diff --git a/miscellaneous_scripts/dockerfile_patch_script.sh b/miscellaneous_scripts/dockerfile_patch_script.sh index f3dfbd05651b..6494e8da1001 100644 --- a/miscellaneous_scripts/dockerfile_patch_script.sh +++ b/miscellaneous_scripts/dockerfile_patch_script.sh @@ -34,6 +34,12 @@ if [[ $LATEST_RELEASED_IMAGE_URI =~ ^763104351884\.dkr\.ecr\.us-west-2\.amazonaw conda uninstall mpi4py && pip install "mpi4py>=3.1.4,<3.2" && echo "Installed mpi4py from pip" fi +# For PT 2.3 inference and training, install pyarrow from pip to remedy https://nvd.nist.gov/vuln/detail/CVE-2024-52338 +if [[ $LATEST_RELEASED_IMAGE_URI =~ ^763104351884\.dkr\.ecr\.us-west-2\.amazonaws\.com/pytorch-inference:2\.3\.[0-9]+-* ]] || \ + [[ $LATEST_RELEASED_IMAGE_URI =~ ^763104351884\.dkr\.ecr\.us-west-2\.amazonaws\.com/pytorch-training:2\.3\.[0-9]+-* ]]; then + pip uninstall -y pyarrow && pip install "pyarrow>=17.0.0" && echo "Installed pyarrow from pip" +fi + # Install packages and derive history and package diff data chmod +x $PATCHING_INFO_PATH/patch-details/install_script_language.sh && \ $PATCHING_INFO_PATH/patch-details/install_script_language.sh diff --git a/pytorch/inference/docker/2.3/py3/Dockerfile.ec2.graviton.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.3/py3/Dockerfile.ec2.graviton.cpu.os_scan_allowlist.json index a7812b6ffd36..93db2f8b3bd3 100644 --- a/pytorch/inference/docker/2.3/py3/Dockerfile.ec2.graviton.cpu.os_scan_allowlist.json +++ b/pytorch/inference/docker/2.3/py3/Dockerfile.ec2.graviton.cpu.os_scan_allowlist.json @@ -1,4 +1,33 @@ { + "torch": [{ + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + }], "linux": [ { "description": "In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.", diff --git a/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json index bac0fc71f78f..a5ad07c53699 100644 --- a/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json +++ b/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json @@ -1,4 +1,33 @@ { + "torch": [{ + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0+cu121.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0+cu121", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + }], "linux": [ { "description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.", diff --git a/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.graviton.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.graviton.cpu.os_scan_allowlist.json index 796acfd88f12..168ad3b3f7a8 100644 --- a/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.graviton.cpu.os_scan_allowlist.json +++ b/pytorch/inference/docker/2.3/py3/Dockerfile.sagemaker.graviton.cpu.os_scan_allowlist.json @@ -1,4 +1,33 @@ { + "torch": [{ + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + }], "linux": [ { "description": "In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO busses\") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.", diff --git a/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json index 516a96aaeb7a..1d63545c42a8 100644 --- a/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json +++ b/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json @@ -1,4 +1,33 @@ { + "torch": [{ + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0+cu121.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0+cu121", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + }], "linux": [ { "description": " In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported", diff --git a/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json index 99e9278a0141..05b2a4b75048 100644 --- a/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json +++ b/pytorch/inference/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json @@ -1,4 +1,33 @@ { + "torch": [{ + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0+cu121.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0+cu121", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + }], "linux": [ { "description": "In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", diff --git a/pytorch/training/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json b/pytorch/training/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json index 419ab76606c0..d1ccc138efe5 100644 --- a/pytorch/training/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json +++ b/pytorch/training/docker/2.3/py3/cu121/Dockerfile.ec2.gpu.os_scan_allowlist.json @@ -1,4 +1,35 @@ { + "torch": [ + { + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0-py3.11.egg-info/PKG-INFO", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + } + ], "linux": [ { "description": "In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.", diff --git a/pytorch/training/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/pytorch/training/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json index d1da58cd7a7d..be3489a6d571 100644 --- a/pytorch/training/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json +++ b/pytorch/training/docker/2.3/py3/cu121/Dockerfile.sagemaker.gpu.os_scan_allowlist.json @@ -1,4 +1,35 @@ { + "torch": [ + { + "description": "A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.", + "vulnerability_id": "CVE-2024-7804", + "name": "CVE-2024-7804", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.3.0-py3.11.egg-info/PKG-INFO", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.3.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 9.8, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7804", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2024-7804 - torch", + "reason_to_ignore": "N/A" + } + ], "linux": [ { "description": " In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.",