IBM Support

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow 

Security Bulletin


Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow .

Vulnerability Details

CVEID:   CVE-2020-26270
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a query-of-death flaw when running an LSTM/GRU model. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a CHECK failure when using the CUDA backend.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193281 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-26266
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw in Eigen types during code execution. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193277 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2020-26269
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the general implementation for matching filesystem paths to globbing pattern. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to causes the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193280 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-26268
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a modification of assumed-immutable data issue. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to causes a segmentation fault.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193279 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2020-26271
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an uninitialized memory access flaw while building the computation graph. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2020-26267
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw when validating the src_format and dst_format attributes by the tf.raw_ops.DataFormatVecPermute API. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the memory, or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193278 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-15265
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a segfault in tf.quantization.quantize_and_dequantize. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190507 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-15266
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a segfault in tf.image.crop_and_resize. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190506 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)Version(s)
ICP - Discovery2.0.0-2.2.0

Remediation/Fixes

Upgrade to IBM Watson Discovery 2.2.1

https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

08 Feb 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSCLA6","label":"Watson Discovery"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"2.0.0-2.2.0","Edition":""}]

Document Information

Modified date:
26 February 2021

Initial Publish date:
08 February 2021

UID

ibm16416135

Page Feedback