Skip to content

Commit

Permalink
Patch hf pt train latest 2024 08 06 (#4133)
Browse files Browse the repository at this point in the history
* fix: pinning requests library to avoid known issue with docker

* Update ['dlc_developer_config.toml']

dlc_developer_config.toml:
{   'build': {   'build_frameworks': ['huggingface_pytorch'],
                 'build_inference': False,
                 'build_training': True},
    'buildspec_override': {   'dlc-pr-huggingface-pytorch-training': 'huggingface/pytorch/training/buildspec.yml'},
    'dev': {   'deep_canary_mode': False,
               'graviton_mode': False,
               'neuronx_mode': False},
    'test': {   'ec2_tests': True,
                'ecs_tests': True,
                'eks_tests': True,
                'sagemaker_local_tests': True,
                'sagemaker_remote_tests': True,
                'sanity_tests': True}}

* chore: pinning requests to 2.31.0 for requirements.txt as well

* chore: updating os scan allowlist

* chore: removing requests pin in Dockerfile, only needed in requirements.txt

* Revert "Update ['dlc_developer_config.toml']"

This reverts commit 4bb3188.

---------

Co-authored-by: shaernev <shaernev@amazon.com>
  • Loading branch information
ErnevSharma and shaernev authored Aug 7, 2024
1 parent 0e4bf01 commit e4023c5
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -1,5 +1,92 @@
{
"linux": [
{
"description": " In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.",
"vulnerability_id": "CVE-2024-40902",
"name": "CVE-2024-40902",
"package_name": "linux",
"package_details": {
"file_path": null,
"name": "linux",
"package_manager": "OS",
"version": "5.4.0",
"release": "190.210"
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"cvss_v3_score": 7.8,
"cvss_v30_score": 0,
"cvss_v31_score": 7.8,
"cvss_v2_score": 0,
"cvss_v3_severity": "HIGH",
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-40902.html",
"source": "UBUNTU_CVE",
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2024-40902 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO busses\") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.",
"vulnerability_id": "CVE-2024-42224",
"name": "CVE-2024-42224",
"package_name": "linux",
"package_details": {
"file_path": null,
"name": "linux",
"package_manager": "OS",
"version": "5.4.0",
"release": "190.210"
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"cvss_v3_score": 7.8,
"cvss_v30_score": 0,
"cvss_v31_score": 7.8,
"cvss_v2_score": 0,
"cvss_v3_severity": "HIGH",
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-42224.html",
"source": "UBUNTU_CVE",
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2024-42224 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500 RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009 R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b426b7d70",
"vulnerability_id": "CVE-2024-26929",
"name": "CVE-2024-26929",
"package_name": "linux",
"package_details": {
"file_path": null,
"name": "linux",
"package_manager": "OS",
"version": "5.4.0",
"release": "190.210"
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"cvss_v3_score": 7.8,
"cvss_v30_score": 0,
"cvss_v31_score": 7.8,
"cvss_v2_score": 0,
"cvss_v3_severity": "HIGH",
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-26929.html",
"source": "UBUNTU_CVE",
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2024-26929 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.",
"vulnerability_id": "CVE-2022-48655",
Expand Down Expand Up @@ -29,6 +116,35 @@
"title": "CVE-2022-48655 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { \t... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object \"intf\". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object \"intf\". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switch gb_interface_release | kfree(intf) (free) | ",
"vulnerability_id": "CVE-2024-39495",
"name": "CVE-2024-39495",
"package_name": "linux",
"package_details": {
"file_path": null,
"name": "linux",
"package_manager": "OS",
"version": "5.4.0",
"release": "190.210"
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"cvss_v3_score": 7.8,
"cvss_v30_score": 0,
"cvss_v31_score": 7.8,
"cvss_v2_score": 0,
"cvss_v3_severity": "HIGH",
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-39495.html",
"source": "UBUNTU_CVE",
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2024-39495 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.co",
"vulnerability_id": "CVE-2022-48674",
Expand Down Expand Up @@ -87,6 +203,35 @@
"title": "CVE-2023-52752 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_make_fs_ro(), there is no need to call them again.",
"vulnerability_id": "CVE-2023-52760",
"name": "CVE-2023-52760",
"package_name": "linux",
"package_details": {
"file_path": null,
"name": "linux",
"package_manager": "OS",
"version": "5.4.0",
"release": "190.210"
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"cvss_v3_score": 7.8,
"cvss_v30_score": 0,
"cvss_v31_score": 7.8,
"cvss_v2_score": 0,
"cvss_v3_severity": "HIGH",
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-52760.html",
"source": "UBUNTU_CVE",
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2023-52760 - linux",
"reason_to_ignore": "N/A"
},
{
"description": " In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqby",
"vulnerability_id": "CVE-2024-26907",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ pytest
pytest-cov
pytest-rerunfailures
pytest-xdist
requests
requests==2.31.0
pluggy<1,>=0.3.0
requests_mock
fabric
Expand Down

0 comments on commit e4023c5

Please sign in to comment.