Intel Optimization For Tensorflow vulnerabilities

CVE-2021-37679 [HIGH] CWE-125 Heap OOB in nested `tf.map_fn` with `RaggedTensor`s Heap OOB in nested `tf.map_fn` with `RaggedTensor`s ### Impact It is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap: ```python import tensorflow as tf x = tf.ragged.constant([[1,2,3], [4,

CVE-2021-37655 [HIGH] CWE-125 Heap OOB in `ResourceScatterUpdate` Heap OOB in `ResourceScatterUpdate` ### Impact An attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`: ```python import tensorflow as tf v = tf.Variable([b'vvv']) tf.raw_ops.ResourceScatterUpdate( resource=v.handle, indices=[0], updates=['1', '2', '3', '4', '5']) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa

CVE-2021-37666 [HIGH] CWE-824 Reference binding to nullptr in `RaggedTensorToVariant` Reference binding to nullptr in `RaggedTensorToVariant` ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`: ```python import tensorflow as tf tf.raw_ops.RaggedTensorToVariant( rt_nested_splits=[], rt_dense_values=[1,2,3], batched_input=True) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb

CVE-2021-37635 [HIGH] CWE-125 Heap out of bounds access in sparse reduction operations Heap out of bounds access in sparse reduction operations ### Impact The implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data: ```python import tensorflow as tf x = tf.SparseTensor( indices=[[773, 773, 773], [773, 773, 773]], values=[1, 1], dense_shape=[337, 337, 337]) tf.sparse.reduce_sum(x, 1) ``` The [implementation](https://github.com/

CVE-2021-37637 [HIGH] CWE-476 Null pointer dereference in `CompressElement` Null pointer dereference in `CompressElement` ### Impact It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`: ```python import tensorflow as tf tf.raw_ops.CompressElement(components=[[]]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34

CVE-2021-37674 [HIGH] CWE-1284 Incomplete validation in `MaxPoolGrad` Incomplete validation in `MaxPoolGrad` ### Impact An attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation: ```python import tensorflow as tf tf.raw_ops.MaxPoolGrad( orig_input = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32), orig_output = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32), grad = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.flo

CVE-2021-37667 [HIGH] CWE-824 Reference binding to nullptr in unicode encoding Reference binding to nullptr in unicode encoding ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`: ```python import tensorflow as tf from tensorflow.python.ops import gen_string_ops gen_string_ops.unicode_encode( input_values=[], input_splits=[], output_encoding='UTF-8', errors='ignore', replacement_char='a') ``` The [implementation](https://

CVE-2021-37647 [HIGH] CWE-476 Null pointer dereference in `SparseTensorSliceDataset` Null pointer dereference in `SparseTensorSliceDataset` ### Impact When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer: ```python import tensorflow as tf tf.raw_ops.SparseTensorSliceDataset( indices=[[],[],[]], values=[1,2,3], dense_shape=[3,3]) ``` The [implementation](https://github.com/ten

CVE-2021-37659 [HIGH] CWE-125 Reference binding to nullptr and heap OOB in binary cwise ops Reference binding to nullptr and heap OOB in binary cwise ops ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations): ```python import tensorflow as tf tf.raw_ops.SqrtGrad(y=[4, 16],dy=[]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob

CVE-2021-37663 [HIGH] CWE-20 Incomplete validation in `QuantizeV2` Incomplete validation in `QuantizeV2` ### Impact Due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays: ```python import tensorflow as tf tf.raw_ops.QuantizeV2( input=[1,2,3], min_range=[1,2], max_range=[], T=tf.qint32, mode='SCALED', round_mode='HALF_AWAY_FROM_ZERO', narrow_ran

CVE-2021-37658 [MEDIUM] CWE-824 Reference binding to nullptr in `MatrixSetDiagV*` ops Reference binding to nullptr in `MatrixSetDiagV*` ops ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`: ```python import tensorflow as tf tf.raw_ops.MatrixSetDiagV3( input=[1,2,3], diagonal=[1,1], k=[], align='RIGHT_LEFT') ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975e

CVE-2021-37691 [MEDIUM] CWE-369 FPE in LSH in TFLite FPE in LSH in TFLite ### Impact An attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). ```cc int RunningSignBit(const TfLiteTensor* input, const TfLiteTensor* weight, float seed) { int input_item_bytes = input->bytes / SizeOfDimension(input, 0); // ... } ```

CVE-2021-37682 [MEDIUM] CWE-908 Use of unitialized value in TFLite Use of unitialized value in TFLite ### Impact All TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200): ```cc const auto* affine_quantization = reinterpret_cast( filter->quantization.params); ``` The issue stems from the fact that `quantization.param

CVE-2021-37672 [MEDIUM] CWE-125 Heap OOB in `SdcaOptimizerV2` Heap OOB in `SdcaOptimizerV2` ### Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`: ```python import tensorflow as tf tf.raw_ops.SdcaOptimizerV2( sparse_example_indices=[[1]], sparse_feature_indices=[[1]], sparse_feature_values=[[1.0,2.0]], dense_features=[[1.0]], example_weights=[1.0], example_labels=[], sparse_indices=[1], spar

CVE-2021-37687 [MEDIUM] CWE-125 Heap OOB in TFLite's `Gather*` implementations Heap OOB in TFLite's `Gather*` implementations ### Impact TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in `indi

CVE-2021-37662 [MEDIUM] CWE-824 Reference binding to nullptr in boosted trees Reference binding to nullptr in boosted trees ### Impact An attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature`: ```python import tensorflow as tf tf.raw_ops.BoostedTreesCalculateBestGainsPerFeature( node_id_range=[], stats_summary_list=[[1,2,3]], l1=[1.0], l2=[1.0], tree_complexity =[1.0], min_node_weight =[1.17], max_splits=5) ``` A similar att

CVE-2021-37686 [MEDIUM] CWE-835 Infinite loop in TFLite Infinite loop in TFLite ### Impact The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122): ```cc for (int i = 0; i params->ellipsis_mask) { // ... int ellipsis_end_id

CVE-2021-37657 [MEDIUM] CWE-824 Reference binding to nullptr in `MatrixDiagV*` ops Reference binding to nullptr in `MatrixDiagV*` ops ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`: ```python import tensorflow as tf tf.raw_ops.MatrixDiagV3( diagonal=[1,0], k=[], num_rows=[1,2,3], num_cols=[4,5], padding_value=[], align='RIGHT_RIGHT') ``` The [implementation](https://github.com/tensorflow/tensorfl

CVE-2021-37636 [MEDIUM] CWE-369 Floating point exception in `SparseDenseCwiseDiv` Floating point exception in `SparseDenseCwiseDiv` ### Impact The implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error: ```python import tensorflow as tf import numpy as np tf.raw_ops.SparseDenseCwiseDiv( sp_indices=np.array([[4]]), sp_values=np.array([-400]), sp_shape=np.array([647.]), dense=np.array([0])) ``` The [implementation](https://github.com/tensorflow/tensorflow/blo

CVE-2021-37640 [MEDIUM] CWE-369 Integer division by 0 in sparse reshaping Integer division by 0 in sparse reshaping ### Impact The implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception: ```python import tensorflow as tf tf.raw_ops.SparseReshape( input_indices = np.ones((1,3)), input_shape = np.array([1,1,0]), new_shape = np.array([1,0])) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f