ID CVE-2020-26266
Summary In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
References
Vulnerable Configurations
  • cpe:2.3:a:google:tensorflow:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.8.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.8.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.8.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.8.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.9.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.9.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.10.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.10.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.11.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.11.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.11.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.11.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.11.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.11.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.12.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.12.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.12.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.12.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:0.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.2.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.2.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.3.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.3.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.4.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.4.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.5.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.5.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.6.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.6.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.7.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.7.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.8.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.8.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.8.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.8.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.8.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.8.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.9.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.9.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.9.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.9.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.9.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.9.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.10.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.10.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.10.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.10.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.11.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.11.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.11.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.11.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.11.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.11.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.13.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.13.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.13.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.13.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.14.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.14.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.14.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.14.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:1.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:1.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:alpha0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:alpha0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:beta0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 14-12-2020 - 17:54)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2
misc https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2
Last major update 14-12-2020 - 17:54
Published 10-12-2020 - 23:15
Last modified 14-12-2020 - 17:54
Back to Top