aws-neuron · ningziwen · May 1, 2024 · May 1, 2024
diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json
@@ -12,80 +12,72 @@
         "source": "NVD",
         "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
         "status": "ACTIVE",
-        "title": "CVE-2024-2511 - pyOpenSSL, cryptography",
+        "title": "CVE-2024-2511 - cryptography, pyOpenSSL",
         "vulnerability_id": "CVE-2024-2511",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
-                "name": "pyOpenSSL",
+                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
+                "name": "cryptography",
                 "packageManager": "PYTHONPKG",
-                "version": "24.0.0"
+                "version": "42.0.5"
             },
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
-                "name": "cryptography",
+                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
+                "name": "pyOpenSSL",
                 "packageManager": "PYTHONPKG",
-                "version": "42.0.5"
+                "version": "24.0.0"
             }
         ]
     },
-    "GHSA-jjg7-2v4v-x38h": {
-        "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
+    "CVE-2024-31580": {
+        "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
         "score": 0.0,
         "score_details": {},
-        "severity": "MEDIUM",
-        "source": "GITHUB",
-        "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
         "status": "ACTIVE",
-        "title": "GHSA-jjg7-2v4v-x38h - idna",
-        "vulnerability_id": "GHSA-jjg7-2v4v-x38h",
+        "title": "CVE-2024-31580 - torch",
+        "vulnerability_id": "CVE-2024-31580",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "1.13.1"
             }
         ]
     },
-    "SNYK-PYTHON-IDNA-6597975": {
-        "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
+    "CVE-2024-31583": {
+        "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
-        "score": 6.2,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 6.2,
-                "scoreSource": "SNYK",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "MEDIUM",
-        "source": "SNYK",
-        "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
+        "score": 0.0,
+        "score_details": {},
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
         "status": "ACTIVE",
-        "title": "IN1-PYTHON-IDNA-6597975 - idna",
-        "vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
+        "title": "CVE-2024-31583 - torch",
+        "vulnerability_id": "CVE-2024-31583",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "1.13.1"
             }
         ]
     }

diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx
@@ -1,13 +1,13 @@
 FROM public.ecr.aws/docker/library/ubuntu:20.04

 LABEL dlc_major_version="1"
 LABEL maintainer="Amazon AI"
 LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true

 # Neuron SDK components version numbers
 ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0
 ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
-ARG NEURONX_CC_VERSION=2.13.68.0
+ARG NEURONX_CC_VERSION=2.13.72.0
 ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360
 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
 ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425
@@ -26,7 +26,7 @@
 ENV SAGEMAKER_SERVING_MODULE=sagemaker_pytorch_serving_container.serving:main
 ENV TEMP=/home/model-server/tmp

 RUN apt-get update \
 && apt-get upgrade -y \
 && apt-get install -y --no-install-recommends software-properties-common \
 && add-apt-repository ppa:openjdk-r/ppa \
@@ -57,9 +57,9 @@
 && apt-get clean

 RUN echo "deb https://apt.repos.neuron.amazonaws.com focal main" > /etc/apt/sources.list.d/neuron.list
 RUN wget -qO - https://apt.repos.neuron.amazonaws.com/GPG-PUB-KEY-AMAZON-AWS-NEURON.PUB | apt-key add -

 RUN apt-get update \
 && apt-get install -y \
    aws-neuronx-tools=$NEURONX_TOOLS_VERSION \
    aws-neuronx-collectives=$NEURONX_COLLECTIVES_LIB_VERSION \
@@ -73,7 +73,7 @@
    mv /etc/ssl/certs/java/cacerts.jks /etc/ssl/certs/java/cacerts; \
    /var/lib/dpkg/info/ca-certificates-java.postinst configure;

 RUN curl -L -o ~/mambaforge.sh https://github.com/conda-forge/miniforge/releases/download/${MAMBA_VERSION}/Mambaforge-${MAMBA_VERSION}-Linux-x86_64.sh \
 && chmod +x ~/mambaforge.sh \
 && ~/mambaforge.sh -b -p /opt/conda \
 && rm ~/mambaforge.sh \
@@ -92,7 +92,7 @@

 && /opt/conda/bin/conda clean -ya

 RUN conda install -c conda-forge \
    scikit-learn \
    h5py \
    requests \
@@ -103,7 +103,7 @@
    enum-compat \
    ipython

 RUN pip install --no-cache-dir -U \
    opencv-python>=4.8.1.78 \
    "numpy<1.24,>1.21" \
    "scipy>=1.8.0" \
@@ -114,7 +114,7 @@
    boto3 \
    cryptography

 RUN pip install -U --extra-index-url https://pip.repos.neuron.amazonaws.com \
    neuronx-cc==$NEURONX_CC_VERSION \
    torch-neuronx==$NEURONX_FRAMEWORK_VERSION \
    transformers-neuronx==$NEURONX_TRANSFORMERS_VERSION \
@@ -141,7 +141,7 @@

 RUN chmod +x /usr/local/bin/deep_learning_container.py

 RUN pip install --no-cache-dir "sagemaker-pytorch-inference==${SM_TOOLKIT_VERSION}"

 # patch default_pytorch_inference_handler.py to import torch_neuronx
 RUN DEST_DIR=$(python -c "import os.path, sagemaker_pytorch_serving_container; print(os.path.dirname(sagemaker_pytorch_serving_container.__file__))") \

diff --git a/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/1.13.1/Dockerfile.neuronx.cve_allowlist.json
@@ -12,80 +12,72 @@
         "source": "NVD",
         "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
         "status": "ACTIVE",
-        "title": "CVE-2024-2511 - pyOpenSSL, cryptography",
+        "title": "CVE-2024-2511 - cryptography, pyOpenSSL",
         "vulnerability_id": "CVE-2024-2511",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
-                "name": "pyOpenSSL",
+                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
+                "name": "cryptography",
                 "packageManager": "PYTHONPKG",
-                "version": "24.0.0"
+                "version": "42.0.5"
             },
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
-                "name": "cryptography",
+                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
+                "name": "pyOpenSSL",
                 "packageManager": "PYTHONPKG",
-                "version": "42.0.5"
+                "version": "24.0.0"
             }
         ]
     },
-    "GHSA-jjg7-2v4v-x38h": {
-        "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
+    "CVE-2024-31580": {
+        "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
         "score": 0.0,
         "score_details": {},
-        "severity": "MEDIUM",
-        "source": "GITHUB",
-        "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
         "status": "ACTIVE",
-        "title": "GHSA-jjg7-2v4v-x38h - idna",
-        "vulnerability_id": "GHSA-jjg7-2v4v-x38h",
+        "title": "CVE-2024-31580 - torch",
+        "vulnerability_id": "CVE-2024-31580",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "1.13.1"
             }
         ]
     },
-    "SNYK-PYTHON-IDNA-6597975": {
-        "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
+    "CVE-2024-31583": {
+        "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
-        "score": 6.2,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 6.2,
-                "scoreSource": "SNYK",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "MEDIUM",
-        "source": "SNYK",
-        "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
+        "score": 0.0,
+        "score_details": {},
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
         "status": "ACTIVE",
-        "title": "IN1-PYTHON-IDNA-6597975 - idna",
-        "vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
+        "title": "CVE-2024-31583 - torch",
+        "vulnerability_id": "CVE-2024-31583",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-1.13.1.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "1.13.1"
             }
         ]
     }

diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx
@@ -6,7 +6,7 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 
 # Neuron SDK components version numbers
 ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
-ARG NEURONX_CC_VERSION=2.13.68.0
+ARG NEURONX_CC_VERSION=2.13.72.0
 ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.1.0
 ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.360
 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e

diff --git a/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json b/docker/pytorch/inference/2.1.2/Dockerfile.neuronx.cve_allowlist.json
@@ -12,80 +12,72 @@
         "source": "NVD",
         "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
         "status": "ACTIVE",
-        "title": "CVE-2024-2511 - cryptography, pyOpenSSL",
+        "title": "CVE-2024-2511 - pyOpenSSL, cryptography",
         "vulnerability_id": "CVE-2024-2511",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
-                "name": "cryptography",
+                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
+                "name": "pyOpenSSL",
                 "packageManager": "PYTHONPKG",
-                "version": "42.0.5"
+                "version": "24.0.0"
             },
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
-                "name": "pyOpenSSL",
+                "filePath": "opt/conda/lib/python3.10/site-packages/cryptography-42.0.5.dist-info/METADATA",
+                "name": "cryptography",
                 "packageManager": "PYTHONPKG",
-                "version": "24.0.0"
+                "version": "42.0.5"
             }
         ]
     },
-    "GHSA-jjg7-2v4v-x38h": {
-        "description": "### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nThe function has been refined to reject such strings without the associated resource consumption in version 3.7.\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n\n### References\n* https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
+    "CVE-2024-31580": {
+        "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
         "score": 0.0,
         "score_details": {},
-        "severity": "MEDIUM",
-        "source": "GITHUB",
-        "source_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580",
         "status": "ACTIVE",
-        "title": "GHSA-jjg7-2v4v-x38h - idna",
-        "vulnerability_id": "GHSA-jjg7-2v4v-x38h",
+        "title": "CVE-2024-31580 - torch",
+        "vulnerability_id": "CVE-2024-31580",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "2.1.2"
             }
         ]
     },
-    "SNYK-PYTHON-IDNA-6597975": {
-        "description": "## Overview\n\nAffected versions of this package are vulnerable to Resource Exhaustion via the `idna.encode` function. An attacker can consume significant resources and potentially cause a denial-of-service by supplying specially crafted arguments to this function. \r\n\r\n**Note:**\r\nThis is triggered by arbitrarily large inputs that would not occur in normal usage but may be passed to the library assuming there is no preliminary input validation by the higher-level application.\n## Remediation\nUpgrade `idna` to version 3.7 or higher.\n## References\n- [GitHub Commit](https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7)",
+    "CVE-2024-31583": {
+        "description": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
-        "score": 6.2,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 6.2,
-                "scoreSource": "SNYK",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "MEDIUM",
-        "source": "SNYK",
-        "source_url": "https://security.snyk.io/vuln/SNYK-PYTHON-IDNA-6597975",
+        "score": 0.0,
+        "score_details": {},
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583",
         "status": "ACTIVE",
-        "title": "IN1-PYTHON-IDNA-6597975 - idna",
-        "vulnerability_id": "SNYK-PYTHON-IDNA-6597975",
+        "title": "CVE-2024-31583 - torch",
+        "vulnerability_id": "CVE-2024-31583",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/idna-3.6.dist-info/METADATA",
-                "name": "idna",
+                "filePath": "opt/conda/lib/python3.10/site-packages/torch-2.1.2.dist-info/METADATA",
+                "name": "torch",
                 "packageManager": "PYTHONPKG",
-                "version": "3.6"
+                "version": "2.1.2"
             }
         ]
     }

diff --git a/docker/pytorch/training/1.13.1/Dockerfile.neuronx b/docker/pytorch/training/1.13.1/Dockerfile.neuronx
@@ -6,7 +6,7 @@ LABEL dlc_major_version="1"
 # Neuron SDK components version numbers
 ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0
 ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
-ARG NEURONX_CC_VERSION=2.13.68.0
+ARG NEURONX_CC_VERSION=2.13.72.0
 ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
 ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425
 ARG NEURONX_TOOLS_VERSION=2.17.1.0