Preface: In computer programming, transient is a property of any element in the system that is temporary. The term applies to transient applications.
Background: Within frequency, In-band discovery is used for communication between 6 GHz devices. There are three in-band discovery methods: Fast Initial Link Setup (FILS) and Unsolicited Probe Response (UPR) frames are passive in-band discovery methods. Choose one of FILS and UPR and cannot use them at the same time. The 6 GHz discovery frame is only required when 6 GHz is the only operable radio frequency band. Preferred Scan Channel (PSC) is an active in-frequency discovery method. Wireless clients will only probe PSC channels; if detecting from the RNR, non-PSCs will be scanned.
Vulnerability details: Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Ref: The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Preface: Veeam ONE agent is a component that enables communication with Veeam Backup & Replication servers, performs collection of logs, and sends remediation commands. It is recommended to install Veeam ONE agent to improve data collection performance in large-scale Veeam Backup & Replication infrastructures.
Background: Veeam ONE supports two deployment scenarios:
• All-in-one
The all-in-one deployment scenario is ideal if you want to consolidate the entire product functionality in one place by installing all product architectural components on a single machine. This scenario is preferable for small- to medium-scale deployments.
• Custom
The custom deployment scenario is more suitable if you want to separate client/server roles and install product architectural components on different machines. This scena rio is recommended for large-scale deployments.
Vulnerability details: A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
Preface: The world’s first web-speed, internet-scale public blockchain. At the virtual event launching Sodium on September 30, 2022, the DFINITY Foundation will launch the Network Nervous System, an open algorithmic governance system that controlling the Internet computer. The event will also showcase in-depth technical material on advanced cryptography, consensus protocols, and token economics.
Background: Inter–canister calls can be used to update information between two or more canisters.
ic-cdk : Inter-canister calls for the ICRC-1 ledger.
ledger-icrc-js : A library for interfacing with ICRC-1 ledger on the Internet Computer.
When you deploy the WebAssembly module that contains your program on the Internet Computer blockchain, the program is executed inside a conceptual computational unit called a canister. Canisters can be developed in various programming languages.
With respect to update calls, canisters are “software actors” and may only contain a single thread of execution at any time, obviating the need for concurrency primitives such as mutexes. However, when update calls block on cross-canister calls to other canisters, other update calls can be started or continued, allowing for interleaving.
Ref: In most cases, you use dfx canister subcommands after you compile a program to manage the canister lifecycle and to perform key tasks such as calling program functions. The basic syntax for running dfx canister commands is: dfx canister <subcommand> [options]
Vulnerability details: When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture allows multiple references to be held for this internal state and not all references were dropped before the Future is resolved. Since we have unaccounted references held, a copy of the internal state ended up being persisted in the canister’s heap and thus causing a memory leak. Impact Canisters built in Rust with ic_cdk and ic_cdk_timers are affected. If these canisters call a canister method, use timers or heartbeat, they will likely leak a small amount of memory on every such operation. In the worst case, this could lead to heap memory exhaustion triggered by an attacker.
Preface: The AMD Radeon Instinct™ MI50 server accelerator designed on the world’s First 7nm FinFET technology process brings customers a full-feature set based on the industry’s newest technologies. The MI50 is AMD’s workhorse accelerator offering that is ideal for large scale deep learning. Delivering up to 26.5 TFLOPS of native half-precision (FP16) or up to 13.3 TFLOPS single-precision (FP32) peak floating point performance and INT8 support and combined with 16GB or 32GB of high-bandwidth HBM2 ECC memory, the AMD Radeon Instinct™ MI50 brings customers finely balanced performance needed for enterprise-class, mid-range compute capable of training complex neural networks for a variety of demanding deep learning applications in a cost effective design.
Background: The drm/amdgpu driver supports all AMD Radeon GPUs based on the Graphics Core Next (GCN), Radeon DNA (RDNA), and Compute DNA (CDNA) architectures.
CDNA (Compute DNA) is a compute-centered graphics processing unit (GPU) microarchitecture designed by AMD for datacenters.
AMD CDNA architecture is supported by AMD ROCm™, an open software stack that includes a broad set of programming models, tools, compilers, libraries, and runtimes for AI and HPC solution development targeting AMD Instinct accelerators.
Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)
Preface: Use after free errors sometimes have no effect and other times cause a program to crash. While it is technically feasible for the freed memory to be re-allocated and for an attacker to use this reallocation to launch a buffer overflow attack.
Background: When the GPU returns ownership of the buffer to the CPU, the driver needs to treat imported and non-imported memory differently. The first case to consider is non-imported sub-regions at the beginning of the first page and at the end of last page. For these sub-regions: CPU cache shall be committed with a clean+invalidate, in order to keep the last CPU write. Imported region prefers the opposite treatment: this memory has been legitimately mapped and used by the GPU, hence GPU writes shall be committed to memory, while CPU cache shall be invalidated to make sure that CPU reads the correct memory content.
Vulnerability details: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Impact: This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.
Preface: Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc.
Background: The Qualcomm Type 1 Hypervisor facilitates the hosting of multiple trusted execution environments for secure use cases. The figure shows the architecture of the Qualcomm Hypervisor software stack, its components, and virtual machines (VM). This figure includes an example of one guest VM using the Linux kernel.
Interprocess communication (IPC), This includes shared memory, message passing (IPC) APIs, and virtual interrupts. The ioctl function performs the generic I/O operation command on filedes . A third argument is usually present, either a single number or a pointer to a structure.
Ref: EL2 provides support for virtualization
Vulnerability details: Use After Free in Qualcomm IPC, Memory corruption while processing concurrent IOCTL calls.
Preface: When an out-of-bounds read occurs, typically the product has already made a separate mistake, such as modifying an index or performing pointer arithmetic that produces an out-of-bounds address.
Background: MediaTek JPEG Decoder is the JPEG decode hardware present in MediaTek SoCs. The jpeg decoder hardware device node which should be added as subnodes to the main jpeg node.
IOMMU is the so-called SMMU, which can organize discontinuous physical memory into a continuous virtual memory (this makes sense for many drivers).
Vulnerability details:
CVE-2024-20084 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20085 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Preface: OpenAI revealed that the project cost $100 million, took 100 days, and used 25,000 NVIDIA A100 GPUs. Each server equipped with these GPUs uses approximately 6.5 kW, so an estimated 50 GWh of energy is consumed during training.
Background: Parallel processing is a method in computing of running two or more processors (CPUs) to handle separate parts of an overall task. Breaking up different parts of a task among multiple processors will help reduce the amount of time to run a program. GPUs render images more quickly than a CPU because of its parallel processing architecture, which allows it to perform multiple calculations across streams of data simultaneously. The CPU is the brain of the operation, responsible for giving instructions to the rest of the system, including the GPU(s).
NVIDIA CUDA provides a simple C/C++ based interface. The CUDA compiler leverages parallelism built into the CUDA programming model as it compiles your program into code. CUDA is a parallel computing platform and programming interface model created by Nvidia for the development of software which is used by parallel processors. It serves as an alternative to running simulations on traditional CPUs.
Vulnerability details:
CVE-2024-0110: NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.
CWE‑787 Code execution, denial of service (Severity – Medium)
Ref: The integer overflow may result in an out-of-bounds write.
Preface: A race condition vulnerability is a software bug that allows these unexpected results to be exploited by malicious entities.
The Race condition is a privilege escalation vulnerability that manipulates the time between imposing a security control and using services in a UNIX like system. This vulnerability is a result of interferences caused by multiple sequential threads running in the system and sharing the same resources.
Background: TranscodingResourcePolicy is a component of the Android platform/frameworks/av package that manages resource policies for transcoding operations. Transcoding is the process of converting media files from one format to another.
Vulnerability details: In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Preface: The key leaked in 2023, it was one of the test dummy keys that AMI was shipping since as early as May 2012, said security firm.
The so-called Platform Key (PK) from American Megatrends International (AMI) serves as the root of trust during the Secure Boot PC startup chain, and verifies the authenticity and integrity of a device’s firmware and boot software.
Background: The so-called Platform Key (PK) from American Megatrends International (AMI) serves as the root of trust during the Secure Boot PC startup chain, and verifies the authenticity and integrity of a device’s firmware and boot software.
Vulnerability details: A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.