diff --git a/security/cve-report_en.md b/security/cve-report_en.md index 12f86c1..f454bfd 100644 --- a/security/cve-report_en.md +++ b/security/cve-report_en.md @@ -39,7 +39,16 @@ The VMT consists of vulnerability management experts in the community. The team ## MindSpore Security Advisory (SA) -None +| Advisory Number | Type | Versions affected | Reported by | Additional Information | +| --- | ---- | --- | --- | --- | +| [MSSA-2021-008](security_advisory_list/mssa-2021-008_en.md) | Heap buffer overflow in MindSpore Lite Tile operator | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-007](security_advisory_list/mssa-2021-007_en.md) | Heap buffer overflow in MindSpore Lite infer shape operations | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-006](security_advisory_list/mssa-2021-006_en.md) | Heap buffer overflow in MindSpore Lite Transpose operator | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-005](security_advisory_list/mssa-2021-005_en.md) | Heap buffer overflow in MindSpore Lite SparseToDense operator | >= 1.2.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-004](security_advisory_list/mssa-2021-004_en.md) | Division by 0 in MindSpore Lite DepthwiseConv2D parse operations | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-003](security_advisory_list/mssa-2021-003_en.md) | Division by 0 in MindSpore Lite Reduce operator | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-002](security_advisory_list/mssa-2021-002_en.md) | Division by 0 in MindSpore Lite SpaceToBatch operator | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-001](security_advisory_list/mssa-2021-001_en.md) | Division by 0 in MindSpore Lite Split operator | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | ## MindSpore Security Note (SN) diff --git a/security/cve-report_zh_cn.md b/security/cve-report_zh_cn.md index 912f09b..1ce0489 100644 --- a/security/cve-report_zh_cn.md +++ b/security/cve-report_zh_cn.md @@ -41,14 +41,14 @@ MindSpore作为一个同时支持端/边缘/云场景的训练推理框架,在 | 公告 | 类型 | 受影响版本 | 上报人 | 附加信息 | | --- | ---- | --- | --- | --- | -| [MSSA-2021-008](security_advisory_list/mssa-2021-008.md) | memcpy()越界问题在MindSpore Lite Tile算子中 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-007](security_advisory_list/mssa-2021-007.md) | Integer溢出问题在MindSpore Lite的common_infer.c文件中 | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-006](security_advisory_list/mssa-2021-006.md) | 数组下标未判断导致的数组越界访问问题在MindSpore Lite的Transpose算子中 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-005](security_advisory_list/mssa-2021-005.md) | 数组下标未判断导致的数组越界访问问题在MindSpore Lite的SparseToDense算子中 | >= 1.2.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-004](security_advisory_list/mssa-2021-004.md) | 除0导致的SIGFPE问题在MindSpore Lite的Conv算子parser文件中 | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-003](security_advisory_list/mssa-2021-003.md) | 除0导致的SIGFPE问题在MindSpore Lite的Reduce算子中 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-002](security_advisory_list/mssa-2021-002.md) | 除0导致的SIGFPE问题在MindSpore Lite的SpaceToBatch算子中 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | -| [MSSA-2021-001](security_advisory_list/mssa-2021-001.md) | 除0导致的SIGFPE问题在MindSpore Lite的Split算子中 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-008](security_advisory_list/mssa-2021-008.md) | MindSpore Lite的Tile算子中数组越界访问异常 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-007](security_advisory_list/mssa-2021-007.md) | MindSpore Lite的推导shape操作中数组越界访问异常 | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-006](security_advisory_list/mssa-2021-006.md) | MindSpore Lite的Transpose算子中数组越界访问异常 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-005](security_advisory_list/mssa-2021-005.md) | MindSpore Lite的SparseToDense算子中数组越界访问异常 | >= 1.2.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-004](security_advisory_list/mssa-2021-004.md) | MindSpore Lite的DepthwiseConv2D算子parser操作中除零异常 | >= 1.1.0, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-003](security_advisory_list/mssa-2021-003.md) | MindSpore Lite的Reduce算子中除零异常 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-002](security_advisory_list/mssa-2021-002.md) | MindSpore Lite的SpaceToBatch算子中除零异常 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | +| [MSSA-2021-001](security_advisory_list/mssa-2021-001.md) | MindSpore Lite的Split算子中除零异常 | >= 0.7.0-beta, < 1.3.0 | Wang Xuan(@May) of Qihoo 360 AIVul Team | | ## MindSpore安全说明(SN) diff --git a/security/security_advisory_list/mssa-2021-001.md b/security/security_advisory_list/mssa-2021-001.md index f048b6a..9decc8f 100644 --- a/security/security_advisory_list/mssa-2021-001.md +++ b/security/security_advisory_list/mssa-2021-001.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在运行Split算子的resize操作时,如果变量input_shape元素中存在0值,会导致除0 SIGFPE。 +在执行Split算子的初始化操作时,如果输入shape中某个维度大小为0,将会导致除0异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-001.patch)。 +我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-001.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE1A)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-001_en.md b/security/security_advisory_list/mssa-2021-001_en.md new file mode 100644 index 0000000..d0005c8 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-001_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-001 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005), and created a [patch](../cve_patch/mssa-2021-001.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-002.md b/security/security_advisory_list/mssa-2021-002.md index f886b2a..0786759 100644 --- a/security/security_advisory_list/mssa-2021-002.md +++ b/security/security_advisory_list/mssa-2021-002.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在运行SpaceToBatch算子的推导shape阶段,如果参数block_shape元素中存在0值,会导致除0 SIGFPE。 +在执行SpaceToBatch算子的推导shape操作时,如果参数block_shape元素中存在0值,将会导致除0异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-002.patch)。 +我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-002.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE1A)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-002_en.md b/security/security_advisory_list/mssa-2021-002_en.md new file mode 100644 index 0000000..18de257 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-002_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-002 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005), and created a [patch](../cve_patch/mssa-2021-002.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-003.md b/security/security_advisory_list/mssa-2021-003.md index 6cb9f2e..4e18552 100644 --- a/security/security_advisory_list/mssa-2021-003.md +++ b/security/security_advisory_list/mssa-2021-003.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在运行Refuce算子的run函数时,如果参数axis_sizes元素中存在0值,会导致除0 SIGFPE。 +在执行Reduce算子run操作时,如果参数axis_sizes元素中存在0值,将会导致除0异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-003.patch)。 +我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-003.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE1A)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-003_en.md b/security/security_advisory_list/mssa-2021-003_en.md new file mode 100644 index 0000000..6445fc6 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-003_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-003 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005), and created a [patch](../cve_patch/mssa-2021-003.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-004.md b/security/security_advisory_list/mssa-2021-004.md index 9686406..7825b1a 100644 --- a/security/security_advisory_list/mssa-2021-004.md +++ b/security/security_advisory_list/mssa-2021-004.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在解析tflite Conv算子导MindSporeLite Conv算子的parser阶段时,如果属性depth_multiplier为0,会导致除0 SIGFPE。 +在执行DepthwiseConv2D算子的解析操作时,如果属性depth_multiplier为0,会导致除0异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-004.patch)。 +我们已经在1.3.0版本通过commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-004.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE1A)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-004_en.md b/security/security_advisory_list/mssa-2021-004_en.md new file mode 100644 index 0000000..46c01d7 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-004_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-004 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [e0cbe113745a38be7b3afa0dff63a819e4490005](https://gitee.com/mindspore/mindspore/commit/e0cbe113745a38be7b3afa0dff63a819e4490005), and created a [patch](../cve_patch/mssa-2021-004.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-005.md b/security/security_advisory_list/mssa-2021-005.md index 999469d..25839ae 100644 --- a/security/security_advisory_list/mssa-2021-005.md +++ b/security/security_advisory_list/mssa-2021-005.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在SparseToDense算子的推导shape阶段,如果输入个数小于3,会导致变量inputs访问越界。 +在执行SparseToDense算子的推导shape操作时,如果输入个数小于3,将会导致变量inputs越界访问异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-005.patch)。 +我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-005.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE2J)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-005_en.md b/security/security_advisory_list/mssa-2021-005_en.md new file mode 100644 index 0000000..dcd6db8 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-005_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-005 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008), and created a [patch](../cve_patch/mssa-2021-005.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-006.md b/security/security_advisory_list/mssa-2021-006.md index 14353b4..3f24850 100644 --- a/security/security_advisory_list/mssa-2021-006.md +++ b/security/security_advisory_list/mssa-2021-006.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在Transpose算子的推导shape阶段,如果perm元素中的值大于或等于input_shape size,会导致input_shape访问越界。 +在执行Transpose算子的推导shape操作时,如果perm元素中的值大于或等于input_shape大小,将会导致input_shape越界访问异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-006.patch)。 +我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-006.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE2J)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-006_en.md b/security/security_advisory_list/mssa-2021-006_en.md new file mode 100644 index 0000000..d9b1d27 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-006_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-006 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008), and created a [patch](../cve_patch/mssa-2021-005.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-007.md b/security/security_advisory_list/mssa-2021-007.md index d5a17c2..165b464 100644 --- a/security/security_advisory_list/mssa-2021-007.md +++ b/security/security_advisory_list/mssa-2021-007.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在算子的公共推导shape阶段,判断逻辑错误,会导致shape访问越界。 +在执行Affine、Concat、MatMul、ArgMinMax、EmbeddingLookup和Gather算子的推导shape操作时,如果输入shape大小为0,将会导致shape越界访问异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [8359643b0ebd9d0931110bd7776080abd2f2259d](https://gitee.com/mindspore/mindspore/commit/8359643b0ebd9d0931110bd7776080abd2f2259d)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-007.patch)。 +我们已经在1.3.0版本通过commit [8359643b0ebd9d0931110bd7776080abd2f2259d](https://gitee.com/mindspore/mindspore/commit/8359643b0ebd9d0931110bd7776080abd2f2259d)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-007.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE2X)。 +该漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-007_en.md b/security/security_advisory_list/mssa-2021-007_en.md new file mode 100644 index 0000000..374ddd4 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-007_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-007 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [8359643b0ebd9d0931110bd7776080abd2f2259d](https://gitee.com/mindspore/mindspore/commit/8359643b0ebd9d0931110bd7776080abd2f2259d), and created a [patch](../cve_patch/mssa-2021-007.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team. diff --git a/security/security_advisory_list/mssa-2021-008.md b/security/security_advisory_list/mssa-2021-008.md index 9028f91..0c853ca 100644 --- a/security/security_advisory_list/mssa-2021-008.md +++ b/security/security_advisory_list/mssa-2021-008.md @@ -4,22 +4,22 @@ 2021-10-18 -## 更新日期 +## 最后修改日期 2021-10-18 ## 影响 -- 在Tile算子的推导shape阶段,如果输入数据类型不是int或者int32类型时,会导致内存拷贝越界。 +在执行Tile算子的推导shape操作时,如果输入数据类型不是int或者int32类型时,会导致内存访问越界异常。 ## 补丁 -- 我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-008.patch)。 +我们已经在1.3.0版本通过commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008)修复了该问题,并且制作了该漏洞的[patch](../cve_patch/mssa-2021-008.patch)。 ## CVE -- 待补充。 +待补充。 -## 参考信息 +## 来源 -- 该漏洞对应的[issue](https://gitee.com/mindspore/mindspore/issues/I3SE2J)。 +漏洞由奇虎360安全团队的Wang Xuan(@May)上报。 diff --git a/security/security_advisory_list/mssa-2021-008_en.md b/security/security_advisory_list/mssa-2021-008_en.md new file mode 100644 index 0000000..da0a261 --- /dev/null +++ b/security/security_advisory_list/mssa-2021-008_en.md @@ -0,0 +1,25 @@ +# MSSA-2021-008 - Security Advisory + +## Published Date + +2021-10-18 + +## Last Modified Data + +2021-10-18 + +## Impact + +When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. + +## Patch + +We have fixed this issue in version 1.3.0 through commit [5aab6599e7280d2512a87434c174f13a0a2e7008](https://gitee.com/mindspore/mindspore/commit/5aab6599e7280d2512a87434c174f13a0a2e7008), and created a [patch](../cve_patch/mssa-2021-008.patch) for this vulnerability. + +## CVE + +To be updated. + +## Attribution + +This vulnerability has been reported by Wang Xuan(@May) of Qihoo 360 AIVul Team.