Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image critical and high vulnerabilities found after scan in ECR, R kernel dies in SageMaker Studio #5

Open
awsmrud opened this issue Nov 27, 2020 · 2 comments
Open

Docker image critical and high vulnerabilities found after scan in ECR, R kernel dies in SageMaker Studio #5

awsmrud opened this issue Nov 27, 2020 · 2 comments

Comments

@awsmrud
Copy link

awsmrud commented Nov 27, 2020

Vulnerability results after scan in ECR:

CVE-2019-19816 linux:4.19.152-1 CRITICAL In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVE-2019-19814 linux:4.19.152-1 CRITICAL In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.
CVE-2020-27153 bluez:5.50-1.2~deb10u1 HIGH In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
CVE-2020-0423 linux:4.19.152-1 HIGH In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A
@jaipreet-s
Copy link
Contributor

Is the "R kernel dies in SageMaker Studio" part related to #4 ? You can check your CloudWatch logs for SageMaker Studio https://docs.aws.amazon.com/sagemaker/latest/dg/logging-cloudwatch.html

@awsmrud
Copy link
Author

awsmrud commented Dec 2, 2020
edited
Loading

I get a different error when I try to launch R kernel inside Studio.

Cloudwatch logs:

[D 22:56:23.064 LabApp.RemoteKernelManager] Kernel metrics response from Kernel gateway at gateway_url http://:32769: {'response_status': {'status': 'FAIL', 'error_message': 'Kernel process for the given kernel_id not found.'}, 'metrics': 'N/A'}Any insights

Local testing lists 'ir' in the kernel specs based on: https://github.com/aws-samples/sagemaker-studio-custom-image-samples/blob/main/DEVELOPMENT.md However, does not work inside Studio.

Any insights?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaipreet-s @awsmrud