Skip to content

[AutoPR- Security] Patch keras for CVE-2026-0897 [HIGH] #15517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
azurelinux-security wants to merge 1 commit into
base: fasttrack/3.0
Choose a base branch
from
+99 −1
Draft

[AutoPR- Security] Patch keras for CVE-2026-0897 [HIGH] #15517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions SPECS/keras/CVE-2026-0897.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
From 557b7c38f2797aca0059deb3fafbfea550a093d2 Mon Sep 17 00:00:00 2001
From: AllSpark <[email protected]>
Date: Fri, 16 Jan 2026 17:42:25 +0000
Subject: [PATCH] Fix DoS via malicious HDF5 dataset metadata in
H5IOStore.__getitem__; add MAX_BYTES limit; harden dataset shape/dtype
validation

Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
Upstream-reference: AI Backport of https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6.patch
---
keras/src/saving/saving_lib.py | 59 ++++++++++++++++++++++++++++++++--
1 file changed, 57 insertions(+), 2 deletions(-)

diff --git a/keras/src/saving/saving_lib.py b/keras/src/saving/saving_lib.py
index 1668489..0bcce01 100644
--- a/keras/src/saving/saving_lib.py
+++ b/keras/src/saving/saving_lib.py
@@ -24,6 +24,10 @@ try:
except ImportError:
h5py = None

+
+# Maximum allowed HDF5 dataset size in bytes (4 GiB)
+MAX_BYTES = 1 << 32 # 4 GiB
+
_CONFIG_FILENAME = "config.json"
_METADATA_FILENAME = "metadata.json"
_VARS_FNAME = "model.weights" # Will become e.g. "model.weights.h5"
@@ -696,9 +700,60 @@ class H5Entry:

def __getitem__(self, name):
value = self.group[name]
+
+ # ------------------------------------------------------
+ # CASE 2 — HDF5 DATASET → SAFE LOADING
+ # ------------------------------------------------------
+
+ # Skip any objects that are not proper datasets
+ if not hasattr(value, "shape") or not hasattr(value, "dtype"):
+ # Fallback: attempt read if possible, else return as-is
+ try:
+ return value[()]
+ except Exception:
+ return value
+
+ shape = value.shape
+ dtype = value.dtype
+
+ # ------------------------------------------------------
+ # Validate SHAPE (avoid malformed / malicious metadata)
+ # ------------------------------------------------------
+
+ # No negative dimensions
+ if any(dim < 0 for dim in shape):
+ raise ValueError(
+ "Malformed HDF5 dataset shape encountered in .keras file; "
+ "negative dimension detected."
+ )
+
+ # Prevent absurdly high-rank tensors
+ if len(shape) > 64:
+ raise ValueError(
+ "Malformed HDF5 dataset shape encountered in .keras file; "
+ "tensor rank exceeds safety limit."
+ )
+
+ # Safe product computation (Python int is unbounded)
+ num_elems = int(np.prod(shape))
+
+ # ------------------------------------------------------
+ # Validate TOTAL memory size
+ # ------------------------------------------------------
+ size_bytes = num_elems * dtype.itemsize
+ if size_bytes > MAX_BYTES:
+ raise ValueError(
+ f"HDF5 dataset too large to load safely "
+ f"({size_bytes} bytes; limit is {MAX_BYTES})."
+ )
+
+ # ------------------------------------------------------
+ # SAFE — load dataset (guaranteed ≤ 4 GiB)
+ # ------------------------------------------------------
+ arr = value[()]
if "dtype" in value.attrs and value.attrs["dtype"] == "bfloat16":
- value = np.array(value, dtype=ml_dtypes.bfloat16)
- return value
+ arr = np.array(arr, dtype=ml_dtypes.bfloat16)
+ return arr


class NpzIOStore:
--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/keras/keras.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Summary: Keras is a high-level neural networks API.
Name: keras
Version: 3.3.3
Release: 5%{?dist}
Release: 6%{?dist}
License: ASL 2.0
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand All @@ -16,6 +16,7 @@ Patch01: CVE-2025-1550.patch
Patch02: CVE-2025-8747.patch
Patch03: CVE-2025-9905.patch
Patch4: CVE-2025-12060.patch
Patch5: CVE-2026-0897.patch

# Fix for CVE-2025-9906 included as part of CVE-2025-8747 and kept here as nopatch
# and commented out, because from patch command perspective, these files
Expand Down Expand Up @@ -80,6 +81,9 @@ python3 pip_build.py --install


%changelog
* Fri Jan 16 2026 Azure Linux Security Servicing Account <[email protected]> - 3.3.3-6
- Patch for CVE-2026-0897

* Fri Oct 31 2025 Azure Linux Security Servicing Account <[email protected]> - 3.3.3-5
- Patch for CVE-2025-12060

Expand Down
Loading