QID 981466
QID 981466: Python (pip) Security Update for tensorflow-gpu (GHSA-q8gv-q7wr-9jf8)
Security update has been released for tensorflow-gpu,tensorflow,tensorflow-cpu to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
In eager mode, TensorFlow does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/session_ops.cc#L45
In the above snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
- GHSA-q8gv-q7wr-9jf8 -
github.com/advisories/GHSA-q8gv-q7wr-9jf8
CVEs related to QID 981466
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-q8gv-q7wr-9jf8 | tensorflow |
|
|
| GHSA-q8gv-q7wr-9jf8 | tensorflow-cpu |
|
|
| GHSA-q8gv-q7wr-9jf8 | tensorflow-gpu |
|