Add Dockerfiles for Neuron DLC with SDK 2.18.0

.gitignore

@@ -1 +1,2 @@
 .idea/
+.DS_Store

docker/pytorch/inference/1.13.1/Dockerfile.neuron

@@ -5,9 +5,9 @@ LABEL maintainer="Amazon AI"
 LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 
 # Neuron SDK components version numbers
-ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.9.17.0
-ARG NEURON_CC_VERSION=1.21.0.0
-ARG NEURONX_TOOLS_VERSION=2.17.0.0
+ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.9.74.0
+ARG NEURON_CC_VERSION=1.22.0.0
+ARG NEURONX_TOOLS_VERSION=2.17.1.0
 
 ARG PYTHON=python3.10
 ARG PYTHON_VERSION=3.10.12

docker/pytorch/inference/1.13.1/Dockerfile.neuron.cve_allowlist.json

@@ -1,197 +1,2 @@
 {
-    "CVE-2023-51779": {
-        "description": "\n It was discovered that a race condition existed in the Bluetooth subsystem\n of the Linux kernel, leading to a use-after-free vulnerability. A local\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 0.0,
-        "score_details": {},
-        "severity": "MEDIUM",
-        "source": "UBUNTU_CVE",
-        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-51779.html",
-        "status": "ACTIVE",
-        "title": "CVE-2023-51779 - linux",
-        "vulnerability_id": "CVE-2023-51779",
-        "vulnerable_packages": [
-            {
-                "arch": "AMD64",
-                "epoch": 0,
-                "name": "linux",
-                "packageManager": "OS",
-                "release": "171.189",
-                "version": "5.4.0"
-            }
-        ]
-    },
-    "CVE-2023-51780": {
-        "description": "\n It was discovered that a race condition existed in the ATM\n (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading\n to a use-after-free vulnerability. A local attacker could use this\n to cause a denial of service (system crash) or possibly execute\n arbitrary code.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 7.0,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 7.0,
-                "scoreSource": "UBUNTU_CVE",
-                "scoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "UBUNTU_CVE",
-        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-51780.html",
-        "status": "ACTIVE",
-        "title": "CVE-2023-51780 - linux",
-        "vulnerability_id": "CVE-2023-51780",
-        "vulnerable_packages": [
-            {
-                "arch": "AMD64",
-                "epoch": 0,
-                "name": "linux",
-                "packageManager": "OS",
-                "release": "171.189",
-                "version": "5.4.0"
-            }
-        ]
-    },
-    "CVE-2023-51781": {
-        "description": "\n It was discovered that a race condition existed in the AppleTalk\n networking subsystem of the Linux kernel, leading to a use-after-free\n vulnerability. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 7.0,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 7.0,
-                "scoreSource": "UBUNTU_CVE",
-                "scoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "UBUNTU_CVE",
-        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-51781.html",
-        "status": "ACTIVE",
-        "title": "CVE-2023-51781 - linux",
-        "vulnerability_id": "CVE-2023-51781",
-        "vulnerable_packages": [
-            {
-                "arch": "AMD64",
-                "epoch": 0,
-                "name": "linux",
-                "packageManager": "OS",
-                "release": "171.189",
-                "version": "5.4.0"
-            }
-        ]
-    },
-    "CVE-2023-51782": {
-        "description": "\n It was discovered that a race condition existed in the Rose X.25\n protocol implementation in the Linux kernel, leading to a use-after-\n free vulnerability. A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 7.0,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 7.0,
-                "scoreSource": "UBUNTU_CVE",
-                "scoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "UBUNTU_CVE",
-        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-51782.html",
-        "status": "ACTIVE",
-        "title": "CVE-2023-51782 - linux",
-        "vulnerability_id": "CVE-2023-51782",
-        "vulnerable_packages": [
-            {
-                "arch": "AMD64",
-                "epoch": 0,
-                "name": "linux",
-                "packageManager": "OS",
-                "release": "171.189",
-                "version": "5.4.0"
-            }
-        ]
-    },
-    "CVE-2023-6129": {
-        "description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where th",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 6.5,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 6.5,
-                "scoreSource": "NVD",
-                "scoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "MEDIUM",
-        "source": "NVD",
-        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129",
-        "status": "ACTIVE",
-        "title": "CVE-2023-6129 - pyOpenSSL",
-        "vulnerability_id": "CVE-2023-6129",
-        "vulnerable_packages": [
-            {
-                "epoch": 0,
-                "filePath": "opt/conda/lib/python3.10/site-packages/pyOpenSSL-24.0.0.dist-info/METADATA",
-                "name": "pyOpenSSL",
-                "packageManager": "PYTHONPKG",
-                "version": "24.0.0"
-            }
-        ]
-    },
-    "CVE-2023-6915": {
-        "description": " A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 5.5,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 5.5,
-                "scoreSource": "UBUNTU_CVE",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "MEDIUM",
-        "source": "UBUNTU_CVE",
-        "source_url": "https://people.canonical.com/~ubuntu-security/cve/2023/CVE-2023-6915.html",
-        "status": "ACTIVE",
-        "title": "CVE-2023-6915 - linux",
-        "vulnerability_id": "CVE-2023-6915",
-        "vulnerable_packages": [
-            {
-                "arch": "AMD64",
-                "epoch": 0,
-                "name": "linux",
-                "packageManager": "OS",
-                "release": "171.189",
-                "version": "5.4.0"
-            }
-        ]
-    }
 }

docker/pytorch/inference/1.13.1/Dockerfile.neuronx

@@ -5,13 +5,13 @@ LABEL maintainer="Amazon AI"
 LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 
 # Neuron SDK components version numbers
-ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.13.1
-ARG NEURONX_TRANSFORMERS_VERSION=0.9.474
-ARG NEURONX_DISTRIBUTED_VERSION=0.6.0
-ARG NEURONX_CC_VERSION=2.12.68.0
-ARG NEURONX_TOOLS_VERSION=2.17.0.0
-ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.11.0-c101c322e
-ARG NEURONX_RUNTIME_LIB_VERSION=2.20.11.0-b7d33e68b
+ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.14.0
+ARG NEURONX_DISTRIBUTED_VERSION=0.7.0
+ARG NEURONX_CC_VERSION=2.13.66.0
+ARG NEURONX_TRANSFORMERS_VERSION=0.10.0.21
+ARG NEURONX_COLLECTIVES_LIB_VERSION=2.20.22.0-c101c322e
+ARG NEURONX_RUNTIME_LIB_VERSION=2.20.22.0-1b3ca6425
+ARG NEURONX_TOOLS_VERSION=2.17.1.0
 
 ARG PYTHON=python3.10
 ARG PYTHON_VERSION=3.10.12