diff --git a/autogluon/inference/buildspec-1-4-0.yml b/autogluon/inference/buildspec-1-4-0.yml new file mode 100644 index 000000000000..160203fcad97 --- /dev/null +++ b/autogluon/inference/buildspec-1-4-0.yml @@ -0,0 +1,53 @@ +account_id: &ACCOUNT_ID +region: ®ION +framework: &FRAMEWORK autogluon +version: &VERSION 1.4.0 +short_version: &SHORT_VERSION 1.4 +arch_type: x86 + +repository_info: + inference_repository: &INFERENCE_REPOSITORY + image_type: &INFERENCE_IMAGE_TYPE inference + root: !join [ *FRAMEWORK, "/", *INFERENCE_IMAGE_TYPE ] + repository_name: &REPOSITORY_NAME !join [pr, "-", *FRAMEWORK, "-", *INFERENCE_IMAGE_TYPE] + repository: &REPOSITORY !join [ *ACCOUNT_ID, .dkr.ecr., *REGION, .amazonaws.com/, *REPOSITORY_NAME ] + +context: + inference_context: &INFERENCE_CONTEXT + torchserve-entrypoint: + source: ../build_artifacts/inference/torchserve-entrypoint.py + target: torchserve-entrypoint.py + config: + source: ../build_artifacts/inference/config.properties + target: config.properties + deep_learning_container: + source: ../../src/deep_learning_container.py + target: deep_learning_container.py + +images: + BuildAutogluonCPUInferencePy3DockerImage: + <<: *INFERENCE_REPOSITORY + build: &AUTOGLUON_CPU_INFERENCE_PY3 false + image_size_baseline: 6399 + device_type: &DEVICE_TYPE cpu + python_version: &DOCKER_PYTHON_VERSION py3 + tag_python_version: &TAG_PYTHON_VERSION py311 + os_version: &OS_VERSION ubuntu22.04 + tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ] + docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ] + context: + <<: *INFERENCE_CONTEXT + + BuildAutogluonGPUInferencePy3DockerImage: + <<: *INFERENCE_REPOSITORY + build: &AUTOGLUON_GPU_INFERENCE_PY3 false + image_size_baseline: 19456 + device_type: &DEVICE_TYPE gpu + python_version: &DOCKER_PYTHON_VERSION py3 + tag_python_version: &TAG_PYTHON_VERSION py311 + cuda_version: &CUDA_VERSION cu124 + os_version: &OS_VERSION ubuntu22.04 + tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ] + docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile., *DEVICE_TYPE ] + context: + <<: *INFERENCE_CONTEXT diff --git a/autogluon/inference/buildspec.yml b/autogluon/inference/buildspec.yml index 160203fcad97..b700475358dd 100644 --- a/autogluon/inference/buildspec.yml +++ b/autogluon/inference/buildspec.yml @@ -1,8 +1,8 @@ account_id: &ACCOUNT_ID region: ®ION framework: &FRAMEWORK autogluon -version: &VERSION 1.4.0 -short_version: &SHORT_VERSION 1.4 +version: &VERSION 1.5.0 +short_version: &SHORT_VERSION 1.5 arch_type: x86 repository_info: @@ -31,7 +31,7 @@ images: image_size_baseline: 6399 device_type: &DEVICE_TYPE cpu python_version: &DOCKER_PYTHON_VERSION py3 - tag_python_version: &TAG_PYTHON_VERSION py311 + tag_python_version: &TAG_PYTHON_VERSION py312 os_version: &OS_VERSION ubuntu22.04 tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ] docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ] @@ -44,7 +44,7 @@ images: image_size_baseline: 19456 device_type: &DEVICE_TYPE gpu python_version: &DOCKER_PYTHON_VERSION py3 - tag_python_version: &TAG_PYTHON_VERSION py311 + tag_python_version: &TAG_PYTHON_VERSION py312 cuda_version: &CUDA_VERSION cu124 os_version: &OS_VERSION ubuntu22.04 tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ] diff --git a/autogluon/inference/docker/1.5/py3/Dockerfile.cpu b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu new file mode 100644 index 000000000000..e5f19872f7bb --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu @@ -0,0 +1,54 @@ +ARG PYTHON_VERSION=3.12.12 + +FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.6.0-cpu-py312-ubuntu22.04-sagemaker + +# Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT +# https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html +LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true +# Specify multi-models LABEL to indicate container is capable of loading and serving multiple models concurrently +# https://docs.aws.amazon.com/sagemaker/latest/dg/build-multi-model-build-container.html +LABEL com.amazonaws.sagemaker.capabilities.multi-models=true + +LABEL maintainer="Amazon AI" +LABEL dlc_major_version="1" + +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get autoremove -y \ + && apt-get install tesseract-ocr -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ARG AUTOGLUON_VERSION=1.5.0 + +# Upgrading pip and installing/updating Python dependencies +# Comments are added to explain the reason behind each update +RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.pythonhosted.org pip \ + && pip install --no-cache-dir -U wheel \ + && pip uninstall -y dataclasses \ + # Install AutoGluon, ensuring no vulnerable dependencies are left behind + && pip install --no-cache-dir -U autogluon==${AUTOGLUON_VERSION} \ + && pip install --no-cache-dir "ninja<1.11.1.1" + + + +# add TS entrypoint +COPY config.properties /home/model-server + +COPY torchserve-entrypoint.py /usr/local/bin/dockerd-entrypoint.py +RUN chmod +x /usr/local/bin/dockerd-entrypoint.py + +RUN HOME_DIR=/root \ + && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \ + && unzip -o ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \ + && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \ + && chmod +x /usr/local/bin/testOSSCompliance \ + && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \ + && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} python \ + && rm -rf ${HOME_DIR}/oss_compliance* + +RUN curl -o /licenses-autogluon.txt https://autogluon.s3.us-west-2.amazonaws.com/licenses/THIRD-PARTY-LICENSES.txt + +EXPOSE 8080 8081 +ENTRYPOINT ["python", "/usr/local/bin/dockerd-entrypoint.py"] +CMD ["torchserve", "--start", "--ts-config", "/home/model-server/config.properties", "--model-store", "/home/model-server/"] diff --git a/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json new file mode 100644 index 000000000000..3adc72cb415e --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json @@ -0,0 +1,509 @@ +{ + "linux": [ + { + "description": " In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_p", + "vulnerability_id": "CVE-2024-26898", + "name": "CVE-2024-26898", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26898.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26898 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\") 1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_", + "vulnerability_id": "CVE-2024-26882", + "name": "CVE-2024-26882", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26882.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26882 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.", + "vulnerability_id": "CVE-2024-26884", + "name": "CVE-2024-26884", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26884.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26884 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: fff", + "vulnerability_id": "CVE-2023-52434", + "name": "CVE-2023-52434", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8, + "cvss_v30_score": 0, + "cvss_v31_score": 8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52434.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52434 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.co", + "vulnerability_id": "CVE-2022-48674", + "name": "CVE-2022-48674", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-48674.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2022-48674 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5", + "vulnerability_id": "CVE-2023-52752", + "name": "CVE-2023-52752", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52752.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52752 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.", + "vulnerability_id": "CVE-2024-36971", + "name": "CVE-2024-36971", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-36971.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-36971 - linux", + "reason_to_ignore": "No fix provided" + } + ], + "ray": [ + { + "description": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", + "vulnerability_id": "CVE-2023-48022", + "name": "CVE-2023-48022", + "package_name": "ray", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray-2.10.0.dist-info/METADATA", + "name": "ray", + "package_manager": "PYTHONPKG", + "version": "2.10.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2023-48022 - ray", + "reason_to_ignore": "fix not available yet, autogluon uses Ray < 2.11" + } + ], + "idna": [ + { + "description": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", + "vulnerability_id": "CVE-2024-3651", + "name": "CVE-2024-3651", + "package_name": "idna", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/METADATA", + "name": "idna", + "package_manager": "PYTHONPKG", + "version": "3.6", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-3651 - idna", + "reason_to_ignore": "this is as false positive as autogluon uses idna >=3.7" + } + ], + "transformers": [ + { + "description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.", + "vulnerability_id": "CVE-2024-11393", + "name": "CVE-2024-11393", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11393", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11393 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.", + "vulnerability_id": "CVE-2024-11392", + "name": "CVE-2024-11392", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11392", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11392 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.", + "vulnerability_id": "CVE-2024-11394", + "name": "CVE-2024-11394", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11394", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11394 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "vulnerability_id": "CVE-2025-2099", + "name": "CVE-2025-2099", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2099", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-2099 - transformers", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + }, + { + "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "vulnerability_id": "CVE-2025-3262", + "name": "CVE-2025-3262", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3262", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-3262 - transformers", + "reason_to_ignore": "No fix provided" + } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } + ], + "torch": [ + { + "description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.", + "vulnerability_id": "CVE-2025-32434", + "name": "CVE-2025-32434", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.5.1+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.5.1+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-32434 - torch", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ], + "aiohttp": [ + { + "description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.", + "vulnerability_id": "CVE-2025-69223", + "name": "CVE-2025-69223", + "package_name": "aiohttp", + "package_details": { + "file_path": "/usr/local/lib/python3.12/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.13.2.dist-info/METADATA", + "name": "aiohttp", + "package_manager": "PYTHON", + "version": "3.13.2", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-69223 - aiohttp", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ] +} \ No newline at end of file diff --git a/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json new file mode 100644 index 000000000000..c01c8ae681d0 --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json @@ -0,0 +1,11 @@ +{ + "65189": "Ray - autogluon uses ray >=2.10,< 2.45", + "77149": "Transformers - ReDoS vulnerability in GPT-NeoX-Japanese tokenizer that autogluon doesn't use", + "77714": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "77985": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.", + "77988": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.", + "77990": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "78153": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json() method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.", + "77986": "Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.", + "84031" : "urllib3 - dependency conflict" +} \ No newline at end of file diff --git a/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu new file mode 100644 index 000000000000..6640d64f1469 --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu @@ -0,0 +1,54 @@ +ARG CUDA_VER=12.4 +ARG PYTHON_VERSION=3.12.12 + +FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.6.0-gpu-py312-cu124-ubuntu22.04-sagemaker + +# Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT +# https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html +LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true +# Specify multi-models LABEL to indicate container is capable of loading and serving multiple models concurrently +# https://docs.aws.amazon.com/sagemaker/latest/dg/build-multi-model-build-container.html +LABEL com.amazonaws.sagemaker.capabilities.multi-models=true + +LABEL maintainer="Amazon AI" +LABEL dlc_major_version="1" + +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get autoremove -y \ + && apt-get install tesseract-ocr -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ARG AUTOGLUON_VERSION=1.5.0 + + +# Upgrading pip and installing/updating Python dependencies +# Comments are added to explain the reason behind each update +RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.pythonhosted.org pip \ + && pip install --no-cache-dir -U wheel \ + && pip uninstall -y dataclasses \ + && pip install --no-cache-dir -U autogluon==${AUTOGLUON_VERSION} \ + && pip install --no-cache-dir "ninja<1.11.1.1" + + +# add TS entrypoint +COPY config.properties /home/model-server + +COPY torchserve-entrypoint.py /usr/local/bin/dockerd-entrypoint.py +RUN chmod +x /usr/local/bin/dockerd-entrypoint.py + +RUN HOME_DIR=/root \ + && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \ + && unzip -o ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \ + && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \ + && chmod +x /usr/local/bin/testOSSCompliance \ + && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \ + && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} python \ + && rm -rf ${HOME_DIR}/oss_compliance* + +RUN curl -o /licenses-autogluon.txt https://autogluon.s3.us-west-2.amazonaws.com/licenses/THIRD-PARTY-LICENSES.txt + +EXPOSE 8080 8081 +ENTRYPOINT ["python", "/usr/local/bin/dockerd-entrypoint.py"] +CMD ["torchserve", "--start", "--ts-config", "/home/model-server/config.properties", "--model-store", "/home/model-server/"] diff --git a/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json new file mode 100644 index 000000000000..eab4f3184ddb --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.os_scan_allowlist.json @@ -0,0 +1,509 @@ +{ + "linux": [ + { + "description": " In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.", + "vulnerability_id": "CVE-2024-26884", + "name": "CVE-2024-26884", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26884.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26884 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_p", + "vulnerability_id": "CVE-2024-26898", + "name": "CVE-2024-26898", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26898.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26898 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\") 1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_", + "vulnerability_id": "CVE-2024-26882", + "name": "CVE-2024-26882", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26882.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26882 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: fff", + "vulnerability_id": "CVE-2023-52434", + "name": "CVE-2023-52434", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8, + "cvss_v30_score": 0, + "cvss_v31_score": 8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52434.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52434 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.co", + "vulnerability_id": "CVE-2022-48674", + "name": "CVE-2022-48674", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-48674.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2022-48674 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5", + "vulnerability_id": "CVE-2023-52752", + "name": "CVE-2023-52752", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52752.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52752 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.", + "vulnerability_id": "CVE-2024-36971", + "name": "CVE-2024-36971", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-36971.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-36971 - linux", + "reason_to_ignore": "No fix provided" + } + ], + "ray": [ + { + "description": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", + "vulnerability_id": "CVE-2023-48022", + "name": "CVE-2023-48022", + "package_name": "ray", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray-2.10.0.dist-info/METADATA", + "name": "ray", + "package_manager": "PYTHONPKG", + "version": "2.10.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2023-48022 - ray", + "reason_to_ignore": "fix not available yet, autogluon uses Ray < 2.11" + } + ], + "idna": [ + { + "description": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", + "vulnerability_id": "CVE-2024-3651", + "name": "CVE-2024-3651", + "package_name": "idna", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/METADATA", + "name": "idna", + "package_manager": "PYTHONPKG", + "version": "3.6", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-3651 - idna", + "reason_to_ignore": "this is as false positive as autogluon uses idna >=3.7" + } + ], + "transformers": [ + { + "description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.", + "vulnerability_id": "CVE-2024-11393", + "name": "CVE-2024-11393", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11393", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11393 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.", + "vulnerability_id": "CVE-2024-11392", + "name": "CVE-2024-11392", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11392", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11392 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.", + "vulnerability_id": "CVE-2024-11394", + "name": "CVE-2024-11394", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11394", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11394 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "vulnerability_id": "CVE-2025-2099", + "name": "CVE-2025-2099", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2099", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-2099 - transformers", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + }, + { + "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "vulnerability_id": "CVE-2025-3262", + "name": "CVE-2025-3262", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3262", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-3262 - transformers", + "reason_to_ignore": "No fix provided" + } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } + ], + "torch": [ + { + "description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.", + "vulnerability_id": "CVE-2025-32434", + "name": "CVE-2025-32434", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.5.1+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.5.1+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-32434 - torch", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ], + "aiohttp": [ + { + "description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.", + "vulnerability_id": "CVE-2025-69223", + "name": "CVE-2025-69223", + "package_name": "aiohttp", + "package_details": { + "file_path": "/usr/local/lib/python3.12/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.13.2.dist-info/METADATA", + "name": "aiohttp", + "package_manager": "PYTHON", + "version": "3.13.2", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-69223 - aiohttp", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ] +} \ No newline at end of file diff --git a/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.py_scan_allowlist.json b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.py_scan_allowlist.json new file mode 100644 index 000000000000..c01c8ae681d0 --- /dev/null +++ b/autogluon/inference/docker/1.5/py3/cu124/Dockerfile.gpu.py_scan_allowlist.json @@ -0,0 +1,11 @@ +{ + "65189": "Ray - autogluon uses ray >=2.10,< 2.45", + "77149": "Transformers - ReDoS vulnerability in GPT-NeoX-Japanese tokenizer that autogluon doesn't use", + "77714": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "77985": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.", + "77988": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.", + "77990": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "78153": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json() method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.", + "77986": "Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.", + "84031" : "urllib3 - dependency conflict" +} \ No newline at end of file diff --git a/autogluon/training/buildspec-1-4-0.yml b/autogluon/training/buildspec-1-4-0.yml new file mode 100644 index 000000000000..996669ccbf4e --- /dev/null +++ b/autogluon/training/buildspec-1-4-0.yml @@ -0,0 +1,50 @@ +account_id: &ACCOUNT_ID +region: ®ION +framework: &FRAMEWORK autogluon +version: &VERSION 1.4.0 +short_version: &SHORT_VERSION 1.4 +arch_type: x86 + +repository_info: + training_repository: &TRAINING_REPOSITORY + image_type: &TRAINING_IMAGE_TYPE training + root: !join [ *FRAMEWORK, "/", *TRAINING_IMAGE_TYPE ] + repository_name: &REPOSITORY_NAME !join [pr, "-", *FRAMEWORK, "-", *TRAINING_IMAGE_TYPE] + repository: &REPOSITORY !join [ *ACCOUNT_ID, .dkr.ecr., *REGION, .amazonaws.com/, *REPOSITORY_NAME ] + +context: + training_context: &TRAINING_CONTEXT + entrypoint: + source: docker/artifacts/dockerd-entrypoint.py + target: dockerd-entrypoint.py + deep_learning_container: + source: ../../src/deep_learning_container.py + target: deep_learning_container.py + +images: + BuildAutogluonCPUTrainPy3DockerImage: + <<: *TRAINING_REPOSITORY + build: &AUTOGLUON_CPU_TRAINING_PY3 false + image_size_baseline: 6825 + device_type: &DEVICE_TYPE cpu + python_version: &DOCKER_PYTHON_VERSION py3 + tag_python_version: &TAG_PYTHON_VERSION py311 + os_version: &OS_VERSION ubuntu22.04 + tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ] + docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ] + context: + <<: *TRAINING_CONTEXT + + BuildAutogluonGPUTrainPy3DockerImage: + <<: *TRAINING_REPOSITORY + build: &AUTOGLUON_GPU_TRAINING_PY3 false + image_size_baseline: 22500 + device_type: &DEVICE_TYPE gpu + python_version: &DOCKER_PYTHON_VERSION py3 + tag_python_version: &TAG_PYTHON_VERSION py311 + cuda_version: &CUDA_VERSION cu124 + os_version: &OS_VERSION ubuntu22.04 + tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ] + docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile., *DEVICE_TYPE ] + context: + <<: *TRAINING_CONTEXT diff --git a/autogluon/training/buildspec.yml b/autogluon/training/buildspec.yml index 996669ccbf4e..6e118ea75e1d 100644 --- a/autogluon/training/buildspec.yml +++ b/autogluon/training/buildspec.yml @@ -1,8 +1,8 @@ account_id: &ACCOUNT_ID region: ®ION framework: &FRAMEWORK autogluon -version: &VERSION 1.4.0 -short_version: &SHORT_VERSION 1.4 +version: &VERSION 1.5.0 +short_version: &SHORT_VERSION 1.5 arch_type: x86 repository_info: @@ -28,7 +28,7 @@ images: image_size_baseline: 6825 device_type: &DEVICE_TYPE cpu python_version: &DOCKER_PYTHON_VERSION py3 - tag_python_version: &TAG_PYTHON_VERSION py311 + tag_python_version: &TAG_PYTHON_VERSION py312 os_version: &OS_VERSION ubuntu22.04 tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ] docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ] @@ -38,11 +38,11 @@ images: BuildAutogluonGPUTrainPy3DockerImage: <<: *TRAINING_REPOSITORY build: &AUTOGLUON_GPU_TRAINING_PY3 false - image_size_baseline: 22500 + image_size_baseline: 33500 device_type: &DEVICE_TYPE gpu python_version: &DOCKER_PYTHON_VERSION py3 - tag_python_version: &TAG_PYTHON_VERSION py311 - cuda_version: &CUDA_VERSION cu124 + tag_python_version: &TAG_PYTHON_VERSION py312 + cuda_version: &CUDA_VERSION cu126 os_version: &OS_VERSION ubuntu22.04 tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ] docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile., *DEVICE_TYPE ] diff --git a/autogluon/training/docker/1.5/py3/Dockerfile.cpu b/autogluon/training/docker/1.5/py3/Dockerfile.cpu new file mode 100644 index 000000000000..1aba10b62226 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/Dockerfile.cpu @@ -0,0 +1,45 @@ +ARG PYTHON_VERSION=3.12.12 + +FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training:2.6.0-cpu-py312-ubuntu22.04-sagemaker + +# PYTORCH_SKIP_CUDNN_COMPATIBILITY_CHECK - see https://github.com/autogluon/autogluon/issues/2534 +# ENV PYTORCH_SKIP_CUDNN_COMPATIBILITY_CHECK=1 + +LABEL maintainer="Amazon AI" +LABEL dlc_major_version="1" + +# Install dependencies +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get install -y --no-install-recommends \ + && apt-get autoremove -y \ + # Install tesseract-ocr to support automm document classification + && apt-get install tesseract-ocr -y \ + # Install rsync to support ray distributed training + && apt-get install rsync -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ARG AUTOGLUON_VERSION=1.5.0 + +# Upgrading pip and installing/updating Python dependencies +# Comments are added to explain the reason behind each update. +RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.pythonhosted.org pip \ + && pip install --no-cache-dir -U wheel \ + && pip install --no-cache-dir -U autogluon==${AUTOGLUON_VERSION} \ + && pip install --no-cache-dir "pathos<0.3.3" + + +RUN HOME_DIR=/root \ + && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \ + && unzip -o ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \ + && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \ + && chmod +x /usr/local/bin/testOSSCompliance \ + && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \ + && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} python \ + && rm -rf ${HOME_DIR}/oss_compliance* \ + && rm -rf /tmp/tmp* + +RUN curl -o /licenses-autogluon.txt https://autogluon.s3.us-west-2.amazonaws.com/licenses/THIRD-PARTY-LICENSES.txt + +CMD ["/bin/bash"] diff --git a/autogluon/training/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json b/autogluon/training/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json new file mode 100644 index 000000000000..621935b023c9 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/Dockerfile.cpu.os_scan_allowlist.json @@ -0,0 +1,693 @@ +{ + "linux": [ + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\") 1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_", + "vulnerability_id": "CVE-2024-26882", + "name": "CVE-2024-26882", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26882.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26882 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_p", + "vulnerability_id": "CVE-2024-26898", + "name": "CVE-2024-26898", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26898.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26898 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.", + "vulnerability_id": "CVE-2024-26884", + "name": "CVE-2024-26884", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26884.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26884 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: fff", + "vulnerability_id": "CVE-2023-52434", + "name": "CVE-2023-52434", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8, + "cvss_v30_score": 0, + "cvss_v31_score": 8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52434.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52434 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.co", + "vulnerability_id": "CVE-2022-48674", + "name": "CVE-2022-48674", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-48674.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2022-48674 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5", + "vulnerability_id": "CVE-2023-52752", + "name": "CVE-2023-52752", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52752.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52752 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.", + "vulnerability_id": "CVE-2024-36971", + "name": "CVE-2024-36971", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-36971.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-36971 - linux", + "reason_to_ignore": "No fix provided" + } + ], + "ray": [ + { + "description": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", + "vulnerability_id": "CVE-2023-48022", + "name": "CVE-2023-48022", + "package_name": "ray", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray-2.10.0.dist-info/METADATA", + "name": "ray", + "package_manager": "PYTHONPKG", + "version": "2.10.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2023-48022 - ray", + "reason_to_ignore": "fix not available yet, autogluon uses Ray < 2.11" + } + ], + "idna": [ + { + "description": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", + "vulnerability_id": "CVE-2024-3651", + "name": "CVE-2024-3651", + "package_name": "idna", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/METADATA", + "name": "idna", + "package_manager": "PYTHONPKG", + "version": "3.6", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-3651 - idna", + "reason_to_ignore": "this is as false positive as autogluon uses idna >=3.7" + } + ], + "transformers": [ + { + "description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.", + "vulnerability_id": "CVE-2024-11393", + "name": "CVE-2024-11393", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11393", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11393 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.", + "vulnerability_id": "CVE-2024-11392", + "name": "CVE-2024-11392", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11392", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11392 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.", + "vulnerability_id": "CVE-2024-11394", + "name": "CVE-2024-11394", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11394", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11394 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "vulnerability_id": "CVE-2025-2099", + "name": "CVE-2025-2099", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2099", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-2099 - transformers", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + }, + { + "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "vulnerability_id": "CVE-2025-3262", + "name": "CVE-2025-3262", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3262", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-3262 - transformers", + "reason_to_ignore": "No fix provided" + } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } + ], + "torch": [ + { + "description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.", + "vulnerability_id": "CVE-2025-32434", + "name": "CVE-2025-32434", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.5.1+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.5.1+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-32434 - torch", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ], + "Brotli": [ + { + "description": "Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", + "vulnerability_id": "CVE-2025-6176", + "name": "CVE-2025-6176", + "package_name": "Brotli", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/brotli-1.1.0.dist-info/METADATA", + "name": "Brotli", + "package_manager": "PYTHON", + "version": "1.1.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 7.5, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-6176 - Brotli", + "reason_to_ignore": "N/A" + } + ], + "curl/libcurl": [ + { + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "vulnerability_id": "CVE-2025-9086", + "name": "CVE-2025-9086", + "package_name": "curl/libcurl", + "package_details": { + "file_path": "/opt/conda/include/curl/curlver.h", + "name": "curl/libcurl", + "package_manager": "GENERIC", + "version": "8.14.1", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-9086 - curl/libcurl", + "reason_to_ignore": "N/A" + } + ], + "fonttools": [ + { + "description": "fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.", + "vulnerability_id": "CVE-2025-66034", + "name": "CVE-2025-66034", + "package_name": "fonttools", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/fonttools-4.59.0.dist-info/METADATA", + "name": "fonttools", + "package_manager": "PYTHON", + "version": "4.59.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66034", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-66034 - fonttools", + "reason_to_ignore": "N/A" + } + ], + "openssl/openssl": [ + { + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "vulnerability_id": "CVE-2025-9230", + "name": "CVE-2025-9230", + "package_name": "openssl/openssl", + "package_details": { + "file_path": "/opt/conda/include/openssl/opensslv.h", + "name": "openssl/openssl", + "package_manager": "GENERIC", + "version": "3.5.1", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-9230 - openssl/openssl", + "reason_to_ignore": "N/A" + } + ], + "urllib3": [ + { + "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", + "vulnerability_id": "CVE-2025-66471", + "name": "CVE-2025-66471", + "package_name": "urllib3", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/urllib3-2.5.0.dist-info/METADATA", + "name": "urllib3", + "package_manager": "PYTHON", + "version": "2.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-66471 - urllib3", + "reason_to_ignore": "N/A" + }, + { + "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", + "vulnerability_id": "CVE-2025-66418", + "name": "CVE-2025-66418", + "package_name": "urllib3", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/urllib3-2.5.0.dist-info/METADATA", + "name": "urllib3", + "package_manager": "PYTHON", + "version": "2.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-66418 - urllib3", + "reason_to_ignore": "N/A" + } + ], + "aiohttp": [ + { + "description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.", + "vulnerability_id": "CVE-2025-69223", + "name": "CVE-2025-69223", + "package_name": "aiohttp", + "package_details": { + "file_path": "/usr/local/lib/python3.12/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.13.2.dist-info/METADATA", + "name": "aiohttp", + "package_manager": "PYTHON", + "version": "3.13.2", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-69223 - aiohttp", + "reason_to_ignore": "N/A" + } + ] +} \ No newline at end of file diff --git a/autogluon/training/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json b/autogluon/training/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json new file mode 100644 index 000000000000..c7c3c2eb8150 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/Dockerfile.cpu.py_scan_allowlist.json @@ -0,0 +1,18 @@ +{ + "65189": "Ray - autogluon uses ray >=2.10,< 2.45", + "77149": "Transformers - ReDoS vulnerability in GPT-NeoX-Japanese tokenizer that autogluon doesn't use", + "77714": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "77985": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.", + "77988": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.", + "77990": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "78153": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json() method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.", + "77986": "Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.", + "82754": "filelock - Dependency conflict", + "82065": "fonttools - Dependency conflict", + "82331": "urllib3 - Dependency conflict", + "82332": "urllib3 - Dependency conflict", + "82196": "werkzug - Dependency conflict", + "81038": "brotli - Dependency conflict", + "83972": "bokeh - Dependency conflict", + "84031" : "urllib3 - dependency conflict" +} \ No newline at end of file diff --git a/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu new file mode 100644 index 000000000000..c8bf87bdd3d0 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu @@ -0,0 +1,50 @@ +ARG CUDA_VER=12.6 +ARG PYTHON_VERSION=3.12.12 + +FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-training:2.6.0-gpu-py312-cu126-ubuntu22.04-sagemaker + +LABEL maintainer="Amazon AI" +LABEL dlc_major_version="1" + +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get install -y --no-install-recommends \ + && apt-get autoremove -y \ + # Install tesseract-ocr to support automm document classification + && apt-get install tesseract-ocr -y \ + # Install rsync to support ray distributed training + && apt-get install rsync -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /tmp/* + +ARG AUTOGLUON_VERSION=1.5.0 + + +# Upgrading pip and installing/updating Python dependencies +# Comments are added to explain the reason behind each update +RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.pythonhosted.org pip \ + && pip install --no-cache-dir -U wheel \ + && pip install --no-cache-dir -U autogluon==${AUTOGLUON_VERSION} \ + && pip install --no-cache-dir "pathos<0.3.3" + + +# RUN pip install --no-cache-dir \ +# torch==2.6.0+cu124 \ +# torchvision==0.21.0+cu124 \ +# torchaudio==2.6.0+cu124 \ +# --index-url https://download.pytorch.org/whl/cu124 + + +RUN HOME_DIR=/root \ + && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \ + && unzip -o ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \ + && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \ + && chmod +x /usr/local/bin/testOSSCompliance \ + && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \ + && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} python \ + && rm -rf ${HOME_DIR}/oss_compliance* + +RUN curl -o /licenses-autogluon.txt https://autogluon.s3.us-west-2.amazonaws.com/licenses/THIRD-PARTY-LICENSES.txt + +CMD ["/bin/bash"] diff --git a/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.os_scan_allowlist.json b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.os_scan_allowlist.json new file mode 100644 index 000000000000..0f19ca2e7a30 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.os_scan_allowlist.json @@ -0,0 +1,693 @@ +{ + "linux": [ + { + "description": " In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_p", + "vulnerability_id": "CVE-2024-26898", + "name": "CVE-2024-26898", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26898.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26898 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\") 1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_", + "vulnerability_id": "CVE-2024-26882", + "name": "CVE-2024-26882", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26882.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26882 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.", + "vulnerability_id": "CVE-2024-26884", + "name": "CVE-2024-26884", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "187.207" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26884.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-26884 - linux", + "reason_to_ignore": "vulnerability from Linux kernel 5.4.0 in base image" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: fff", + "vulnerability_id": "CVE-2023-52434", + "name": "CVE-2023-52434", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8, + "cvss_v30_score": 0, + "cvss_v31_score": 8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52434.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52434 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.co", + "vulnerability_id": "CVE-2022-48674", + "name": "CVE-2022-48674", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-48674.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2022-48674 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5", + "vulnerability_id": "CVE-2023-52752", + "name": "CVE-2023-52752", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52752.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2023-52752 - linux", + "reason_to_ignore": "No fix provided" + }, + { + "description": " In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.", + "vulnerability_id": "CVE-2024-36971", + "name": "CVE-2024-36971", + "package_name": "linux", + "package_details": { + "file_path": null, + "name": "linux", + "package_manager": "OS", + "version": "5.4.0", + "release": "190.210" + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.8, + "cvss_v30_score": 0, + "cvss_v31_score": 7.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-36971.html", + "source": "UBUNTU_CVE", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-36971 - linux", + "reason_to_ignore": "No fix provided" + } + ], + "ray": [ + { + "description": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", + "vulnerability_id": "CVE-2023-48022", + "name": "CVE-2023-48022", + "package_name": "ray", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray-2.10.0.dist-info/METADATA", + "name": "ray", + "package_manager": "PYTHONPKG", + "version": "2.10.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2023-48022 - ray", + "reason_to_ignore": "fix not available yet, autogluon uses Ray < 2.11" + } + ], + "idna": [ + { + "description": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", + "vulnerability_id": "CVE-2024-3651", + "name": "CVE-2024-3651", + "package_name": "idna", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/METADATA", + "name": "idna", + "package_manager": "PYTHONPKG", + "version": "3.6", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-3651 - idna", + "reason_to_ignore": "this is as false positive as autogluon uses idna >=3.7" + } + ], + "transformers": [ + { + "description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.", + "vulnerability_id": "CVE-2024-11393", + "name": "CVE-2024-11393", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11393", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11393 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.", + "vulnerability_id": "CVE-2024-11392", + "name": "CVE-2024-11392", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11392", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11392 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.", + "vulnerability_id": "CVE-2024-11394", + "name": "CVE-2024-11394", + "package_name": "transformers", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/transformers-4.47.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHONPKG", + "version": "4.47.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.8, + "cvss_v30_score": 0, + "cvss_v31_score": 8.8, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11394", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-11394 - transformers", + "reason_to_ignore": "N/A" + }, + { + "description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "vulnerability_id": "CVE-2025-2099", + "name": "CVE-2025-2099", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2099", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-2099 - transformers", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + }, + { + "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "vulnerability_id": "CVE-2025-3262", + "name": "CVE-2025-3262", + "package_name": "transformers", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/transformers-4.49.0.dist-info/METADATA", + "name": "transformers", + "package_manager": "PYTHON", + "version": "4.49.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3262", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-3262 - transformers", + "reason_to_ignore": "No fix provided" + } + ], + "lightgbm": [ + { + "description": "LightGBM Remote Code Execution Vulnerability", + "vulnerability_id": "CVE-2024-43598", + "name": "CVE-2024-43598", + "package_name": "lightgbm", + "package_details": { + "file_path": "opt/conda/lib/python3.11/site-packages/lightgbm-4.5.0.dist-info/METADATA", + "name": "lightgbm", + "package_manager": "PYTHONPKG", + "version": "4.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 8.1, + "cvss_v30_score": 0, + "cvss_v31_score": 8.1, + "cvss_v2_score": 0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43598", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2024-43598 - lightgbm", + "reason_to_ignore": "No fix provided" + } + ], + "torch": [ + { + "description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.", + "vulnerability_id": "CVE-2025-32434", + "name": "CVE-2025-32434", + "package_name": "torch", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.5.1+cpu.dist-info/METADATA", + "name": "torch", + "package_manager": "PYTHON", + "version": "2.5.1+cpu", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-32434 - torch", + "reason_to_ignore": "Security vulnerability allowlisted for AutoGluon DLC" + } + ], + "Brotli": [ + { + "description": "Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", + "vulnerability_id": "CVE-2025-6176", + "name": "CVE-2025-6176", + "package_name": "Brotli", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/brotli-1.1.0.dist-info/METADATA", + "name": "Brotli", + "package_manager": "PYTHON", + "version": "1.1.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 7.5, + "cvss_v31_score": 0.0, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-6176 - Brotli", + "reason_to_ignore": "N/A" + } + ], + "curl/libcurl": [ + { + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "vulnerability_id": "CVE-2025-9086", + "name": "CVE-2025-9086", + "package_name": "curl/libcurl", + "package_details": { + "file_path": "/opt/conda/include/curl/curlver.h", + "name": "curl/libcurl", + "package_manager": "GENERIC", + "version": "8.14.1", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-9086 - curl/libcurl", + "reason_to_ignore": "N/A" + } + ], + "fonttools": [ + { + "description": "fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.", + "vulnerability_id": "CVE-2025-66034", + "name": "CVE-2025-66034", + "package_name": "fonttools", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/fonttools-4.59.0.dist-info/METADATA", + "name": "fonttools", + "package_manager": "PYTHON", + "version": "4.59.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 9.8, + "cvss_v30_score": 0.0, + "cvss_v31_score": 9.8, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "CRITICAL", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66034", + "source": "NVD", + "severity": "CRITICAL", + "status": "ACTIVE", + "title": "CVE-2025-66034 - fonttools", + "reason_to_ignore": "N/A" + } + ], + "openssl/openssl": [ + { + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "vulnerability_id": "CVE-2025-9230", + "name": "CVE-2025-9230", + "package_name": "openssl/openssl", + "package_details": { + "file_path": "/opt/conda/include/openssl/opensslv.h", + "name": "openssl/openssl", + "package_manager": "GENERIC", + "version": "3.5.1", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-9230 - openssl/openssl", + "reason_to_ignore": "N/A" + } + ], + "urllib3": [ + { + "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", + "vulnerability_id": "CVE-2025-66471", + "name": "CVE-2025-66471", + "package_name": "urllib3", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/urllib3-2.5.0.dist-info/METADATA", + "name": "urllib3", + "package_manager": "PYTHON", + "version": "2.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-66471 - urllib3", + "reason_to_ignore": "N/A" + }, + { + "description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", + "vulnerability_id": "CVE-2025-66418", + "name": "CVE-2025-66418", + "package_name": "urllib3", + "package_details": { + "file_path": "/opt/conda/lib/python3.11/site-packages/urllib3-2.5.0.dist-info/METADATA", + "name": "urllib3", + "package_manager": "PYTHON", + "version": "2.5.0", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-66418 - urllib3", + "reason_to_ignore": "N/A" + } + ], + "aiohttp": [ + { + "description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.", + "vulnerability_id": "CVE-2025-69223", + "name": "CVE-2025-69223", + "package_name": "aiohttp", + "package_details": { + "file_path": "/usr/local/lib/python3.12/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.13.2.dist-info/METADATA", + "name": "aiohttp", + "package_manager": "PYTHON", + "version": "3.13.2", + "release": null + }, + "remediation": { + "recommendation": { + "text": "None Provided" + } + }, + "cvss_v3_score": 7.5, + "cvss_v30_score": 0.0, + "cvss_v31_score": 7.5, + "cvss_v2_score": 0.0, + "cvss_v3_severity": "HIGH", + "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223", + "source": "NVD", + "severity": "HIGH", + "status": "ACTIVE", + "title": "CVE-2025-69223 - aiohttp", + "reason_to_ignore": "N/A" + } + ] +} \ No newline at end of file diff --git a/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.py_scan_allowlist.json b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.py_scan_allowlist.json new file mode 100644 index 000000000000..c7c3c2eb8150 --- /dev/null +++ b/autogluon/training/docker/1.5/py3/cu126/Dockerfile.gpu.py_scan_allowlist.json @@ -0,0 +1,18 @@ +{ + "65189": "Ray - autogluon uses ray >=2.10,< 2.45", + "77149": "Transformers - ReDoS vulnerability in GPT-NeoX-Japanese tokenizer that autogluon doesn't use", + "77714": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.", + "77985": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.", + "77988": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.", + "77990": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.", + "78153": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json() method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.", + "77986": "Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.", + "82754": "filelock - Dependency conflict", + "82065": "fonttools - Dependency conflict", + "82331": "urllib3 - Dependency conflict", + "82332": "urllib3 - Dependency conflict", + "82196": "werkzug - Dependency conflict", + "81038": "brotli - Dependency conflict", + "83972": "bokeh - Dependency conflict", + "84031" : "urllib3 - dependency conflict" +} \ No newline at end of file diff --git a/test/sagemaker_tests/autogluon/inference/resources/model/model_1.5.0.tar.gz b/test/sagemaker_tests/autogluon/inference/resources/model/model_1.5.0.tar.gz new file mode 100644 index 000000000000..1e5317c7f8e9 Binary files /dev/null and b/test/sagemaker_tests/autogluon/inference/resources/model/model_1.5.0.tar.gz differ