Intel Optimization For Tensorflow vulnerabilities

CVE-2022-41897 [MEDIUM] CWE-125 `FractionalMaxPoolGrad` Heap out of bounds read `FractionalMaxPoolGrad` Heap out of bounds read ### Impact If [`FractionMaxPoolGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc) is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. ```python import tensorflow as tf tf.raw_ops.FractionMaxPoolGrad( orig_input = [[[[1, 1, 1, 1, 1]]]], orig_output = [[[[1, 1, 1]]]

CVE-2022-41909 [MEDIUM] CWE-20 Segfault in `CompositeTensorVariantToComponents` Segfault in `CompositeTensorVariantToComponents` ### Impact An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in [`tf.raw_ops.CompositeTensorVariantToComponents`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc). ```python import tensorflow as tf encode = tf.raw_ops.EmptyTensorList(element_dtype=tf.int32, element_shape=[10, 15]

CVE-2022-41889 [MEDIUM] CWE-476 Segfault via invalid attributes in `pywrap_tfe_src.cc` Segfault via invalid attributes in `pywrap_tfe_src.cc` ### Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in [`tf.compat.v1.extract_volume_patches`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc) by passing in qu

CVE-2022-41911 [MEDIUM] CWE-704 Invalid char to bool conversion when printing a tensor Invalid char to bool conversion when printing a tensor ### Impact When [printing a tensor](https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227), we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if

CVE-2022-41887 [MEDIUM] CWE-131 Overflow in `tf.keras.losses.poisson` Overflow in `tf.keras.losses.poisson` ### Impact [`tf.keras.losses.poisson`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py) receives a `y_pred` and `y_true` that are passed through `functor::mul` in [`BinaryOp`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h). If the resulting dimensions overflow an `int32`, TensorFlow will crash due to

CVE-2022-41891 [MEDIUM] CWE-20 Segfault in `tf.raw_ops.TensorListConcat` Segfault in `tf.raw_ops.TensorListConcat` ### Impact If [`tf.raw_ops.TensorListConcat`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h) is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. ```python import tensorflow as tf tf.raw_ops.TensorListConcat( input_handle=tf.data.experimental.to_variant(tf.data.Dataset.from_

CVE-2022-41896 [MEDIUM] CWE-1284 `tf.raw_ops.Mfcc` crashes `tf.raw_ops.Mfcc` crashes ### Impact If [`ThreadUnsafeUnigramCandidateSampler`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc) is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. ```python import tensorflow as tf tf.raw_ops.Mfcc( spectrogram = [[[1.38, 6.32, 5.75, 9.51]]], sample_rate = 2, upper_frequency_limit = 5.0, lower_frequency_l

CVE-2022-41901 [MEDIUM] CWE-20 `CHECK_EQ` fail via input in `SparseMatrixNNZ` `CHECK_EQ` fail via input in `SparseMatrixNNZ` ### Impact An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in [`tf.raw_ops.SparseMatrixNNZ`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h). ```python import tensorflow as tf tf.raw_ops.SparseMatrixNNZ(sparse_matrix=[]) ``` ### Patches We have patched the issue in Gi

CVE-2022-41893 [MEDIUM] CWE-617 `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` ### Impact If [`tf.raw_ops.TensorListResize`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc) is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. ```python import numpy as np import tensorflow as tf a = data_structures.tf_tensor_list_new(elements =

CVE-2022-41890 [MEDIUM] CWE-704 `CHECK` fail in `BCast` overflow `CHECK` fail in `BCast` overflow ### Impact If [`BCast::ToShape`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in [`tf.experimental.numpy.outer`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) by passing in large input to the input

CVE-2020-26269 [HIGH] CWE-125 TensorFlow vulnerable to heap out of bounds read in filesystem glob matching TensorFlow vulnerable to heap out of bounds read in filesystem glob matching ### Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of [the array holding the directories](https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L127): ```cc

CVE-2022-35939 [HIGH] CWE-787 TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite ### Impact The [`ScatterNd`](https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698) function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will eith

CVE-2022-35937 [HIGH] CWE-125 TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite ### Impact The [`GatherNd`](https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111) function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is trigge

CVE-2022-35992 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor` TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor` ### Impact When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None) arg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=6

CVE-2022-35994 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `CollectiveGather` TensorFlow vulnerable to `CHECK` fail in `CollectiveGather` ### Impact When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0=1 arg_1=1 arg_2=1 arg_3=1 arg_4=(3, 3,3) arg_5='auto' arg_6=0 arg_7='' tf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2, instance_k

CVE-2022-35993 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `SetSize` TensorFlow vulnerable to `CHECK` fail in `SetSize` ### Impact When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0=1 arg_1=[1,1] arg_2=1 arg_3=True arg_4='' tf.raw_ops.SetSize(set_indices=arg_0, set_values=arg_1, set_shape=arg_2, validate_indices=arg_3, name=arg_4) ``` ### Pat

CVE-2022-36019 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` ### Impact If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf num_bits = 8 narrow_range = False inputs = tf.constant(0, shape=[4], dtype=tf.float32

CVE-2022-35972 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `QuantizedBiasAdd` TensorFlow vulnerable to segfault in `QuantizedBiasAdd` ### Impact If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.qint32 input = tf.constant([85,170,255], shape=[3], dtype=tf.quint8) bias = tf.constant(43, shape=[2,3], dty

CVE-2022-36005 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` ### Impact When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype

CVE-2022-35968 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad` TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad` ### Impact The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf ksize = [1, 2, 2, 1] strides = [1, 2, 2, 1] padding = "VALID" data_format = "NHWC" orig_input_shape = tf.constant(-536870912, shap