Intel Optimization For Tensorflow vulnerabilities

CVE-2022-35996 [MEDIUM] CWE-369 TensorFlow vulnerable to floating point exception in `Conv2D` TensorFlow vulnerable to floating point exception in `Conv2D` ### Impact If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. ```python import tensorflow as tf import numpy as np with tf.device("CPU"): # also can be triggerred on GPU input

CVE-2022-35988 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank` TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank` ### Impact When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf a = tf.constant([], shape=[0, 1, 1], dtype=tf.float32) tf.linalg.matrix_rank(a=a) ``` ### Patches We have patched the issue in GitHub commit

CVE-2022-36000 [MEDIUM] CWE-476 TensorFlow vulnerable to null dereference on MLIR on empty function attributes TensorFlow vulnerable to null dereference on MLIR on empty function attributes ### Impact `Eig` can be fed an incorrect `Tout` input, resulting in a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32) arg_1=tf.complex128 arg_2=True arg_3='' t

CVE-2022-35940 [MEDIUM] CWE-190 TensorFlow vulnerable to Int overflow in `RaggedRangeOp` TensorFlow vulnerable to Int overflow in `RaggedRangeOp` ### Impact The [`RaggedRangOp`](https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88) function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64

CVE-2022-35941 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp` TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp` ### Impact The [`AvgPoolOp`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98) function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. ```python import tensorflow as tf import

CVE-2022-35971 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars` TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars` ### Impact If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf num_bits = 8 narrow_range = False inputs = tf.constant(0, shape=[2,3], dtype=tf.float32) min = tf.constant(0, shape=[2,3],

CVE-2022-35960 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation ### Impact In [`core/kernels/list_kernels.cc's TensorListReserve`](https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325), `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than

CVE-2022-36027 [MEDIUM] CWE-20 TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions ### Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. ```python import tensorflow as tf class QuantConv2DTransposed(tf.keras.layers.Layer): def build(self, input_shape): self.kernel = self.add_weight("ker

CVE-2022-35982 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `SparseBincount` TensorFlow vulnerable to segfault in `SparseBincount` ### Impact If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf binary_output = True indices = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int64, seed=-1288)

CVE-2022-36017 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `Requantize` TensorFlow vulnerable to segfault in `Requantize` ### Impact If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf out_type = tf.quint8 input = tf.constant([1], shape=[3], dtype=tf.qint32) input_min = tf.constant([], shape=[0], dty

CVE-2022-35966 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `QuantizedAvgPool` TensorFlow vulnerable to segfault in `QuantizedAvgPool` ### Impact If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf ksize = [1, 2, 2, 1] strides = [1, 2, 2, 1] padding = "SAME" input = tf.constant(1, shape=[1,4,4,2], dtype=tf.quint8) min_input = tf.constant([]

CVE-2022-35997 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross` TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross` ### Impact If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf tf.sparse.cross(inputs=[],name='a',separator=tf.constant(['a', 'b'],dtype=tf.string)) ``` ### Patches We have patched the issue in GitHub commit [83d

CVE-2022-35969 [MEDIUM] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput` ### Impact The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf strides = [1, 1, 1, 1] padding = "SAME" use_cudnn_on_gpu = True explicit_paddings = [] data_format = "NHWC" dilations =

CVE-2022-35986 [MEDIUM] TensorFlow vulnerable to segfault in `RaggedBincount` TensorFlow vulnerable to segfault in `RaggedBincount` ### Impact If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf binary_output = True splits = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430) values = tf.random.uniform(shape=[], minval=-10000, maxval=10000

CVE-2022-35973 [MEDIUM] CWE-20 TensorFlow vulnerable to segfault in `QuantizedMatMul` TensorFlow vulnerable to segfault in `QuantizedMatMul` ### Impact If `QuantizedMatMul` is given nonscalar input for: - `min_a` - `max_a` - `min_b` - `max_b` It gives a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf Toutput = tf.qint32 transpose_a = False transpose_b = False Tactivation = tf.quint8 a = tf.constant(7, shape=[3,4], dtype=tf.quint8) b = tf.const

CVE-2022-35952 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp` TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp` ### Impact The [`UnbatchGradOp`](https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891) function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. ```python import numpy as np import tensorfl

CVE-2022-35981 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad` TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad` ### Impact `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack: ```python import tensorflow as tf overlapping = True orig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf

CVE-2022-36003 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2` TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2` ### Impact When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. ```python import tensorflow as tf arg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536) arg_1=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float32, maxval=None) arg_2=0 arg_3=0 arg_4=tf.int32

CVE-2022-36018 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant` TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant` ### Impact If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf batched_input = True rt_nested_splits = tf.constant([0,32,64], shape=[3], dtype=tf.int64) rt_dens

CVE-2022-35984 [MEDIUM] CWE-617 TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal` TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal` ### Impact `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniform(shape=[3], minval=-10000, maxval=