Intel Optimization For Tensorflow vulnerabilities

CVE-2022-23583 [MEDIUM] CWE-617 `CHECK`-failures in binary ops in Tensorflow `CHECK`-failures in binary ops in Tensorflow ### Impact A malicious user can cause a denial of service by altering a `SavedModel` such that [any binary op](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137) would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that

CVE-2022-21732 [MEDIUM] CWE-400 Memory exhaustion in Tensorflow Memory exhaustion in Tensorflow ### Impact The [implementation of `ThreadPoolHandle`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135) can be used to trigger a denial of service attack by allocating too much memory: ```python import tensorflow as tf y = tf.raw_ops.ThreadPoolHandle(num_threads=0x60000000,display_name='

CVE-2022-23579 [MEDIUM] CWE-617 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow ### Impact The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that [`SafeToRemoveIdentity`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98) would trigger `C

CVE-2022-21733 [MEDIUM] CWE-190 Memory exhaustion in Tensorflow Memory exhaustion in Tensorflow ### Impact The [implementation of `StringNGrams`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161) can be used to trigger a denial of service attack by causing an OOM condition after an integer overflow: ```python import tensorflow as tf tf.raw_ops.StringNGrams( data=['123456'], data_splits=[0,1], separator=

CVE-2022-21725 [MEDIUM] CWE-369 Division by zero in Tensorflow Division by zero in Tensorflow ### Impact The [estimator for the cost of some convolution operations](https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198) can be made to execute a division by 0: ```python import tensorflow as tf @tf.function def test(): y=tf.raw_ops.AvgPoolGrad( orig_input_shape=[1,1,1,1], grad=[[[[1.0],[1.0],[1.

CVE-2022-23578 [MEDIUM] CWE-401 Memory leak in Tensorflow Memory leak in Tensorflow ### Impact If a graph node is invalid, TensorFlow can leak memory in the [implementation of `ImmutableExecutorState::Initialize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262): ```cc Status s = params_.create_kernel(n->properties(), &item->kernel); if (!s.ok()) { item->kernel = nullptr; s = AttachDef(s,

CVE-2022-23582 [MEDIUM] CWE-617 `CHECK`-failures in `TensorByteSize` in Tensorflow `CHECK`-failures in `TensorByteSize` in Tensorflow ### Impact A malicious user can cause a denial of service by altering a `SavedModel` such that [`TensorByteSize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50) would trigger `CHECK` failures. ```cc int64_t TensorByteSize(const TensorProto& t) { // num_elements returns

CVE-2022-21728 [HIGH] CWE-125 Out of bounds read in Tensorflow Out of bounds read in Tensorflow ### Impact The [implementation of shape inference for `ReverseSequence`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671) does not fully validate the value of `batch_dim` and can result in a heap OOB read: ```python import tensorflow as tf @tf.function def test(): y = tf.raw_ops.ReverseSequence( input = ['aaa','bbb'

CVE-2022-23572 [HIGH] CWE-617 Crash when type cannot be specialized in Tensorflow Crash when type cannot be specialized in Tensorflow ### Impact Under certain scenarios, TensorFlow can fail to specialize a type during [shape inference](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174): ```cc void InferenceContext::PreInputInit( const OpDef& op_def, const std::vector& input_tensors, const std::vector& i

CVE-2022-23592 [HIGH] CWE-125 Out of bounds read in Tensorflow Out of bounds read in Tensorflow ### Impact TensorFlow's [type inference](https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229) can cause a heap OOB read as the bounds checking is done in a `DCHECK` (which is a no-op during production): ```cc if (node_t.type_id() != TFT_UNSET) { int ix = input_idx[i]; DCHECK(ix < node_t.args_size()) << "input " << i << " sho

CVE-2022-21740 [HIGH] CWE-120 Heap overflow in Tensorflow Heap overflow in Tensorflow ### Impact The [implementation of `SparseCountSparseOutput`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273) is vulnerable to a heap overflow: ```python import tensorflow as tf import numpy as np tf.raw_ops.SparseCountSparseOutput( indices=[[-1,-1]], values=[2], dense_shape=[1, 1], weights=[1], binary_output=True, minlengt

CVE-2022-21730 [HIGH] CWE-125 Out of bounds read in Tensorflow Out of bounds read in Tensorflow ### Impact The [implementation of `FractionalAvgPoolGrad`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360) does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap: ```python import tensorflow as tf @tf.function def test(): y = tf.raw_ops

CVE-2022-23558 [HIGH] CWE-190 Integer overflow in TFLite array creation Integer overflow in TFLite array creation ### Impact An attacker can craft a TFLite model that would cause an integer overflow [in `TfLiteIntArrayCreate`](https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60): ```cc TfLiteIntArray* TfLiteIntArrayCreate(int size) { int alloc_size = TfLiteIntArrayGetSizeInBytes(size); // ... TfLiteIntArray* ret = (TfLiteInt

CVE-2022-23566 [HIGH] CWE-787 Out of bounds write in Tensorflow Out of bounds write in Tensorflow ### Impact TensorFlow is vulnerable to a heap OOB write in [Grappler](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141): ```cc Status SetUnknownShape(const NodeDef* node, int output_port) { shape_inference::ShapeHandle shape = GetUnknownOutputShape(node, output_port); InferenceContext* ctx = GetCon

CVE-2022-23562 [HIGH] CWE-190 Integer overflow in Tensorflow Integer overflow in Tensorflow ### Impact The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. ### Patches We have patched the issue in GitHub commit [f0147751fd5d2ff23251149ebad9af9f03010732](https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732) (merging [#51733](https://github.com/tensorflow/tensorfl

CVE-2022-23559 [HIGH] CWE-190 Integer overflow in TFLite Integer overflow in TFLite ### Impact An attacker can craft a TFLite model that would cause an integer overflow [in embedding lookup operations](https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189): ```cc int embedding_size = 1; int lookup_size = 1; for (int i = 0; i data.i32[i]; lookup_size *= dim; output_shape->data[k] = dim; } for (int i =

CVE-2022-23563 [HIGH] CWE-367 Insecure temporary file in Tensorflow Insecure temporary file in Tensorflow ### Impact In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was s

CVE-2022-23561 [HIGH] CWE-787 Out of bounds write in TFLite Out of bounds write in TFLite ### Impact An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. ### Patches We have patched the issue in GitHub commit [6c0b2b70eeee588591680f5b7d5d38175fd7cdf6](https://github.com/tensorflow/tens

CVE-2022-23570 [HIGH] CWE-476 Null-dereference in Tensorflow Null-dereference in Tensorflow ### Impact When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is [guarded by a `DCHECK`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106): ```cc const auto* attr = attrs.Find(arg->s()); DCHECK(at

CVE-2022-21727 [HIGH] CWE-190 Integer overflow in Tensorflow Integer overflow in Tensorflow ### Impact The [implementation of shape inference for `Dequantize`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034) is vulnerable to an integer overflow weakness: ```python import tensorflow as tf input = tf.constant([1,1],dtype=tf.qint32) @tf.function def test(): y = tf.raw_ops.Dequantize( input=input, min_range=[1.0