Headline
CVE-2020-15192: Build software better, together
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.to_dlpack
there is a memory leak following an expected validation failure. The issue occurs because the status
argument during validation failures is not properly checked. Since each of the above methods can return an error status, the status
value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
Related news
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.