Intel Optimization For Tensorflow vulnerabilities

CVE-2021-29615 [LOW] CWE-674 Stack overflow in `ParseAttrValue` with nested tensors Stack overflow in `ParseAttrValue` with nested tensors ### Impact The implementation of [`ParseAttrValue`](https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. ### Patches We have patched the issue in GitHub commit [e07e1c3d26492c06

CVE-2021-29610 [LOW] CWE-665 Invalid validation in `QuantizeAndDequantizeV2` Invalid validation in `QuantizeAndDequantizeV2` ### Impact The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument: ```python import tensorflow as tf input_tensor = tf.constant([0.0], shape=[1], dtype=float) input_min = tf.constant(-10.0) input_max = tf.constant(-10.0) tf.raw_ops.QuantizeAndDequantizeV2( input=input_tensor, input_min=input_min, input_max=input_max, signed_inp

CVE-2021-29547 [LOW] CWE-125 Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization` Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization` ### Impact An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`: ```python import tensorflow as tf t = tf.constant([1], shape=[1, 1, 1, 1], dtype=tf.quint8) t_min = tf.constant([], shape=[0], dtype=tf.float32) t_max = tf.constant([], shape

CVE-2021-29596 [LOW] CWE-369 Division by zero in TFLite's implementation of `EmbeddingLookup` Division by zero in TFLite's implementation of `EmbeddingLookup` The implementation of the `EmbeddingLookup` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/e4b29809543b250bc9b19678ec4776299dd569ba/tensorflow/lite/kernels/embedding_lookup.cc#L73-L74): ```cc const int row_size = SizeOfDimension(value, 0); const int row_bytes = value->bytes / row

CVE-2021-29522 [LOW] CWE-369 Division by 0 in `Conv3DBackprop*` Division by 0 in `Conv3DBackprop*` ### Impact The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: ```python import tensorflow as tf input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.f

CVE-2021-29523 [LOW] CWE-190 CHECK-fail in AddManySparseToTensorsMap CHECK-fail in AddManySparseToTensorsMap ### Impact An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.AddManySparseToTensorsMap`: ```python import tensorflow as tf import numpy as np sparse_indices = tf.constant(530, shape=[1, 1], dtype=tf.int64) sparse_values = tf.ones([1], dtype=tf.int64) shape = tf.Variable(tf.ones([55], dtype=tf.int64)) shape[:8].assign(np.array([855, 901, 429, 892, 892, 852,

CVE-2021-29602 [LOW] CWE-369 Division by zero in TFLite's implementation of `DepthwiseConv` Division by zero in TFLite's implementation of `DepthwiseConv` ### Impact The implementation of the `DepthwiseConv` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288): ```cc int num_input_channels = SizeOfDimension(input, 3); TF_LITE_ENSURE_EQ(context, num_

CVE-2021-29612 [LOW] CWE-120 Heap buffer overflow in `BandedTriangularSolve` Heap buffer overflow in `BandedTriangularSolve` ### Impact An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`: ```python import tensorflow as tf import numpy as np matrix_array = np.array([]) matrix_tensor = tf.convert_to_tensor(np.reshape(matrix_array,(0,1)),dtype=tf.float32) rhs_array = np.array([1,1]) rhs_tensor = tf.convert_to_tensor(np.reshape(rhs_array,(

CVE-2020-26270 [MEDIUM] CWE-20 CHECK-fail in LSTM with zero-length input in TensorFlow CHECK-fail in LSTM with zero-length input in TensorFlow ### Impact Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a `CHECK` failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. ### Patches We have patched the issue in GitHub commit [14755416e364f17fb1870882

CVE-2020-26271 [MEDIUM] CWE-125 Heap out of bounds access in MakeEdge in TensorFlow Heap out of bounds access in MakeEdge in TensorFlow ### Impact Under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The [`MakeEdge` function](https://github.com/tensorflow/tensorflow/blob/3616708cb866365301d8e67b43b32b46d94b08a0/tensorflow/core/common_runtime/graph_constructor.cc#L1426-L1438) creates an edge between one output tensor of the

CVE-2020-26268 [MEDIUM] CWE-471 Write to immutable memory region in TensorFlow Write to immutable memory region in TensorFlow ### Impact The `tf.raw_ops.ImmutableConst` operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area: ```python >>> import tensorflow as tf >>> with open('/tmp/test.txt','w') as f: f.writ

CVE-2020-26266 [MEDIUM] CWE-908 Uninitialized memory access in TensorFlow Uninitialized memory access in TensorFlow ### Impact Under certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to [default initialize the quantized floating point types in Eigen](https://github.com/tensorflow/tensorflow/blob/f70160322a579144950dff1537dcbe3c7c09d6f5/third_party/eigen3/

CVE-2020-26267 [LOW] CWE-125 Lack of validation in data format attributes in TensorFlow Lack of validation in data format attributes in TensorFlow ### Impact The `tf.raw_ops.DataFormatVecPermute` API does not validate the `src_format` and `dst_format` attributes. [The code](https://github.com/tensorflow/tensorflow/blob/304b96815324e6a73d046df10df6626d63ac12ad/tensorflow/core/kernels/data_format_ops.cc) assumes that these two arguments define a permutation of `NHWC`. However, these assumptions

CVE-2020-15265 [HIGH] CWE-125 Segfault in `tf.quantization.quantize_and_dequantize` Segfault in `tf.quantization.quantize_and_dequantize` ### Impact An attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`: ```python tf.quantization.quantize_and_dequantize( input=[2.5, 2.5], input_min=[0,0], input_max=[1,1], axis=10) ``` This results in accessing [a dimension outside the rank of the input tensor](https://github.com/tensorflow/tensorflow/blob/0225022b725993bfc1

CVE-2020-15266 [MEDIUM] CWE-119 Float cast overflow undefined behavior Float cast overflow undefined behavior ### Impact When the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. ### Patches We have patched the issue in c0319231333f0f16e1cc75ec83660b01fedd4182 and will release TensorFlow 2.4.0 contai

CVE-2020-15212 [CRITICAL] CWE-787 Out of bounds access in tensorflow-lite Out of bounds access in tensorflow-lite ### Impact In TensorFlow Lite models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631 Users having access to `segment_ids_data` can alte

CVE-2020-15214 [CRITICAL] CWE-787 Out of bounds write in tensorflow-lite Out of bounds write in tensorflow-lite ### Impact In TensorFlow Lite models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf

CVE-2020-15199 [HIGH] CWE-20 Denial of Service in Tensorflow Denial of Service in Tensorflow ### Impact The `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops

CVE-2020-15210 [HIGH] CWE-20 Segmentation fault in tensorflow-lite Segmentation fault in tensorflow-lite ### Impact If a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. ### Patches We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or

CVE-2020-15203 [HIGH] CWE-134 Denial of Service in Tensorflow Denial of Service in Tensorflow ### Impact By controlling the `fill` argument of [`tf.strings.as_string`](https://www.tensorflow.org/api_docs/python/tf/strings/as_string), a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/as_string_