Intel Optimization For Tensorflow vulnerabilities

CVE-2022-35963 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad` TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad` ### Impact The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. ```python import tensorflow as tf overlapping = True orig_input_tensor_shape = tf.constant(

CVE-2022-36001 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes` TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes` ### Impact When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(1, 3, 2, 3)), shape=(1, 3, 2, 3), dtype=tf.half) arg_1=tf.constant(value=np.random.r

CVE-2022-36013 [MEDIUM] CWE-476 TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` ### Impact When [`mlir::tfg::GraphDefImporter::ConvertNodeDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) tries to convert NodeDefs without an op name, it crashes. ```cpp Status GraphDefImporter::ConvertNodeDef(OpBuilder &

CVE-2022-36014 [MEDIUM] CWE-476 TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr` TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr` ### Impact When [`mlir::tfg::TFOp::nameAttr`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) receives null type list attributes, it crashes. ```cpp StatusOr GraphDefImporter::ArgNumType(const NamedAttrList &attrs, const OpDef::ArgDef &arg_def, SmallVectorImpl &t

CVE-2022-35985 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `LRNGrad` TensorFlow vulnerable to `CHECK` fail in `LRNGrad` ### Impact If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf depth_radius = 1 bias = 1.59018219 alpha = 0.117728651 beta = 0.404427052 input_grads = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.f

CVE-2022-35970 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `QuantizedInstanceNorm` TensorFlow vulnerable to segfault in `QuantizedInstanceNorm` ### Impact If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf output_range_given = False given_y_min = 0 given_y_max = 0 variance_epsilon = 1e-05 min_separation = 0.001 x = tf.constant(88, shape=[1,4

CVE-2022-35990 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` ### Impact When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, max

CVE-2022-36002 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `Unbatch` TensorFlow vulnerable to `CHECK` fail in `Unbatch` ### Impact When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(3, 3, 1)), dtype=tf.float64) arg_1=tf.constant(value=np.random.randint(0,100,size=(3, 3, 1)), dtype=tf.int64) arg_2=tf.constant(value=np.

CVE-2022-35934 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows ### Impact The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor: ```python import tensorflow as tf tf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64)) ``` This is anot

CVE-2022-35987 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `DenseBincount` TensorFlow vulnerable to `CHECK` fail in `DenseBincount` ### Impact `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf binary_output = True input = tf.random.uniform(shape=[0, 0], minval=

CVE-2022-36004 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma` TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma` ### Impact When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536) arg_1=tf.random.uniform(shape=(4, 4), dtype=tf.float64, maxval=None) arg_2=tf.random.uniform(shape=(4, 4, 4,

CVE-2022-35995 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2` TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2` ### Impact When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0='' arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None) arg_2=tf.random.uniform(shape=(2,1), dtype=tf.float32, maxval=None

CVE-2022-35979 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6` TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6` ### Impact If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.quint8 features = tf.constant(28, shape=[4,2], dtype=tf.quint8) min_feature

CVE-2022-35935 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation ### Impact The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. ```python import tensorflow as tf tf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]),

CVE-2022-35983 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices` TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices` ### Impact If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf filename = tf.constant("") tensor_names = tf.constant("") # Save data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=100

CVE-2022-35999 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` ### Impact When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. ```python import tensorflow as tf import numpy as np input_sizes = [3, 1, 1, 2] filter = np.ones([1, 3, 2,

CVE-2022-36026 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3` TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3` ### Impact If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf signed_input = True range_given = False narrow_range = False axis = -1 input = tf.constant(-3.5, shape=[1], dtype=tf.float32) i

CVE-2022-36012 [MEDIUM] CWE-617 TensorFlow vulnerable to assertion fail on MLIR empty edge names TensorFlow vulnerable to assertion fail on MLIR empty edge names ### Impact When [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it crashes. ```cpp // We pre-allocate the array of operands and populate it using the // `output_name_to_position` and `contro

CVE-2022-35964 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `BlockLSTMGradV2` TensorFlow vulnerable to segfault in `BlockLSTMGradV2` ### Impact The implementation of `BlockLSTMGradV2` does not fully validate its inputs. - `wci`, `wcf`, `wco`, `b` must be rank 1 - `w`, cs_prev`, `h_prev` must be rank 2 - `x` must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf use_peephole = False seq_len_max = tf.constant(

CVE-2022-35959 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad` TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad` ### Impact The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf ksize = [1, 1, 1, 1, 1] strides = [1, 1, 1, 1, 1] padding = "SAME" data_format = "NDHW