Ray Multiple Components Vulnerability Fix Advisory (RCE/Serialization)

Vulnerability Summary Overview Vulnerability Name: Vulnerabilities Fixed in Multiple Components Affected Components: Ray Data, Ray Serve, Ray Train, Ray Tune, Ray LLM, Ray RLlib, Ray Core Scope of Impact Ray Data: - Fixed multiple vulnerabilities related to data serialization, deserialization, resource management, logging, etc. - Examples: Fixed and , among others. Ray Serve: - Fixed vulnerabilities related to gRPC clients, HAProxy, Autoscaler, replica management, etc. - Examples: Fixed and , among others. Ray Train: - Fixed vulnerabilities related to training resource registration, dataset fields, logging, state management, etc. - Examples: Fixed and , among others. Ray Tune: - Fixed vulnerabilities related to PBT trial ordering. - Examples: Fixed . Ray LLM: - Fixed vulnerabilities related to data flow, logging, state handling, NIXL side channels, etc. - Examples: Fixed and , among others. Ray RLlib: - Fixed vulnerabilities related to evaluation functions, prioritized experience replay buffers, layer specifications, multi-agent experience replay, etc. - Examples: Fixed and , among others. Ray Core: - Fixed vulnerabilities related to resource isolation, IPR, platform events, Nvidia B300 support, etc. - Examples: Fixed and , among others. Remediation Ray Data: - Fixed multiple vulnerabilities related to data serialization, deserialization, resource management, logging, etc. - Examples: Fixed and , among others. Ray Serve: - Fixed vulnerabilities related to gRPC clients, HAProxy, Autoscaler, replica management, etc. - Examples: Fixed and , among others. Ray Train: - Fixed vulnerabilities related to training resource registration, dataset fields, logging, state management, etc. - Examples: Fixed and , among others. Ray Tune: - Fixed vulnerabilities related to PBT trial ordering. - Examples: Fixed . Ray LLM: - Fixed vulnerabilities related to data flow, logging, state handling, NIXL side channels, etc. - Examples: Fixed and , among others. Ray RLlib: - Fixed vulnerabilities related to evaluation functions, prioritized experience replay buffers, layer specifications, multi-agent experience replay, etc. - Examples: Fixed and , among others. Ray Core: - Fixed vulnerabilities related to resource isolation, IPR, platform events, Nvidia B300 support, etc. - Examples: Fixed and , among others. POC Code or Exploit Code No specific POC code or exploit code is included in this document.

Goal Reached Thanks to every supporter — we hit 100%!

Ray Multiple Components Vulnerability Fix Advisory (RCE/Serialization)

More from this source