Intel Optimization For Tensorflow vulnerabilities

CVE-2021-29569 [LOW] CWE-125 Heap out of bounds read in `RequantizationRange` Heap out of bounds read in `RequantizationRange` ### Impact The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: ```python import tensorflow as tf input = tf.constant([1], shape=[1], dtype=tf.qint32) input_max = tf.constant([], dtype=tf.float32) input_min = tf.constant([], dtype=tf.float32) tf.raw_ops.Requant

CVE-2021-29595 [LOW] CWE-369 Division by zero in TFLite's implementation of `DepthToSpace` Division by zero in TFLite's implementation of `DepthToSpace` ### Impact The implementation of the `DepthToSpace` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69): ```cc const int block_size = params->block_size; ... const int input_channels = input->dims->d

CVE-2021-29555 [LOW] CWE-369 Division by 0 in `FusedBatchNorm` Division by 0 in `FusedBatchNorm` ### Impact An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.FusedBatchNorm`: ```python import tensorflow as tf x = tf.constant([], shape=[1, 1, 1, 0], dtype=tf.float32) scale = tf.constant([], shape=[0], dtype=tf.float32) offset = tf.constant([], shape=[0], dtype=tf.float32) mean = tf.constant([], shape=[0], dtype=tf.float32) variance = tf.constant([], shape=[0], dt

CVE-2021-29554 [LOW] CWE-369 Division by 0 in `DenseCountSparseOutput` Division by 0 in `DenseCountSparseOutput` ### Impact An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`: ```python import tensorflow as tf values = tf.constant([], shape=[0, 0], dtype=tf.int64) weights = tf.constant([]) tf.raw_ops.DenseCountSparseOutput( values=values, weights=weights, minlength=-1, maxlength=58, binary_output=True) ``` This is because the [implementa

CVE-2021-29616 [LOW] CWE-476 Null dereference in Grappler's `TrySimplify` Null dereference in Grappler's `TrySimplify` ### Impact The implementation of [`TrySimplify`](https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs. ### Patches We have patched the issue in GitHub

CVE-2021-29619 [LOW] CWE-755 Segfault in `tf.raw_ops.SparseCountSparseOutput` Segfault in `tf.raw_ops.SparseCountSparseOutput` ### Impact Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. ### Patches We have patched the issue in GitHub commit [82e6203221865de4008445b13c69b6826d2b28d9](https://github.com/tensorflow/tensorflow/commit/82e6203221865de4008445b13c69b6826d2b28d9). The fix will be included in TensorFlow 2.5.0. We wil

CVE-2021-29525 [LOW] CWE-369 Division by 0 in `Conv2DBackpropInput` Division by 0 in `Conv2DBackpropInput` ### Impact An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`: ```python import tensorflow as tf input_tensor = tf.constant([52, 1, 1, 5], shape=[4], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 1, 5, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[52, 1, 1, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropInput(input_sizes=input_tensor, f

CVE-2021-29593 [LOW] CWE-369 Division by zero in TFLite's implementation of `BatchToSpaceNd` Division by zero in TFLite's implementation of `BatchToSpaceNd` ### Impact The implementation of the `BatchToSpaceNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/b5ed552fe55895aee8bd8b191f744a069957d18d/tensorflow/lite/kernels/batch_to_space_nd.cc#L81-L82): ```cc TF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0); output_bat

CVE-2021-29588 [LOW] CWE-369 Division by zero in TFLite's implementation of `TransposeConv` Division by zero in TFLite's implementation of `TransposeConv` ### Impact The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L5221-L5222): ```cc int height_col = (height + pad_t + pad_b - filter_h) /

CVE-2021-29579 [LOW] CWE-119 Heap buffer overflow in `MaxPoolGrad` Heap buffer overflow in `MaxPoolGrad` ### Impact The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow: ```python import tensorflow as tf orig_input = tf.constant([0.0], shape=[1, 1, 1, 1], dtype=tf.float32) orig_output = tf.constant([0.0], shape=[1, 1, 1, 1], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) ksize = [1, 1, 1, 1] strides = [1, 1, 1, 1] padding = "SA

CVE-2021-29529 [LOW] CWE-131 Heap buffer overflow caused by rounding Heap buffer overflow caused by rounding ### Impact An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements: ```python import tensorflow as tf l = [256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361, 361, 384] images = tf.constant(l, shape=[1, 1, 15, 1], dtype=tf.qint32) size =

CVE-2021-29566 [LOW] CWE-787 Heap OOB access in `Dilation2DBackpropInput` Heap OOB access in `Dilation2DBackpropInput` ### Impact An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to `tf.raw_ops.Dilation2DBackpropInput`: ```python import tensorflow as tf input_tensor = tf.constant([1.1] * 81, shape=[3, 3, 3, 3], dtype=tf.float32) filter = tf.constant([], shape=[0, 0, 3], dtype=tf.float32) out_backprop = tf.constant([1.1] * 1062, shape=[3, 2, 59, 3]

CVE-2021-29513 [LOW] CWE-476 Type confusion during tensor casts lead to dereferencing null pointers Type confusion during tensor casts lead to dereferencing null pointers ### Impact Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. There are multiple ways to reproduce this, listing a few examples here: ```python import tensorflow as tf import numpy as np data = tf.random.truncated_normal(shape=1,mean=np.floa

CVE-2021-29589 [LOW] CWE-369 Division by zero in TFLite's implementation of `GatherNd` Division by zero in TFLite's implementation of `GatherNd` ### Impact The reference implementation of the `GatherNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966): ```cc ret.dims_to_count[i] = remain_flat_size / params_shape.Dims(i); ``` An atta

CVE-2021-29585 [LOW] CWE-369 Division by zero in padding computation in TFLite Division by zero in padding computation in TFLite ### Impact The TFLite computation for size of output after padding, [`ComputeOutSize`](https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.h#L43-L55), does not check that the `stride` argument is not 0 before doing the division. ```cc inline int ComputeOutSize(TfLitePadding padding, int image_size, in

CVE-2021-29528 [LOW] CWE-369 Division by 0 in `QuantizedMul` Division by 0 in `QuantizedMul` ### Impact An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`: ```python import tensorflow as tf x = tf.zeros([4, 1], dtype=tf.quint8) y = tf.constant([], dtype=tf.quint8) min_x = tf.constant(0.0) max_x = tf.constant(0.0010000000474974513) min_y = tf.constant(0.0) max_y = tf.constant(0.0010000000474974513) tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_

CVE-2021-29564 [LOW] CWE-476 Null pointer dereference in `EditDistance` Null pointer dereference in `EditDistance` ### Impact An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.EditDistance`: ```python import tensorflow as tf hypothesis_indices = tf.constant([247, 247, 247], shape=[1, 3], dtype=tf.int64) hypothesis_values = tf.constant([-9.9999], shape=[1], dtype=tf.float32) hypothesis_shape = tf.constant([0, 0, 0], shape=[3], dtype=tf.int64) truth_indices

CVE-2021-29518 [LOW] CWE-476 Session operations in eager mode lead to null pointer dereferences Session operations in eager mode lead to null pointer dereferences ### Impact In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference: ```python import tensorflow as tf tf.raw_ops.GetSessionTensor(handle=['\x12\x1a\x07'],dtype=4) ``` ```python import tensorflow as tf tf.raw_op

CVE-2021-29514 [LOW] CWE-787 Heap out of bounds write in `RaggedBinCount` Heap out of bounds write in `RaggedBinCount` ### Impact If the `splits` argument of `RaggedBincount` does not specify a valid [`SparseTensor`](https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow: ```python import tensorflow as tf tf.raw_ops.RaggedBincount(splits=[7,8], values= [5, 16, 51, 76, 29, 27, 54, 95],\ size= 59, weights= [0, 0, 0, 0, 0, 0, 0, 0],

CVE-2021-29574 [LOW] CWE-476 Undefined behavior in `MaxPool3DGradGrad` Undefined behavior in `MaxPool3DGradGrad` ### Impact The implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: ```python import tensorflow as tf orig_input = tf.constant([0.0], shape=[1, 1, 1, 1, 1], dtype=tf.float32) orig_output = tf.constant([0.0], shape=[1, 1, 1, 1, 1], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0,