IBM Support

Security Bulletin: Tensor Flow security vulnerabilities with segmentation fault on IBM Watson Machine Learning on CP4D

Security Bulletin


Summary

TensorFlow is vulnerable to a denial of service and segmentation fault on IBM Watson Machine Learning on CP4D

Vulnerability Details

CVEID:   CVE-2020-5215
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string (from Python) to a tf.float16 value. By sending a specially-crafted string, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175440 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Watson Machine Learning on CP4D2.5

Remediation/Fixes

Fix is available on IBM Watson Machine Learning on CP4D 3.0 and CPD 3.5
Patches are available here : https://www.ibm.com/support/pages/node/5693732

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

21 Apr 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCNDT","label":"IBM Watson Machine Learning Service"},"Component":"WML","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF040","label":"RedHat OpenShift"}],"Version":"3.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
03 May 2021

Initial Publish date:
21 April 2021

UID

ibm16449290