Intel Optimization For Tensorflow vulnerabilities

CVE-2021-37684 [MEDIUM] CWE-369 FPE in TFLite pooling operations FPE in TFLite pooling operations ### Impact The implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. ### Patches We have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695). The fix will be included in TensorFlow 2.6.0. We will also cherrypick

CVE-2021-29591 [HIGH] CWE-674 Stack overflow due to looping TFLite subgraph Stack overflow due to looping TFLite subgraph ### Impact TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For example, the [`While` implementation](https://github.com/tensorflow/tensorflow

CVE-2021-29605 [MEDIUM] CWE-190 Integer overflow in TFLite memory allocation Integer overflow in TFLite memory allocation ### Impact The TFLite code for allocating `TFLiteIntArray`s is [vulnerable to an integer overflow issue](https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.c#L24-L27): ```cc int TfLiteIntArrayGetSizeInBytes(int size) { static TfLiteIntArray dummy; return sizeof(dummy) + sizeof(dummy.data[0]) * size; } ``` An atta

CVE-2021-29601 [MEDIUM] CWE-190 Integer overflow in TFLite concatentation Integer overflow in TFLite concatentation ### Impact The TFLite implementation of concatenation is [vulnerable to an integer overflow issue](https://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.cc#L70-L76): ```cc for (int d = 0; d dims->size; ++d) { if (d == axis) { sum_axis += t->dims->data[axis]; } else { TF_LITE_ENSURE_EQ(context, t->dims->data[d]

CVE-2021-29592 [MEDIUM] CWE-476 Null pointer dereference in TFLite's `Reshape` operator Null pointer dereference in TFLite's `Reshape` operator ### Impact The fix for [CVE-2020-15209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the [fix for the vulnerability](https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/s

CVE-2021-29606 [MEDIUM] CWE-125 Heap OOB read in TFLite Heap OOB read in TFLite ### Impact A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of [`Split_V`](https://github.com/tensorflow/tensorflow/blob/c59c37e7b2d563967da813fa50fe20b21f4da683/tensorflow/lite/kernels/split_v.cc#L99): ```cc const int input_size = SizeOfDimension(input, axis_value); ``` If `axis_value` is not a value between 0 and `NumDimensions(input)`, then the [`SizeOfDimension` f

CVE-2021-29614 [MEDIUM] CWE-665 Interpreter crash from `tf.io.decode_raw` Interpreter crash from `tf.io.decode_raw` ### Impact The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. ```python import tensorflow as tf tf.io.decode_raw(tf.constant(["1","2","3","4"]), tf.uint16, fixed_length=4) ``` The [implementation of the padded version](https://github.com/tensorflow/tensorflow/blob/1d8903e5b167

CVE-2021-29608 [MEDIUM] CWE-131 Heap OOB and null pointer dereference in `RaggedTensorToTensor` Heap OOB and null pointer dereference in `RaggedTensorToTensor` ### Impact Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments are empty: ```python import tensorflow as tf shape = tf.constant([-1, -1], shape=[2], dtype=tf.int64) values = tf.constant([], shape=[0], dtype=tf.int64) default_value = tf.constant(404, dtype=tf.i

CVE-2021-29609 [MEDIUM] CWE-665 Incomplete validation in `SparseAdd` Incomplete validation in `SparseAdd` ### Impact Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data: ```python import tensorflow as tf a_indices = tf.zeros([10, 97], dtype=tf.int64) a_values = tf.zeros([10], dtype=tf.int64) a_shape = tf.zeros([0], dtype=tf.int64) b_indices = tf.zeros([0, 0], d

CVE-2021-29613 [MEDIUM] CWE-125 Incomplete validation in `tf.raw_ops.CTCLoss` Incomplete validation in `tf.raw_ops.CTCLoss` ### Impact Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap: ```python import tensorflow as tf inputs = tf.constant([], shape=[10, 16, 0], dtype=tf.float32) labels_indices = tf.constant([], shape=[8, 0], dtype=tf.int64) labels_values = tf.constant([-100] * 8, shape=[8], dtype=tf.int32) sequence_length = tf.constant([-100]

CVE-2021-29521 [LOW] CWE-131 Segfault in SparseCountSparseOutput Segfault in SparseCountSparseOutput ### Impact Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from the standard library as `std::vector` invariants are broken. ```python import tensorflow as tf indices = tf.constant([], shape=[0, 0], dtype=tf.int64) values = tf.constant([], shape=[0, 0], dtype=tf.int64) dense_shape = tf.constant([-100, -100, -100], shape

CVE-2021-29539 [LOW] CWE-681 Segfault in tf.raw_ops.ImmutableConst Segfault in tf.raw_ops.ImmutableConst ### Impact Calling [`tf.raw_ops.ImmutableConst`](https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. ```python >>> import tensorflow as tf >>> tf.raw_ops.ImmutableConst(dtype=tf.resource, shape=[], memory_region_name="/tmp/t

CVE-2021-29581 [LOW] CWE-908 Segfault in `CTCBeamSearchDecoder` Segfault in `CTCBeamSearchDecoder` ### Impact Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults: ```python import tensorflow as tf inputs = tf.constant([], shape=[18, 8, 0], dtype=tf.float32) sequence_length = tf.constant([11, -43, -92, 11, -89, -83, -35, -100], shape=[8], dtype=tf.int32) beam_width = 10 top_paths = 3 merge_repeated = True tf.raw_ops

CVE-2021-29604 [LOW] CWE-369 Division by zero in TFLite's implementation of hashtable lookup Division by zero in TFLite's implementation of hashtable lookup ### Impact The TFLite implementation of hashtable lookup is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115): ```cc const int num_rows = SizeOfDimension(value, 0); const int row_bytes = value->bytes / num_ro

CVE-2021-29541 [LOW] CWE-476 Null pointer dereference in `StringNGrams` Null pointer dereference in `StringNGrams` ### Impact An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`: ```python import tensorflow as tf data=tf.constant([''] * 11, shape=[11], dtype=tf.string) splits = [0]*115 splits.append(3) data_splits=tf.constant(splits, shape=[116], dtype=tf.int64) tf.raw_ops.StringNGrams(data=data, data_splits=data_splits, separator=b'Ss', ngram_widths=[7,6,11

CVE-2021-29599 [LOW] CWE-369 Division by zero in TFLite's implementation of Split Division by zero in TFLite's implementation of Split ### Impact The implementation of the `Split` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.cc#L63-L65): ```cc TF_LITE_ENSURE_MSG(context, input_size % num_splits == 0, "Not an even split"); const int slice_size = input_size / num_sp

CVE-2021-29611 [LOW] CWE-20 Incomplete validation in `SparseReshape` Incomplete validation in `SparseReshape` ### Impact Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. ```python import tensorflow as tf input_indices = tf.constant(41, shape=[1, 1], dtype=tf.int64) input_shape = tf.zeros([11], dtype=tf.int64) new_shape = tf.zeros([1], dtype=tf.int64) tf.raw_ops.SparseReshape(input_indices=input_indices, input_shape=input_shape, new_shape=new

CVE-2021-29565 [LOW] CWE-476 Null pointer dereference in `SparseFillEmptyRows` Null pointer dereference in `SparseFillEmptyRows` ### Impact An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`: ```python import tensorflow as tf indices = tf.constant([], shape=[0, 0], dtype=tf.int64) values = tf.constant([], shape=[0], dtype=tf.int64) dense_shape = tf.constant([], shape=[0], dtype=tf.int64) default_value = 0 tf.raw_ops.SparseFillEmptyRow

CVE-2021-29531 [LOW] CWE-754 CHECK-fail in tf.raw_ops.EncodePng CHECK-fail in tf.raw_ops.EncodePng ### Impact An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input tensor as the pixel data: ```python import tensorflow as tf image = tf.zeros([0, 0, 3]) image = tf.cast(image, dtype=tf.uint8) tf.raw_ops.EncodePng(image=image) ``` This is because the [implementation](https://github.com/tensorflow/tensorflow/blob/e312e0791ce486a80c9d23110841525c6f7c3289/tensorflow/cor

CVE-2021-29603 [LOW] CWE-787 Heap OOB write in TFLite Heap OOB write in TFLite ### Impact A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of [`ArgMin`/`ArgMax`](https://github.com/tensorflow/tensorflow/blob/102b211d892f3abc14f845a72047809b39cc65ab/tensorflow/lite/kernels/arg_min_max.cc#L52-L59): ```cc TfLiteIntArray* output_dims = TfLiteIntArrayCreate(NumDimensions(input) - 1); int j = 0; for (int i = 0; i data[j] = SizeOfDimension(input, i); ++