diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 4e74be27bf7a..6ace62deacab 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -50,10 +50,10 @@ dgl_tests/ @aws/dlc-dgl-reviewers
*triton* @aws/dlc-triton-reviewers
# Files under stabilityai/ and huggingface/ directories can be directly reviewed by below teams
-stabilityai/ @aws/sagemaker-1p-algorithms
-huggingface/ @aws/sagemaker-1p-algorithms
-test/sagemaker_tests/huggingface/ @aws/sagemaker-1p-algorithms
-test/sagemaker_tests/huggingface_pytorch/ @aws/sagemaker-1p-algorithms
-test/sagemaker_tests/huggingface_tensorflow/ @aws/sagemaker-1p-algorithms
-test/sagemaker_tests/pytorch/inference/integration/sagemaker/test_stabilityai.py @aws/sagemaker-1p-algorithms
-test/sagemaker_tests/pytorch/inference/resources/stabilityai/ @aws/sagemaker-1p-algorithms
+stabilityai/ @aws/dl-containers
+huggingface/ @aws/dl-containers
+test/sagemaker_tests/huggingface/ @aws/dl-containers
+test/sagemaker_tests/huggingface_pytorch/ @aws/dl-containers
+test/sagemaker_tests/huggingface_tensorflow/ @aws/dl-containers
+test/sagemaker_tests/pytorch/inference/integration/sagemaker/test_stabilityai.py @aws/dl-containers
+test/sagemaker_tests/pytorch/inference/resources/stabilityai/ @aws/dl-containers
diff --git a/available_images.md b/available_images.md
index 010827837808..8f70be99e3b3 100644
--- a/available_images.md
+++ b/available_images.md
@@ -366,8 +366,12 @@ Note: Starting from Neuron SDK 2.17.0, Dockerfiles for PyTorch Neuron Containers
| Framework | Neuron Package | Neuron SDK Version | Job Type | Supported EC2 Instance Types | Python Version Options | Example URL |
|----------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|--------------------|-----------|------------------------------|------------------------|----------------------------------------------------------------------------------------------------------------------|
+| [PyTorch 2.8.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.26.0/docker/pytorch/inference/2.8.0/Dockerfile.neuronx) | torch-neuronx, neuronx_distributed, neuronx_distributed_inference | Neuron 2.26.0 | inference | trn1,trn2,inf2 | 3.11 (py311) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference-neuronx:2.8.0-neuronx-py311-sdk2.26.0-ubuntu22.04 |
+| [PyTorch 2.8.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.26.0/docker/pytorch/training/2.8.0/Dockerfile.neuronx) | torch-neuronx, neuronx_distributed, neuronx_distributed_training | Neuron 2.26.0 | training | trn1,trn2,inf2 | 3.11 (py311) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training-neuronx:2.8.0-neuronx-py311-sdk2.26.0-ubuntu22.04 |
| [PyTorch 2.7.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.25.0/docker/pytorch/inference/2.7.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_inference | Neuron 2.25.0 | inference | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference-neuronx:2.7.0-neuronx-py310-sdk2.25.0-ubuntu22.04 |
| [PyTorch 2.7.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.25.0/docker/pytorch/training/2.7.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_training | Neuron 2.25.0 | training | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training-neuronx:2.7.0-neuronx-py310-sdk2.25.0-ubuntu22.04 |
+| [PyTorch 2.7.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.24.1/docker/pytorch/inference/2.7.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_inference | Neuron 2.24.1 | inference | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference-neuronx:2.7.0-neuronx-py310-sdk2.24.1-ubuntu22.04 |
+| [PyTorch 2.7.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.24.1/docker/pytorch/training/2.7.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_training | Neuron 2.24.1 | training | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training-neuronx:2.7.0-neuronx-py310-sdk2.24.1-ubuntu22.04 |
| [PyTorch 2.6.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.23.0/docker/pytorch/inference/2.6.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_inference | Neuron 2.23.0 | inference | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference-neuronx:2.6.0-neuronx-py310-sdk2.23.0-ubuntu22.04 |
| [PyTorch 2.6.0](https://github.com/aws-neuron/deep-learning-containers/blob/2.23.0/docker/pytorch/training/2.6.0/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_training | Neuron 2.23.0 | training | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training-neuronx:2.6.0-neuronx-py310-sdk2.23.0-ubuntu22.04 |
| [PyTorch 2.5.1](https://github.com/aws-neuron/deep-learning-containers/blob/2.22.0/docker/pytorch/inference/2.5.1/Dockerfile.neuronx) | torch-neuronx, transformers-neuronx, neuronx_distributed, neuronx_distributed_inference | Neuron 2.22.0 | inference | trn1,trn2,inf2 | 3.10 (py310) | 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference-neuronx:2.5.1-neuronx-py310-sdk2.22.0-ubuntu22.04 |
diff --git a/dlc_developer_config.toml b/dlc_developer_config.toml
index bce20ebd1eb7..fa6c1df44f6e 100644
--- a/dlc_developer_config.toml
+++ b/dlc_developer_config.toml
@@ -37,12 +37,12 @@ deep_canary_mode = false
[build]
# Add in frameworks you would like to build. By default, builds are disabled unless you specify building an image.
# available frameworks - ["base", "vllm", "autogluon", "huggingface_tensorflow", "huggingface_pytorch", "huggingface_tensorflow_trcomp", "huggingface_pytorch_trcomp", "pytorch_trcomp", "tensorflow", "pytorch", "stabilityai_pytorch"]
-build_frameworks = []
+build_frameworks = ["pytorch"]
# By default we build both training and inference containers. Set true/false values to determine which to build.
build_training = true
-build_inference = true
+build_inference = false
# Set do_build to "false" to skip builds and test the latest image built by this PR
# Note: at least one build is required to set do_build to "false"
@@ -122,7 +122,7 @@ use_scheduler = false
dlc-pr-base = ""
# Standard Framework Training
-dlc-pr-pytorch-training = ""
+dlc-pr-pytorch-training = "pytorch/training/buildspec-2-8-ec2.yml"
dlc-pr-tensorflow-2-training = ""
dlc-pr-autogluon-training = ""
diff --git a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.os_scan_allowlist.json b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.os_scan_allowlist.json
index 5ccb163f9a91..fc8979f0df79 100644
--- a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.os_scan_allowlist.json
+++ b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.os_scan_allowlist.json
@@ -845,6 +845,35 @@
}
],
"linux-libc-dev": [
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias(). In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).",
+ "vulnerability_id": "CVE-2024-38541",
+ "name": "CVE-2024-38541",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "192.212"
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://ubuntu.com/security/CVE-2024-38541",
+ "source": "UBUNTU_CVE",
+ "severity": "CRITICAL",
+ "status": "ACTIVE",
+ "title": "CVE-2024-38541 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
{
"description":"In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object \"intf\". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object \"intf\". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switch gb_interface_release | kfree(intf) (free) | | gb_interface_mode_switch_work | mutex_lock(&intf->mutex) (use) Fix it by canceling the work before kfree.",
"vulnerability_id":"CVE-2024-39495",
diff --git a/pytorch/inference/buildspec-arm64-2-5-sm.yml b/pytorch/inference/buildspec-arm64-2-5-sm.yml
index ec5376d5b14d..35b89e3d6421 100644
--- a/pytorch/inference/buildspec-arm64-2-5-sm.yml
+++ b/pytorch/inference/buildspec-arm64-2-5-sm.yml
@@ -43,7 +43,7 @@ images:
torch_serve_version: &TORCHSERVE_VERSION 0.12.0
tool_kit_version: &SM_TOOLKIT_VERSION 2.0.25
tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION , "-sagemaker"]
- latest_release_tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION, "-sagemaker" ]
+ # latest_release_tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION, "-sagemaker" ]
# skip_build: "False"
docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile.arm64., *DEVICE_TYPE ]
target: sagemaker
diff --git a/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
index 77fa6e34a08d..10d8459bb72e 100644
--- a/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
@@ -29,5 +29,67 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json
index 783936bb4747..cd70d4a09e27 100644
--- a/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json
@@ -89,5 +89,67 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
index 77fa6e34a08d..4527b78d7f1b 100644
--- a/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
@@ -29,5 +29,67 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json
index 6603ab58714e..dbb2e5757650 100644
--- a/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json
@@ -1,3 +1,7 @@
{
- "70612": "In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the \"source\" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. \r\nNOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing."
+ "70612": "In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the \"source\" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. \r\nNOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.",
+ "79077": "Affected versions of the h2 package are vulnerable to HTTP Request Smuggling due to improper validation of illegal characters in HTTP headers. The package allows CRLF characters to be injected into header names and values without proper sanitisation, which can cause request boundary manipulation when HTTP/2 requests are downgraded to HTTP/1.1 by downstream servers.",
+ "78828": "Affected versions of the PyTorch package are vulnerable to Denial of Service (DoS) due to improper handling in the MKLDNN pooling implementation. The torch.mkldnn_max_pool2d function fails to properly validate input parameters, allowing crafted inputs to trigger resource exhaustion or crashes in the underlying MKLDNN library. An attacker with local access can exploit this vulnerability by passing specially crafted tensor dimensions or parameters to the max pooling function, causing the application to become unresponsive or crash.",
+ "77744": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.",
+ "77745": "Urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and before 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime, utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behaviour. This issue has been patched in version 2.5.0."
}
diff --git a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json
index 77fa6e34a08d..10d8459bb72e 100644
--- a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json
@@ -29,5 +29,67 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json
index 783936bb4747..ea801c9046da 100644
--- a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json
@@ -89,5 +89,68 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
index 783936bb4747..cd70d4a09e27 100644
--- a/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
+++ b/pytorch/inference/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -89,5 +89,67 @@
"title": "CVE-2025-32434 - torch",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/inference/docker/2.6/py3/Dockerfile.arm64.cpu b/pytorch/inference/docker/2.6/py3/Dockerfile.arm64.cpu
index 97b377669b02..3281081505e6 100644
--- a/pytorch/inference/docker/2.6/py3/Dockerfile.arm64.cpu
+++ b/pytorch/inference/docker/2.6/py3/Dockerfile.arm64.cpu
@@ -189,8 +189,8 @@ RUN chmod +x /usr/local/bin/dockerd-entrypoint.py
# add telemetry
COPY deep_learning_container.py /usr/local/bin/deep_learning_container.py
-COPY sitecustomize.py /usr/local/lib/${PYTHON_SHORT_VERSION}/sitecustomize.py
RUN chmod +x /usr/local/bin/deep_learning_container.py
+# COPY sitecustomize.py /usr/local/lib/${PYTHON_SHORT_VERSION}/sitecustomize.py
RUN HOME_DIR=/root \
&& curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \
diff --git a/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..769b5af66da8
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..769b5af66da8
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..c803967b40fa
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json
new file mode 100644
index 000000000000..4882e42c6ceb
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/Dockerfile.sagemaker.arm64.cpu.py_scan_allowlist.json
@@ -0,0 +1,3 @@
+{
+ "78828": "Affected versions of the PyTorch package are vulnerable to Denial of Service (DoS) due to improper handling in the MKLDNN pooling implementation. The torch.mkldnn_max_pool2d function fails to properly validate input parameters, allowing crafted inputs to trigger resource exhaustion or crashes in the underlying MKLDNN library. An attacker with local access can exploit this vulnerability by passing specially crafted tensor dimensions or parameters to the max pooling function, causing the application to become unresponsive or crash."
+}
diff --git a/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..769b5af66da8
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.arm64.gpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..769b5af66da8
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.ec2.gpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..769b5af66da8
--- /dev/null
+++ b/pytorch/inference/docker/2.6/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
diff --git a/pytorch/training/docker/2.5/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json b/pytorch/training/docker/2.5/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
index 446900b70600..6d0cf914e7f5 100644
--- a/pytorch/training/docker/2.5/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
+++ b/pytorch/training/docker/2.5/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
@@ -441,5 +441,68 @@
"title": "CVE-2025-30167 - jupyter_core",
"reason_to_ignore": "N/A"
}
+ ],
+
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/pytorch/training/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/pytorch/training/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
index 9a2b585cf840..dd1742ef687b 100644
--- a/pytorch/training/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
+++ b/pytorch/training/docker/2.5/py3/cu124/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -1290,5 +1290,68 @@
"title": "CVE-2025-30167 - jupyter_core",
"reason_to_ignore": "N/A"
}
+ ],
+
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/release_images_general.yml b/release_images_general.yml
index 1cbf78193521..b1edb5296904 100644
--- a/release_images_general.yml
+++ b/release_images_general.yml
@@ -44,14 +44,14 @@ release_images:
public_registry: True
4:
framework: "vllm"
- version: "0.10.1"
+ version: "0.10.2"
arch_type: "x86"
customer_type: "ec2"
general:
device_types: [ "gpu" ]
python_versions: [ "py312" ]
os_version: "ubuntu22.04"
- cuda_version: "cu128"
+ cuda_version: "cu129"
example: False
disable_sm_tag: False
force_release: False
@@ -69,4 +69,4 @@ release_images:
example: False
disable_sm_tag: False
force_release: False
- public_registry: False
+ public_registry: True
diff --git a/release_images_inference.yml b/release_images_inference.yml
index 34ab81fe58c5..1502839a989e 100644
--- a/release_images_inference.yml
+++ b/release_images_inference.yml
@@ -249,3 +249,16 @@ release_images:
example: False
disable_sm_tag: True
force_release: False
+ 20:
+ framework: "djl"
+ version: "0.34.0"
+ arch_type: "x86"
+ inference:
+ device_types: [ "gpu" ]
+ python_versions: [ "py312" ]
+ os_version: "ubuntu24.04"
+ lmi_version: "16.0.0"
+ cuda_version: "cu128"
+ example: False
+ disable_sm_tag: True
+ force_release: False
diff --git a/src/requirements.txt b/src/requirements.txt
index 048b1148450c..e4db76390f53 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -3,11 +3,11 @@ boto3==1.37.9
fabric
invoke
wheel==0.44.0
-docker==6.1.3
+docker
pyfiglet==0.8.post1
reprint==0.5.2
ruamel.yaml==0.18.10
black==24.8.0
junit-xml==1.9
toml==0.10.2
-retrying
+retrying
\ No newline at end of file
diff --git a/src/utils.py b/src/utils.py
index 38285ade2577..18e6fadb8d55 100644
--- a/src/utils.py
+++ b/src/utils.py
@@ -22,7 +22,7 @@
import constants
from botocore.exceptions import ClientError
-from invoke.context import Context
+from invoke import Context
from codebuild_environment import get_cloned_folder_path
from config import is_build_enabled, is_autopatch_build_enabled
diff --git a/tensorflow/inference/docker/2.18/py3/Dockerfile.arm64.cpu b/tensorflow/inference/docker/2.18/py3/Dockerfile.arm64.cpu
index 40242dda1913..338e0574fb99 100644
--- a/tensorflow/inference/docker/2.18/py3/Dockerfile.arm64.cpu
+++ b/tensorflow/inference/docker/2.18/py3/Dockerfile.arm64.cpu
@@ -92,8 +92,7 @@ RUN ${PIP} install --no-cache-dir \
gevent \
requests \
grpcio \
- # protobuf version requirements in https://github.com/tensorflow/serving/blob/master/tensorflow_serving/tools/pip_package/setup.py#L66
- "protobuf<5.0" \
+ "protobuf==5.29.5" \
packaging \
# using --no-dependencies to avoid installing tensorflow binary
&& ${PIP} install --no-dependencies --no-cache-dir \
diff --git a/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.core_packages.json b/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.core_packages.json
index e19025e77c9d..6334c2259281 100644
--- a/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.core_packages.json
+++ b/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.core_packages.json
@@ -13,6 +13,6 @@
"version_specifier":">=1.24.3,<2.0"
},
"protobuf":{
- "version_specifier":">=3.20.3,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0"
+ "version_specifier":">=5.29.5"
}
}
\ No newline at end of file
diff --git a/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json b/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
index 60e3d94d5c7b..7e2bbceed8c9 100644
--- a/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
+++ b/tensorflow/inference/docker/2.18/py3/Dockerfile.ec2.arm64.cpu.os_scan_allowlist.json
@@ -379,5 +379,232 @@
"title": "CVE-2022-48337 - emacs, emacs-common and 1 more",
"reason_to_ignore": "N/A"
}
+ ],
+ "linux-libc-dev": [
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 c3 cc",
+ "vulnerability_id": "CVE-2024-53168",
+ "name": "CVE-2024-53168",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-53168.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-53168 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&server->mid_lock); spin_lock(&cifs_tcp_ses_lock) spin_lock(&server->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) deadlock",
+ "vulnerability_id": "CVE-2023-52757",
+ "name": "CVE-2023-52757",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52757.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2023-52757 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if puting a 'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(), and executing the following script: $ echo function_graph > current_tracer $ cat trace > /dev/null & $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point $ echo timerlat > current_tracer The root cause lies in the two calls to print_graph_function_flags within print_trace_line during each s_show(): * One through 'iter->trace->print_line()'; * Another through 'event->funcs->trace()', which is hidden in print_trace_fmt() before print_trace_line returns. Tracer switching only updates the former, while the latter continues to use the print_line function of the old tracer, which in the script above is print_graph_function_flags. Moreover, when switching from the",
+ "vulnerability_id": "CVE-2025-22035",
+ "name": "CVE-2025-22035",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-22035.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-22035 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54",
+ "vulnerability_id": "CVE-2024-49950",
+ "name": "CVE-2024-49950",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-49950.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-49950 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null",
+ "vulnerability_id": "CVE-2024-50047",
+ "name": "CVE-2024-50047",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-50047.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-50047 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message.",
+ "vulnerability_id": "CVE-2025-21993",
+ "name": "CVE-2025-21993",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.1,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.1,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-21993.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-21993 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241",
+ "vulnerability_id": "CVE-2025-22020",
+ "name": "CVE-2025-22020",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-22020.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-22020 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: ""Some memory may share the same node as a CPU, and others are provided as memory only nodes."" Therefore, some node CPU masks may be empty and wouldn't have a ""first CPU"". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds",
+ "vulnerability_id": "CVE-2025-21991",
+ "name": "CVE-2025-21991",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path":null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-21991.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-21991 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs ""ea_get: invalid extended attribute"" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1.",
+ "vulnerability_id": "CVE-2025-39735",
+ "name": "CVE-2025-39735",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.1,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.1,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-39735.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-39735 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.core_packages.json b/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.core_packages.json
index 4d4f07579a79..dc23a47b20d2 100644
--- a/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.core_packages.json
+++ b/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.core_packages.json
@@ -13,7 +13,7 @@
"version_specifier":">=1.24.3,<2.0"
},
"protobuf":{
- "version_specifier":">=3.20.3,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0"
+ "version_specifier":"==5.29.5"
},
"falcon":{
"version_specifier":"==3.1.0"
diff --git a/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json b/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
index 8cd50f3a3742..a6d9eb7a1c91 100644
--- a/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
+++ b/tensorflow/inference/docker/2.18/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
@@ -379,5 +379,232 @@
"title": "CVE-2023-28617 - emacs, emacs-common and 1 more",
"reason_to_ignore": "N/A"
}
+ ],
+ "linux-libc-dev": [
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 c3 cc",
+ "vulnerability_id": "CVE-2024-53168",
+ "name": "CVE-2024-53168",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-53168.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-53168 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&server->mid_lock); spin_lock(&cifs_tcp_ses_lock) spin_lock(&server->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) deadlock",
+ "vulnerability_id": "CVE-2023-52757",
+ "name": "CVE-2023-52757",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52757.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2023-52757 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if puting a 'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(), and executing the following script: $ echo function_graph > current_tracer $ cat trace > /dev/null & $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point $ echo timerlat > current_tracer The root cause lies in the two calls to print_graph_function_flags within print_trace_line during each s_show(): * One through 'iter->trace->print_line()'; * Another through 'event->funcs->trace()', which is hidden in print_trace_fmt() before print_trace_line returns. Tracer switching only updates the former, while the latter continues to use the print_line function of the old tracer, which in the script above is print_graph_function_flags. Moreover, when switching from the",
+ "vulnerability_id": "CVE-2025-22035",
+ "name": "CVE-2025-22035",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-22035.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-22035 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54",
+ "vulnerability_id": "CVE-2024-49950",
+ "name": "CVE-2024-49950",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-49950.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-49950 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null",
+ "vulnerability_id": "CVE-2024-50047",
+ "name": "CVE-2024-50047",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-50047.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2024-50047 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message.",
+ "vulnerability_id": "CVE-2025-21993",
+ "name": "CVE-2025-21993",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.1,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.1,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-21993.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-21993 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241",
+ "vulnerability_id": "CVE-2025-22020",
+ "name": "CVE-2025-22020",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-22020.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-22020 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: ""Some memory may share the same node as a CPU, and others are provided as memory only nodes."" Therefore, some node CPU masks may be empty and wouldn't have a ""first CPU"". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds",
+ "vulnerability_id": "CVE-2025-21991",
+ "name": "CVE-2025-21991",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path":null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.8,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.8,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-21991.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-21991 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ },
+ {
+ "description": "In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs ""ea_get: invalid extended attribute"" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1.",
+ "vulnerability_id": "CVE-2025-39735",
+ "name": "CVE-2025-39735",
+ "package_name": "linux-libc-dev",
+ "package_details": {
+ "file_path": null,
+ "name": "linux-libc-dev",
+ "package_manager": "OS",
+ "version": "5.4.0",
+ "release": "216.236"
+ },
+ "remediation": {"recommendation": {"text": "None Provided"}},
+ "cvss_v3_score": 7.1,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 7.1,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-39735.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-39735 - linux-libc-dev",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/tensorflow/inference/docker/2.19/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json b/tensorflow/inference/docker/2.19/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
new file mode 100644
index 000000000000..b1749544dbc9
--- /dev/null
+++ b/tensorflow/inference/docker/2.19/py3/Dockerfile.sagemaker.arm64.cpu.os_scan_allowlist.json
@@ -0,0 +1,64 @@
+{
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tensorflow/inference/docker/2.19/py3/cu122/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/tensorflow/inference/docker/2.19/py3/cu122/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
index 73a92fd91c64..5f9c8b9f3b42 100644
--- a/tensorflow/inference/docker/2.19/py3/cu122/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
+++ b/tensorflow/inference/docker/2.19/py3/cu122/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -475,5 +475,67 @@
"title": "CVE-2022-2068 - openssl",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/tensorflow/training/docker/2.18/py3/Dockerfile.cpu b/tensorflow/training/docker/2.18/py3/Dockerfile.cpu
index d9b5d9db780e..04a7eae8d4cc 100644
--- a/tensorflow/training/docker/2.18/py3/Dockerfile.cpu
+++ b/tensorflow/training/docker/2.18/py3/Dockerfile.cpu
@@ -279,8 +279,9 @@ RUN $PYTHON -m pip install --no-cache-dir -U \
RUN $PYTHON -m pip install --no-cache-dir -U \
sagemaker-experiments==0.1.45
+#pinning old version because of protobuf dependency with tensorflow-metadata
RUN $PYTHON -m pip install --no-cache-dir -U \
- sagemaker-training
+ sagemaker-training==4.8.4
RUN $PYTHON -m pip install --no-cache-dir -U \
sagemaker-tensorflow-training==20.4.1
diff --git a/tensorflow/training/docker/2.18/py3/Dockerfile.sagemaker.cpu.core_packages.json b/tensorflow/training/docker/2.18/py3/Dockerfile.sagemaker.cpu.core_packages.json
index 394e26d53027..e6519149d65d 100644
--- a/tensorflow/training/docker/2.18/py3/Dockerfile.sagemaker.cpu.core_packages.json
+++ b/tensorflow/training/docker/2.18/py3/Dockerfile.sagemaker.cpu.core_packages.json
@@ -18,7 +18,7 @@
"version_specifier": "==20.4.1"
},
"sagemaker-training": {
- "version_specifier": ">=4.8.3"
+ "version_specifier": "==4.8.4"
},
"sagemaker-studio-analytics-extension": {
"version_specifier": "<1"
diff --git a/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.gpu b/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.gpu
index b36bf675d946..1d57bc1710e1 100644
--- a/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.gpu
+++ b/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.gpu
@@ -367,7 +367,7 @@ RUN ${PIP} install --no-cache-dir -U \
"tensorflow-datasets==4.9.7"
RUN $PYTHON -m pip install --no-cache-dir -U \
- numba==0.61.0 \
+ numba \
bokeh \
imageio \
opencv-python \
@@ -382,8 +382,9 @@ RUN $PYTHON -m pip install --no-cache-dir -U \
RUN $PYTHON -m pip install --no-cache-dir -U \
sagemaker-experiments==0.1.45
+#pinning old version because of protobuf dependency with tensorflow-metadata
RUN $PYTHON -m pip install --no-cache-dir -U \
- sagemaker-training
+ sagemaker-training==4.8.4
RUN $PYTHON -m pip install --no-cache-dir -U \
sagemaker-tensorflow-training==20.4.1
diff --git a/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json b/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json
index c37b0a7bca6c..1fed8908ef42 100644
--- a/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json
+++ b/tensorflow/training/docker/2.18/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json
@@ -18,7 +18,7 @@
"version_specifier": "==20.4.1"
},
"sagemaker-training": {
- "version_specifier": ">=4.8.3"
+ "version_specifier": "==4.8.4"
},
"sagemaker-studio-analytics-extension": {
"version_specifier": "<1"
diff --git a/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json b/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
index 540973552e6e..11ee152c09e9 100644
--- a/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
+++ b/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
@@ -211,5 +211,67 @@
"status": "ACTIVE",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
index 540973552e6e..11ee152c09e9 100644
--- a/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
+++ b/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -211,5 +211,67 @@
"status": "ACTIVE",
"reason_to_ignore": "N/A"
}
+ ],
+ "dpkg": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "dpkg",
+ "package_details": {
+ "file_path": null,
+ "name": "dpkg",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
+ ],
+ "libdpkg-perl": [
+ {
+ "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.",
+ "vulnerability_id": "CVE-2025-6297",
+ "name": "CVE-2025-6297",
+ "package_name": "libdpkg-perl",
+ "package_details": {
+ "file_path": null,
+ "name": "libdpkg-perl",
+ "package_manager": "OS",
+ "version": "1.21.1ubuntu2.3",
+ "release": null
+ },
+ "remediation": {
+ "recommendation": {
+ "text": "None Provided"
+ }
+ },
+ "cvss_v3_score": 8.2,
+ "cvss_v30_score": 0.0,
+ "cvss_v31_score": 8.2,
+ "cvss_v2_score": 0.0,
+ "cvss_v3_severity": "HIGH",
+ "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-6297.html",
+ "source": "UBUNTU_CVE",
+ "severity": "HIGH",
+ "status": "ACTIVE",
+ "title": "CVE-2025-6297 - dpkg, libdpkg-perl",
+ "reason_to_ignore": "N/A"
+ }
]
}
diff --git a/test/dlc_tests/benchmark/sagemaker/mxnet/training/test_performance_mxnet_sm_training.py b/test/dlc_tests/benchmark/sagemaker/mxnet/training/test_performance_mxnet_sm_training.py
index ae84728a3f32..767f1cbfd338 100644
--- a/test/dlc_tests/benchmark/sagemaker/mxnet/training/test_performance_mxnet_sm_training.py
+++ b/test/dlc_tests/benchmark/sagemaker/mxnet/training/test_performance_mxnet_sm_training.py
@@ -71,7 +71,7 @@ def test_mxnet_sagemaker_training_performance(
with ctx.cd(test_dir), ctx.prefix(f"source {venv_dir}/bin/activate"):
log_file = f"results-{commit_info}-{time_str}-{num_nodes}-node.txt"
run_out = ctx.run(
- f"timeout 90m python mx_sm_benchmark.py "
+ f"timeout 90m python3 mx_sm_benchmark.py "
f"--framework-version {framework_version} "
f"--image-uri {mxnet_training} "
f"--instance-type ml.{ec2_instance_type} "
diff --git a/test/dlc_tests/conftest.py b/test/dlc_tests/conftest.py
index dc6fc2ea624e..85d699b4bfc6 100644
--- a/test/dlc_tests/conftest.py
+++ b/test/dlc_tests/conftest.py
@@ -804,12 +804,11 @@ def delete_s3_artifact_copy():
request.addfinalizer(delete_s3_artifact_copy)
- python_version = "3.9"
if is_neuron_image(request.fixturenames):
# neuron still support tf1.15 and that is only there in py37 and less.
# so use python3.7 for neuron
python_version = "3.7"
- ec2_utils.install_python_in_instance(conn, python_version=python_version)
+ ec2_utils.install_python_in_instance(conn, python_version=python_version)
conn.run(
f"aws s3 cp --recursive {test_utils.TEST_TRANSFER_S3_BUCKET}/{artifact_folder} $HOME/container_tests"
diff --git a/test/dlc_tests/ec2/tensorflow/inference/test_tensorflow_inference.py b/test/dlc_tests/ec2/tensorflow/inference/test_tensorflow_inference.py
index 0fc3fab46be2..65018c591ccd 100644
--- a/test/dlc_tests/ec2/tensorflow/inference/test_tensorflow_inference.py
+++ b/test/dlc_tests/ec2/tensorflow/inference/test_tensorflow_inference.py
@@ -483,7 +483,7 @@ def run_ec2_tensorflow_inference(
def train_mnist_model(serving_folder_path, ec2_connection):
ec2_connection.run(f"cd {serving_folder_path}")
mnist_script_path = f"{serving_folder_path}/tensorflow_serving/example/mnist_saved_model.py"
- ec2_connection.run(f"python {mnist_script_path} {serving_folder_path}/models/mnist", hide=True)
+ ec2_connection.run(f"python3 {mnist_script_path} {serving_folder_path}/models/mnist", hide=True)
def host_setup_for_tensorflow_inference(
diff --git a/test/dlc_tests/ec2/tensorflow/training/test_tensorflow_training.py b/test/dlc_tests/ec2/tensorflow/training/test_tensorflow_training.py
index 5bc807f2436a..f81ce4a6e496 100644
--- a/test/dlc_tests/ec2/tensorflow/training/test_tensorflow_training.py
+++ b/test/dlc_tests/ec2/tensorflow/training/test_tensorflow_training.py
@@ -480,12 +480,12 @@ def test_tensorflow_io_s3_plugin_cpu(
# Helper function to test data service
def run_data_service_test(ec2_connection, tensorflow_training, cmd):
_, tensorflow_version = test_utils.get_framework_and_version_from_tag(tensorflow_training)
- ec2_connection.run(f"python -m pip install --upgrade pip")
- ec2_connection.run(f"python -m pip install tensorflow=={tensorflow_version}")
- ec2_connection.run(f"python -m pip install 'protobuf<4'")
+ ec2_connection.run(f"python3 -m pip install --upgrade pip")
+ ec2_connection.run(f"python3 -m pip install tensorflow=={tensorflow_version}")
+ ec2_connection.run(f"python3 -m pip install 'protobuf<4'")
container_test_local_dir = os.path.join("$HOME", "container_tests")
ec2_connection.run(
- f"cd {container_test_local_dir}/bin && screen -d -m python start_dataservice.py"
+ f"cd {container_test_local_dir}/bin && screen -d -m python3 start_dataservice.py"
)
execute_ec2_training_test(ec2_connection, tensorflow_training, cmd, host_network=True)
diff --git a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_decoder_hosting.py b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_decoder_hosting.py
index b731d520590e..b668643c3e83 100644
--- a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_decoder_hosting.py
+++ b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_decoder_hosting.py
@@ -145,6 +145,7 @@ def _test_pt_neuronx(
initial_instance_count=1,
instance_type=instance_type,
endpoint_name=endpoint_name,
+ inference_ami_version="al2-ami-sagemaker-inference-neuron-2",
)
data = {"inputs": "I really wish "}
diff --git a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_encoder_hosting.py b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_encoder_hosting.py
index 16ae18326f5c..069feee508b2 100644
--- a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_encoder_hosting.py
+++ b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_encoder_hosting.py
@@ -145,6 +145,7 @@ def _test_pt_neuronx(
initial_instance_count=1,
instance_type=instance_type,
endpoint_name=endpoint_name,
+ inference_ami_version="al2-ami-sagemaker-inference-neuron-2",
)
data = {"inputs": "Hamilton is considered to be the best musical of human history."}
diff --git a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_no_context.py b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_no_context.py
index 1a298087baf2..277d63b2688b 100644
--- a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_no_context.py
+++ b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_no_context.py
@@ -127,6 +127,7 @@ def _test_sentence_transformers(
initial_instance_count=1,
instance_type=instance_type,
endpoint_name=endpoint_name,
+ inference_ami_version="al2-ami-sagemaker-inference-neuron-2",
)
predictor.serializer = IdentitySerializer(content_type="application/json")
diff --git a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_sdxl_hosting.py b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_sdxl_hosting.py
index a29665a48150..5cd464303942 100644
--- a/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_sdxl_hosting.py
+++ b/test/sagemaker_tests/huggingface/inference/integration/sagemaker/test_neuronx_sdxl_hosting.py
@@ -146,6 +146,7 @@ def _test_pt_neuronx(
initial_instance_count=1,
instance_type=instance_type,
endpoint_name=endpoint_name,
+ inference_ami_version="al2-ami-sagemaker-inference-neuron-2",
)
data = {"inputs": "Astronaut in a jungle, cold color palette, muted colors, detailed, 8k"}
diff --git a/test/test_utils/__init__.py b/test/test_utils/__init__.py
index 18842c9ed8dd..22b9bd3cbf04 100644
--- a/test/test_utils/__init__.py
+++ b/test/test_utils/__init__.py
@@ -1699,7 +1699,7 @@ def setup_sm_benchmark_tf_train_env(resources_location, setup_tf1_env, setup_tf2
).stdout.strip("\n")
system = ctx.run("uname -s").stdout.strip("\n")
sed_input_arg = "'' " if system == "Darwin" else ""
- ctx.run(f"sed -i {sed_input_arg}'s/\[2, 1, 0\]/\[2, 1, 1\]/g' {estimator_location}")
+ ctx.run(f"sed -i {sed_input_arg}'s/\\[2, 1, 0\\]/\\[2, 1, 1\\]/g' {estimator_location}")
return venv_dir
diff --git a/test/vllm/ec2/test_artifacts/test_ec2.py b/test/vllm/ec2/test_artifacts/test_ec2.py
index 91dd079f3f05..1f27c88aecaf 100644
--- a/test/vllm/ec2/test_artifacts/test_ec2.py
+++ b/test/vllm/ec2/test_artifacts/test_ec2.py
@@ -8,12 +8,7 @@
from contextlib import contextmanager
from typing import Optional, Tuple
-from test.test_utils.ec2 import (
- get_account_id_from_image_uri,
- login_to_ecr_registry,
- get_ec2_client,
- install_python_in_instance,
-)
+from test.test_utils.ec2 import get_account_id_from_image_uri, login_to_ecr_registry, get_ec2_client
from test.vllm.ec2.utils.fsx_utils import FsxSetup
from test.vllm.ec2.infra.setup_ec2 import cleanup_resources, TEST_ID
@@ -122,7 +117,6 @@ def test_vllm_benchmark_on_multi_node(head_connection, worker_connection, image_
raise Exception("Failed to get HF token")
for conn in [head_connection, worker_connection]:
- install_python_in_instance(conn, "3.10")
setup_docker_image(conn, image_uri)
setup_env(conn)
@@ -257,8 +251,6 @@ def run_single_node_test(head_conn, image_uri):
raise Exception(f"GPU setup verification failed for head node")
try:
- install_python_in_instance(head_conn, python_version="3.10")
-
response = get_secret_hf_token()
hf_token = response.get("HF_TOKEN")
diff --git a/vllm/CHANGELOG.md b/vllm/CHANGELOG.md
index 356e592cd4c5..281558999808 100644
--- a/vllm/CHANGELOG.md
+++ b/vllm/CHANGELOG.md
@@ -2,14 +2,28 @@
All notable changes to vLLM Deep Learning Containers will be documented in this file.
+## [0.10.2] - 2025-09-18
+### Updated
+- vllm/vllm-openai version `v0.10.2`, see [release note](https://github.com/vllm-project/vllm/releases/tag/v0.10.2) for details.
+
+### Added
+- Introducing vLLM ARM64 support for AWS Graviton (g5g) with NVIDIA T4 GPUs, using XFormers/FlashInfer as attention backend and V0 engine for Turing architecture compatibility - [release tag](https://github.com/aws/deep-learning-containers/releases/tag/v1.1-vllm-arm64-ec2-0.10.2-gpu-py312)
+
+### Sample ECR URI
+```
+763104351884.dkr.ecr.us-west-2.amazonaws.com/vllm-arm64:0.10.2-gpu-py312-cu129-ubuntu22.04-ec2-v1.1
+763104351884.dkr.ecr.us-west-2.amazonaws.com/vllm:0.10.2-gpu-py312-cu129-ubuntu22.04-ec2-v1.0
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.10.2-gpu-py312-cu129-ubuntu22.04-ec2
+```
+
## [0.10.1] - 2025-08-25
### Updated
- vllm/vllm-openai version `v0.10.1.1`, see [release note](https://github.com/vllm-project/vllm/releases/tag/v0.10.1.1) for details.
- EFA installer version `1.43.2`
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.10-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.10.1-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.10-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.10.1-gpu-py312-cu128-ubuntu22.04-ec2
```
## [0.10.0] - 2025-08-04
@@ -18,8 +32,8 @@ All notable changes to vLLM Deep Learning Containers will be documented in this
- EFA installer version `1.43.1`
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.10-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.10.0-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.10-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.10.0-gpu-py312-cu128-ubuntu22.04-ec2
```
## [0.9.2] - 2025-07-15
@@ -27,8 +41,8 @@ All notable changes to vLLM Deep Learning Containers will be documented in this
- vllm/vllm-openai version `v0.9.2`, see [release note](https://github.com/vllm-project/vllm/releases/tag/v0.9.2) for details.
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9.2-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9.2-gpu-py312-cu128-ubuntu22.04-ec2
```
## [0.9.1] - 2025-06-13
@@ -37,8 +51,8 @@ All notable changes to vLLM Deep Learning Containers will be documented in this
- EFA installer version `1.42.0`
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9.1-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9.1-gpu-py312-cu128-ubuntu22.04-ec2
```
@@ -48,8 +62,8 @@ All notable changes to vLLM Deep Learning Containers will be documented in this
- EFA installer version `1.41.0`
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.9.0-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.9.0-gpu-py312-cu128-ubuntu22.04-ec2
```
## [0.8.5] - 2025-06-02
@@ -59,6 +73,6 @@ All notable changes to vLLM Deep Learning Containers will be documented in this
- EFA installer version `1.40.0`
### Sample ECR URI
```
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.8-gpu-py312-ec2
-763104351884.dkr.ecr.us-east-1.amazonaws.com/0.8.5-gpu-py312-cu128-ubuntu22.04-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.8-gpu-py312-ec2
+763104351884.dkr.ecr.us-east-1.amazonaws.com/vllm:0.8.5-gpu-py312-cu128-ubuntu22.04-ec2
```
\ No newline at end of file