce-367a-478e-bafb-37d6c3003742"
},
{
"affected_range": "\u003c1.15.4||\u003e=2.0.0,\u003c2.0.3||\u003e=2.1.0,\u003c2.1.2||\u003e=2.2.0,\u003c2.2.1||\u003e=2.3.0,\u003c2.3.1",
"affected_versions": "All versions before 1.15.4, all versions starting from 2.0.0 before 2.0.3, all versions starting from 2.1.0 before 2.1.2, all versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-787",
"CWE-937"
],
"date": "2021-11-18",
"description": "If a `TFLite` saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.",
"fixed_versions": [
"1.15.4",
"2.0.3",
"2.1.2",
"2.2.1",
"2.3.1"
],
"identifier": "CVE-2020-15210",
"identifiers": [
"CVE-2020-15210",
"GHSA-x9j7-x98r-r4w2"
],
"not_impacted": "All versions starting from 1.15.4 before 2.0.0, all versions starting from 2.0.3 before 2.1.0, all versions starting from 2.1.2 before 2.2.0, all versions starting from 2.2.1 before 2.3.0, all versions starting from 2.3.1",
"package_slug": "pypi/tensorflow",
"pubdate": "2020-09-25",
"solution": "Upgrade to versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15210"
],
"uuid": "dc117ada-3519-425e-9878-beea0153972a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15210"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"name": "openSUSE-SU-2020:1766",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
}
},
"lastModifiedDate": "2021-11-18T17:27Z",
"publishedDate": "2020-09-25T19:15Z"
}
}
}
OPENSUSE-SU-2020:1766-1
Vulnerability from csaf_opensuse - Published: 2020-10-29 11:23 - Updated: 2020-10-29 11:23Summary
Security update for tensorflow2
Notes
Title of the patch
Security update for tensorflow2
Description of the patch
This update for tensorflow2 fixes the following issues:
- updated to 2.1.2 with following fixes (boo#1177022):
* Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
* Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
* Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
* Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
* Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
* Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
* Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
* Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
* Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
* Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
* Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
Patchnames
openSUSE-2020-1766
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tensorflow2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tensorflow2 fixes the following issues:\n\n- updated to 2.1.2 with following fixes (boo#1177022):\n * Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)\n * Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)\n * Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)\n * Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)\n * Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)\n * Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)\n * Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)\n * Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)\n * Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)\n * Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)\n * Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1766",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1766-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1766-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1766-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"
},
{
"category": "self",
"summary": "SUSE Bug 1173314",
"url": "https://bugzilla.suse.com/1173314"
},
{
"category": "self",
"summary": "SUSE Bug 1175099",
"url": "https://bugzilla.suse.com/1175099"
},
{
"category": "self",
"summary": "SUSE Bug 1175789",
"url": "https://bugzilla.suse.com/1175789"
},
{
"category": "self",
"summary": "SUSE Bug 1177022",
"url": "https://bugzilla.suse.com/1177022"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15190 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15191 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15192 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15193 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15194 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15195 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15202 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15203 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15204 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15205 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15206 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15207 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15208 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15209 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15210 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15211/"
}
],
"title": "Security update for tensorflow2",
"tracking": {
"current_release_date": "2020-10-29T11:23:39Z",
"generator": {
"date": "2020-10-29T11:23:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1766-1",
"initial_release_date": "2020-10-29T11:23:39Z",
"revision_history": [
{
"date": "2020-10-29T11:23:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"product_id": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
},
"product_reference": "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15190"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15190",
"url": "https://www.suse.com/security/cve/CVE-2020-15190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15190"
},
{
"cve": "CVE-2020-15191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15191"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15191",
"url": "https://www.suse.com/security/cve/CVE-2020-15191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15191"
},
{
"cve": "CVE-2020-15192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15192"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15192",
"url": "https://www.suse.com/security/cve/CVE-2020-15192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15192"
},
{
"cve": "CVE-2020-15193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15193"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15193",
"url": "https://www.suse.com/security/cve/CVE-2020-15193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15193"
},
{
"cve": "CVE-2020-15194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15194"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15194",
"url": "https://www.suse.com/security/cve/CVE-2020-15194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15194"
},
{
"cve": "CVE-2020-15195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15195"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15195",
"url": "https://www.suse.com/security/cve/CVE-2020-15195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15195"
},
{
"cve": "CVE-2020-15202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15202"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15202",
"url": "https://www.suse.com/security/cve/CVE-2020-15202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15202"
},
{
"cve": "CVE-2020-15203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15203"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15203",
"url": "https://www.suse.com/security/cve/CVE-2020-15203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15203"
},
{
"cve": "CVE-2020-15204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15204"
}
],
"notes": [
{
"category": "general",
"text": "In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx-\u003esession_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15204",
"url": "https://www.suse.com/security/cve/CVE-2020-15204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15204"
},
{
"cve": "CVE-2020-15205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15205"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15205",
"url": "https://www.suse.com/security/cve/CVE-2020-15205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "important"
}
],
"title": "CVE-2020-15205"
},
{
"cve": "CVE-2020-15206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15206"
}
],
"notes": [
{
"category": "general",
"text": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow\u0027s `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15206",
"url": "https://www.suse.com/security/cve/CVE-2020-15206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15206"
},
{
"cve": "CVE-2020-15207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15207"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python\u0027s indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15207",
"url": "https://www.suse.com/security/cve/CVE-2020-15207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "critical"
}
],
"title": "CVE-2020-15207"
},
{
"cve": "CVE-2020-15208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15208"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15208",
"url": "https://www.suse.com/security/cve/CVE-2020-15208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "important"
}
],
"title": "CVE-2020-15208"
},
{
"cve": "CVE-2020-15209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15209"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15209",
"url": "https://www.suse.com/security/cve/CVE-2020-15209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15209"
},
{
"cve": "CVE-2020-15210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15210"
}
],
"notes": [
{
"category": "general",
"text": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15210",
"url": "https://www.suse.com/security/cve/CVE-2020-15210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15210"
},
{
"cve": "CVE-2020-15211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15211"
}
],
"notes": [
{
"category": "general",
"text": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don\u0027t expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15211",
"url": "https://www.suse.com/security/cve/CVE-2020-15211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-29T11:23:39Z",
"details": "moderate"
}
],
"title": "CVE-2020-15211"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…