{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2020-15208","title":"Title"},{"category":"description","text":"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2020-15208","url":"https://www.suse.com/security/cve/CVE-2020-15208"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2020:1766-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"}],"title":"SUSE CVE CVE-2020-15208","tracking":{"current_release_date":"2025-03-15T09:51:39Z","generator":{"date":"2023-02-15T03:56:57Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2020-15208","initial_release_date":"2023-02-15T03:56:57Z","revision_history":[{"date":"2023-02-15T03:56:57Z","number":"2","summary":"Current version"},{"date":"2025-01-01T05:28:56Z","number":"3","summary":"Current version"},{"date":"2025-02-15T06:08:04Z","number":"4","summary":"Current version"},{"date":"2025-02-17T06:28:48Z","number":"5","summary":"Current version"},{"date":"2025-03-15T09:51:39Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"libtensorflow2-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow2-2.1.2-lp152.7.3.1","product_id":"libtensorflow2-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow2@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow2-gnu-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow2-gnu-openmpi2-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_cc2-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_cc2-2.1.2-lp152.7.3.1","product_id":"libtensorflow_cc2-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_cc2@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_cc2-gnu-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_cc2-gnu-openmpi2-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_framework2-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_framework2-2.1.2-lp152.7.3.1","product_id":"libtensorflow_framework2-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_framework2@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_framework2-gnu-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product":{"name":"libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_id":"libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/libtensorflow_framework2-gnu-openmpi2-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow-lite-2.9.1-1.1","product":{"name":"tensorflow-lite-2.9.1-1.1","product_id":"tensorflow-lite-2.9.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow-lite@2.9.1-1.1"}}},{"category":"product_version","name":"tensorflow-lite-devel-2.9.1-1.1","product":{"name":"tensorflow-lite-devel-2.9.1-1.1","product_id":"tensorflow-lite-devel-2.9.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow-lite-devel@2.9.1-1.1"}}},{"category":"product_version","name":"tensorflow2-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-2.1.2-lp152.7.3.1","product_id":"tensorflow2-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-devel-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-devel-2.1.2-lp152.7.3.1","product_id":"tensorflow2-devel-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-devel@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-doc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-doc-2.1.2-lp152.7.3.1","product_id":"tensorflow2-doc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-doc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product_id":"tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-gnu-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_id":"tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-gnu-openmpi2-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-lite-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-lite-2.1.2-lp152.7.3.1","product_id":"tensorflow2-lite-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-lite@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2-lite-devel-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2-lite-devel-2.1.2-lp152.7.3.1","product_id":"tensorflow2-lite-devel-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2-lite-devel@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-hpc-devel@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-hpc-doc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-openmpi2-hpc@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-openmpi2-hpc-devel@2.1.2-lp152.7.3.1"}}},{"category":"product_version","name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","product":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","product_id":"tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/tensorflow2_2_1_2-gnu-openmpi2-hpc-doc@2.1.2-lp152.7.3.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libtensorflow2-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow2-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_cc2-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_cc2-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_framework2-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_framework2-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1"},"product_reference":"libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-devel-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-devel-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-doc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-doc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-lite-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-lite-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2-lite-devel-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2-lite-devel-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1"},"product_reference":"tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"tensorflow-lite-2.9.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:tensorflow-lite-2.9.1-1.1"},"product_reference":"tensorflow-lite-2.9.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"tensorflow-lite-devel-2.9.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:tensorflow-lite-devel-2.9.1-1.1"},"product_reference":"tensorflow-lite-devel-2.9.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2020-15208","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-15208"}],"notes":[{"category":"general","text":"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Tumbleweed:tensorflow-lite-2.9.1-1.1","openSUSE Tumbleweed:tensorflow-lite-devel-2.9.1-1.1"]},"references":[{"category":"external","summary":"CVE-2020-15208","url":"https://www.suse.com/security/cve/CVE-2020-15208"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for openSUSE-SU-2020:1766-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNMEEN772D6LWSHNB64QFB5TB3CZZEF4/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Tumbleweed:tensorflow-lite-2.9.1-1.1","openSUSE Tumbleweed:tensorflow-lite-devel-2.9.1-1.1"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libtensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2-lite-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-devel-2.1.2-lp152.7.3.1","openSUSE Leap 15.2:tensorflow2_2_1_2-gnu-openmpi2-hpc-doc-2.1.2-lp152.7.3.1","openSUSE Tumbleweed:tensorflow-lite-2.9.1-1.1","openSUSE Tumbleweed:tensorflow-lite-devel-2.9.1-1.1"]}],"threats":[{"category":"impact","date":"2020-09-26T01:25:00Z","details":"important"}],"title":"CVE-2020-15208"}]}