Intel Optimization For Tensorflow vulnerabilities

CVE-2022-23567 [MEDIUM] CWE-190 Integer overflows in Tensorflow Integer overflows in Tensorflow ### Impact The [implementations of `Sparse*Cwise*` ops](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc) are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based

CVE-2022-23585 [MEDIUM] CWE-401 Memory leak in decoding PNG images Memory leak in decoding PNG images ### Impact When [decoding PNG images](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416) TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFree

CVE-2022-23589 [MEDIUM] CWE-476 Null pointer dereference in Grappler's `IsConstant` Null pointer dereference in Grappler's `IsConstant` ### Impact Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place): First, during [constant folding](https://github.com/tensorflow/tensorflow/bl

CVE-2022-23595 [MEDIUM] CWE-476 Null pointer dereference in TensorFlow Null pointer dereference in TensorFlow ### Impact When [building an XLA compilation cache](https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104), if default settings are used, TensorFlow triggers a null pointer dereference: ```cc string allowed_gpus = flr->config_proto()->gpu_options().visible_device_list(); ``` In the default scenario,

CVE-2022-23569 [MEDIUM] CWE-617 `CHECK`-fails when building invalid tensor shapes in Tensorflow `CHECK`-fails when building invalid tensor shapes in Tensorflow ### Impact Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (CVE-2021-41197) and has similar fixes. ### Patches We have patched t

CVE-2022-23590 [MEDIUM] CWE-754 Crash due to erroneous `StatusOr` in TensorFlow Crash due to erroneous `StatusOr` in TensorFlow ### Impact A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering [a `StatusOr` value that is an error and forcibly extracting the value from it](https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567): ```cc if (op_reg_da

CVE-2022-23568 [MEDIUM] CWE-190 Integer overflows in Tensorflow Integer overflows in Tensorflow ### Impact The [implementation of `AddManySparseToTensorsMap`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc) is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service): ```python import tensorflow as tf import nu

CVE-2022-23581 [MEDIUM] CWE-617 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow ### Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that [`IsSimplifiableReshape`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742) would trigger

CVE-2022-23580 [MEDIUM] CWE-1284 Abort caused by allocating a vector that is too large in Tensorflow Abort caused by allocating a vector that is too large in Tensorflow ### Impact During shape inference, TensorFlow can [allocate a large vector](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790) based on a value from a tensor controlled by the user: ```cc const auto num_dims = Value(shape_dim); std::vect

CVE-2021-41208 [CRITICAL] CWE-476 Incomplete validation in boosted trees code Incomplete validation in boosted trees code ### Impact The [code for boosted trees in TensorFlow](https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc) is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding re

CVE-2021-41211 [HIGH] CWE-125 Heap OOB in shape inference for `QuantizeV2` Heap OOB in shape inference for `QuantizeV2` ### Impact The [shape inference code for `QuantizeV2`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/framework/common_shape_fns.cc#L2509-L2530) can trigger a read outside of bounds of heap allocated array: ```python import tensorflow as tf @tf.function def test(): data=tf.raw_ops.QuantizeV2( input=[1.0,1.0], min_range=

CVE-2021-41221 [HIGH] CWE-120 Access to invalid memory during shape inference in `Cudnn*` ops Access to invalid memory during shape inference in `Cudnn*` ops ### Impact The [shape inference code](https://github.com/tensorflow/tensorflow/blob/9ff27787893f76d6971dcd1552eb5270d254f31b/tensorflow/core/ops/cudnn_rnn_ops.cc) for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: ```python import tensorflow as tf @tf.function def func(): r

CVE-2021-41201 [HIGH] CWE-824 Unitialized access in `EinsumHelper::ParseEquation` Unitialized access in `EinsumHelper::ParseEquation` ### Impact During execution, [`EinsumHelper::ParseEquation()`](https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/linalg/einsum_op_impl.h#L126-L181) is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding in

CVE-2021-41214 [HIGH] CWE-824 Reference binding to `nullptr` in `tf.ragged.cross` Reference binding to `nullptr` in `tf.ragged.cross` ### Impact The [shape inference code for `tf.ragged.cross`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/ops/ragged_array_ops.cc#L64) has an undefined behavior due to binding a reference to `nullptr`. In the following scenario, this results in a crash: ```python import tensorflow as tf @tf.function def t

CVE-2021-41210 [HIGH] CWE-125 Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` ### Impact The [shape inference functions for `SparseCountSparseOutput`](https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/ops/count_ops.cc#L43-L50) can trigger a read outside of bounds of heap allocated array: ```python import tensorflow as tf @tf.function def func(): return tf.raw_ops.SparseCountSparseO

CVE-2021-41220 [HIGH] CWE-416 Use after free / memory leak in `CollectiveReduceV2` Use after free / memory leak in `CollectiveReduceV2` ### Impact The [async implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/collective_ops.cc#L604-L615) of `CollectiveReduceV2` suffers from a memory leak and a use after free: ```python import tensorflow as tf tf.raw_ops.CollectiveReduceV2( input=[], group_size=[-10, -10, -10], group_k

CVE-2021-41219 [HIGH] CWE-125 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication Undefined behavior via `nullptr` reference binding in sparse matrix multiplication ### Impact The [code for sparse matrix multiplication](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/sparse_matmul_op.cc#L954-L1086) is vulnerable to undefined behavior via binding a reference to `nullptr`: ```python import tensorflow as

CVE-2021-41203 [HIGH] CWE-190 Missing validation during checkpoint loading Missing validation during checkpoint loading ### Impact An attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. ### Patches We have patched the issue in GitHub commits [b619c6f865715ca3b15ef1842b5b95edbaa710ad](h

CVE-2021-41212 [HIGH] CWE-125 Heap OOB read in `tf.ragged.cross` Heap OOB read in `tf.ragged.cross` ### Impact The [shape inference code for `tf.ragged.cross`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/ops/ragged_array_ops.cc#L64) can trigger a read outside of bounds of heap allocated array: ```python import tensorflow as tf @tf.function def test(): y = tf.raw_ops.RaggedCross(ragged_values=[], ragged_row_splits=[], sparse_indices=[[

CVE-2021-41206 [HIGH] CWE-354 Incomplete validation of shapes in multiple TF ops Incomplete validation of shapes in multiple TF ops ### Impact Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tool