About CVE-2023-40088: When similar design flaws arise, perhaps you question the effectiveness of your security architecture? (7th Dec 2023)

Preface: Bluetooth is now a regular part of your mobile experience. It covers everything from audio to wireless headphones and speakers, pairing game controllers and keyboards, network connections, and even the occasional file transfer over the air.

Background: What is Bluetooth adapter in Android? The BluetoothAdapter lets you perform fundamental Bluetooth tasks, such as initiate device discovery, query a list of bonded (paired) devices, instantiate a BluetoothDevice using a known MAC address, and create a BluetoothServerSocket to listen for connection requests from other devices.

Vulnerability details: In callback_thread_event of com_android_bluetooth_btservice_AdapterService[.]cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: This vulnerability was named CVE-2023-40088 since 9th Aug 2023 and announced to public on 5th Dec 2023. The advisory is available at:



For AI world in future, NVIDIA has developed a Secure Deployment Considerations Guide address to Triton Inference Server (6th Dec 2023)

Preface: Artificial intelligence (AI) is growing like lightning. As a I.T computer user. Maybe we enjoy the benefits of smartphone apps features empowered by AI. As a matter of fact, we do no care or without knowledge what is AI back-end operations and architecture. For example, when you buy a steamed bun at the store, you certainly don’t worry about whether there are cockroaches in the kitchen. Because you know there are public health regulations in place to prevent that. This concept also applied to AI world. So, NVIDIAs has developed a Secure Deployment Considerations Guide address to Triton Inference Server. I hope this short article has piqued your interest.

Background: AI Inference is achieved through an “inference engine” that applies logical rules to the knowledge base to evaluate and analyze new information. In the process of machine learning, there are two phases. First, is the training phase where intelligence is developed by recording, storing, and labeling information. Second, is the inference phase where the machine uses the intelligence gathered and stored in phase one to understand new data.

General-purpose web servers lack support for AI inference features.

*There is no out-of-box support to take advantage of accelerators like GPUs, or to turn on dynamic batching or multi-node inference.

*Users need to build logic to meet the demands of specific use cases, like audio/video streaming input, stateful processing, or preprocessing the input data to fit the model.

*Metrics on compute and memory utilization or inference latency are not easily accessible to monitor application performance and scale.

Triton Inference Server provides a cloud and edge inferencing solution optimized for both CPUs and GPUs. Triton supports an HTTP/REST and GRPC protocol that allows remote clients to request inferencing for any model being managed by the server.

Secure Deployment Considerations: Artificial Intelligence (AI) and Machine Learning (ML) cannot keep to yourself without the support of programming languages. Developers can deploy Triton as an http server, a grpc server, a server supporting both, or embed a Triton server into their own application. Python is one of the major code languages for AI and ML. PyTriton is a simple interface that enables Python developers to use Triton Inference Server to serve AI models, simple processing functions, or entire inference pipelines within Python code.

For Secure Deployment Considerations – Please refer to the link for details – https://github.com/triton-inference-server/pytriton

CVE-2023-40082 whether caused by a previous vulnerability? (4th Dec 2023)

Preface: Das U-Boot (subtitled “the Universal Boot Loader” and often shortened to U-Boot. 

Background: Das U-Boot is an open-source boot loader used in embedded devices to perform various low-level hardware initialization tasks and boot the device’s operating system kernel. It is available for a number of computer architectures, including 68k, ARM, Blackfin, MicroBlaze, MIPS, Nios, SuperH, PPC, RISC-V and x86. 

Best practice: A bootloader design on the ARM platform is way different than what we have seen so far on the x86 platform. On the ARM platform, the minimalist bootloader design needs to implement the Trusted Board Boot (TBB) feature. The TBB feature allows the platform to be protected from malicious firmware attack by implementing a chain of trust (CoT) at each firmware level up to the normal world bootloader. Trusted Firmware (TF) implements a subset of the TBB requirements for ARM reference platform. 

Vulnerability details: In modify for next stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto.This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-40082

About ARM security advisory: CVE-2023-5427 –  improper GPU memory processing operations to gain access to already freed memory (4th Dec 2023)

Preface: If you need memory to live beyond the life of the current function, you need to allocate it on the heap with malloc and manage it yourself.

Background: The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Open Source Mali 5th Gen GPU Architecture Kernel Drivers family.

These components are not a complete driver stack. To build a functional OpenGL ES you need access to the full source code of the Mali GPU DDK, which is provided under the standard Arm commercial licence to all Mali GPU customers.

Vulnerability details: A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.


Bifrost GPU Kernel Driver: All versions from r44p0 – r45p0

Valhall GPU Kernel Driver: All versions from r44p0 – r45p0

Arm 5th Gen GPU Architecture Kernel Driver: All versions from r44p0 – r45p0

Resolution: This issue is fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r46p0. Users are recommended to upgrade if they are impacted by this issue.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

About CVE-2023-42917: Cybercriminals may exploit design flaws in iOS versions prior to 16.7.1 (1st Dec 2023)

Preface: Some people say that if AI (artificial intelligence) involves software development in the future, the occurrence of vulnerabilities may be reduced. On the other hand, experts speculate that the product development cycle may take more time. If artificial intelligence is also involved in business decisions, when they calculate the risk portfolio of products and company reputations. Furthermore, personal privacy regulations will be more mature than they are now. So, when the AI says the risk is high, business man will be afraid to take the risk or the penalty. Therefore, the above conditions guarantee the safety of the product. Today, the word “urgent” has become a common term when you create a request. Therefore, it becomes meaningless and everything in the operation queue is emergent in the concept of different owners. Perhaps artificial intelligence will handle so-called emergencies in a logical manner.

Background: WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux.

Safari Technology Preview 105 and Safari in the latest iOS 14.3 beta enabled support for the MediaRecorder API by default. This API takes as input live audio/video content to produce compressed media.

Vulnerability details: CVE-2023-42917 – A memory corruption vulnerability was addressed with improved locking.

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-42917

Safari – https://support.apple.com/en-us/HT214033

iOS and iPadOS – https://support.apple.com/en-us/HT214031

macOS Sonoma – https://support.apple.com/en-us/HT214032

Understanding machine learning (activation functions) in a casual way. (30th Nov 2023)

Preface: Maybe it’s a long story, but in a nutshell, this is page one. In fact, when you start studying on your first day. No matter it is an overview of AI technology. The information covers advanced mathematics, graphics and technical terminology. It will reduce your interest. In fact, the world of mathematics is complex. If a child is naturally insensitive to mathematical calculations. Could it be said that he is not suitable for working in artificial intelligence technology? The answer is not absolute. For example: Computer assembly language is difficult and complex to remember. Therefore, the solution is to develop other programming languages ​​and then convert (compile) them into machine language. This is a successful outcome in today’s technological world. Therefore, many people believe that artificial intelligence technology should help humans in other ways rather than replace human work.

Background: The machine learning process requires CPUs and GPUs. GPUs are used to train large deep learning models, while CPUs are good for data preparation, feature extraction, and small-scale models. For inference and hyperparameter tweaking, CPUs and GPUs may both be utilized.

CPU and GPU memory coherence requires data transfer, and requires defining what areas of memory are shared and with which GPUs.

Long story short: Cognition refers to the process of acquiring knowledge and understanding through thinking, experience and senses. In machine learning some neural networks will use custom non-linear activation functions or a non-standard image filter.

The technology behind facial recognition is based on deep learning, a subset of machine learning that involves training artificial neural networks to recognize patterns in data.

Ref: Non-Linear Activation Functions. The non-linear functions are known to be the most used activation functions. It makes it easy for a neural network model to adapt with a variety of data. Adaptive neural networks have the ability to overcome some significant challenges faced by artificial neural networks. The adaptability reduces the time required to train neural networks and also makes a neural model scalable as they can adapt to structure and input data at any point in time while training.

CVE-2023-46589: About TOMCAT , HTTP Trailer Header request smuggling (28th Nov 2023)

Preface: Forward proxy is used to forward traffic from a client to the internet, while a reverse proxy is used to forward traffic from the internet to a web server.

Background: A reverse proxy is a server, app, or cloud service that sits in front of one or more web servers to intercept and inspect incoming client requests before forwarding them to the web server and subsequently returning the server’s response to the client.

The HTTP specification provides two different ways to specify the end of a request: Content-Length and Transfer-Encoding. Classic request smuggling attacks involve placing both the Content-Length header and the Transfer-Encoding header into a single HTTP/1 request and manipulating these so that the front-end and back-end servers process the request differently.

Vulnerability details: Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

Remedy: Upgrading to version 8.5.96, 9.0.83, 10.1.16 or 11.0.0-M11 eliminates this vulnerability.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-46589

CVE-2023-33936: Vendor response to side-channel attacks targeting some Arm v8 CPUs (28th Nov 2023)

Preface: Prefetching means that monitors the memory access pattern of the running program and tries to predict what data the program will access next and prefetches that data.

The Spatial Memory Streaming, a practical on-chip hardware technique that identifies code- correlated spatial access patterns and streams predicted blocks to the primary cache ahead of demand misses.

Background: Software that performs secret-based memory access is vulnerable to well-known cache-based side channel attacks, which can be used to extract secrets based on memory access patterns.

Vulnerability details: Arm reserved CVE-2023-33936 for this issue, however, the Arm PSIRT is not aware of any implementation which strictly adheres to the earlier specification of FEAT_CSV2 and therefore no Arm-based CPUs are thought to be affected by this change. 

Security Focus: Under certain conditions, it may be possible for code in one hardware-defined context to leak to the speculative execution of code in a different hardware-defined context using virtual address-based cache prefetch predictions.

Affected Products: Under the new guidance in section B2.2.3.11 which will be updated in the next public release of the ArmARM, the Arm PSIRT is not aware of any products affected under the revised specification.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Prefetcher%20Side%20Channels

Get closer CVE-2023-20592: Related to certain models of AMD CPUs (27th Nov 2023)

Preface: Since we have virtual machines, memory management is more difficult to manage. Maybe you disagree. Yes, in theory, the effective memory type is determined by the PAT entry value and the MTRR value.

Background: The hypervisor (HV) virtualizes real physical memory so an unmodified OS (such as Linux or Android) that is running in a virtual machine can manage its own contiguous physical memory. The ACRN Hypervisor is a Type 1 hypervisor, running directly on bare-metal hardware. Examples of popular bare-metal hypervisors are Microsoft Hyper-V, Citrix XenServer and VMware ESXi. In ACRN, the hypervisor only virtualizes MTRRs fixed range (0~1MB). The HV sets MTRRs of the fixed range as Write-Back for a User VM, and the Service VM reads native MTRRs of the fixed range set by BIOS.

The INVD instruction is a privileged instruction. When the processor is running in protected mode, the CPL of a program or procedure must be 0 to execute this instruction.

Vulnerability details: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.


No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.

As a mitigation for the potential vulnerability, AMD has provided a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”) for customers with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled.  No performance impact is expected from the patch.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-20592

Pulling back the curtain on Python satellite technology (24th Nov 2023)

Preface: Satellite communications use the very high-frequency range of 1–50 gigahertz (GHz; 1 gigahertz = 1,000,000,000 hertz) to transmit and receive signals. The frequency ranges or bands are identified by letters: (in order from low to high frequency) L-, S-, C-, X-, Ku-, Ka-, and V-bands. The band 435- 438 MHz is heavily used for amateur satellites in accordance with No. 5.282. No. 5.278 (WRC-19) provides primary status for the amateur service at 430-440 MHz in 11 countries in Region 2.

Background: About twenty-five years ago, satellites were advanced technology. Satellite technology services, especially GPS, have become commonplace today. Perhaps it is an invisible force that makes development stronger and stronger. Who is this knight? It is the Python programming language technology. But you may ask, why do people always say that Python program development has a large share in the industrial world including aerospace technology. Long story short, Python has ready-made software modules, and software developers can use similar concepts to start their new development. This is the advantage of open source software.

Pulling back the curtain on Python satellite technology: gr-satellites is an OOT module encompassing a collection of telemetry decoders that supports nearly 40 different Amateur satellites. This open-source project started in 2015 with the goal of providing telemetry decoders for all the satellites that transmit on the Amateur radio bands.

gr-satellites is a GNU Radio out-of-tree module encompassing a collection of telemetry decoders that supports many different Amateur satellites.It supports most popular protocols, such as AX.25, the GOMspace NanoCom U482C and AX100 modems, an important part of the CCSDS stack, the AO-40 protocol used in the FUNcube satellites, and several ad-hoc protocols used in other satellites.

The KISS frame allow transmission of AX.25 packet radio frames containing IP packets over an asynchronous serial link.

KISS stands for “Keep It Simple, Stupid” and is not only a design principle, but also one of the most used Host-to-TNC communication protocols in HAM Radios. It is a very simple protocol that standardizes the transmission of data, normally AX.25 packets, over a asynchronous serial link, like RS232 or UART. It allows the transmission any arbitrary data, with no length limitation.

Reference: Using GPS in amateur radio is about GPS and other GNSS (Global Navigation Satellite System) satellites and how we can use the data broadcast by them for amateur radio. You will find that GPS benefits in digital modes like FT8, WSPR, and WSJT which rely on accurate transmit and receive period timing and this is easy to achieve with internet access to international time servers.

Please refer to the link for details: