Preface: For very large environments, the XFS file system that was developed by SGI for use on supercomputers is probably the best choice.
Background: XFS consumes roughly twice as much CPU per metadata operation as Ext3 and Ext4 compared to Ext3 and Ext4. XFS is a 64-bit file system. XFS is the default file system for Red Hat Enterprise Linux 7. XFS is well-known for its ability to handle large amounts of data with ease. By using XFS on your SSD, you can ensure that your files are safe. Solid-state drives (SSDs) are the most common storage drives today.
Vulnerability details: CVE-2023-2124 – An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Preface: The lexer creates tokens (see TokenType and Token) from an input string. The input string is expected to be in infix notation form. The lexer can convert an infix stream into a postfix stream (Reverse Polish Notation) for further processing by a Parser.
Background: Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Why template is used in Python? Template Method is a behavioral design pattern that allows you to defines a skeleton of an algorithm in a base class and let subclasses override the steps without changing the overall algorithm’s structure.
Vulnerability details: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2258 advisory.
Preface: In smartphone, a GPU is similar a graphic card. Meanwhile, it’s the GRAPHICS PROCESSING UNIT which is similar to the CPU processor but instead it’s specifically dedicated for rendering 3D graphics. If your phone does not have one, then you will not be able to play any 3D games.
Background: Whenever a user space application requests a memory allocation for graphics processing, existing technology will seek to allocated nearest order pages from system memory (initially) to map to the GPU. A patent design KGSL pool is common for all the clients or processes that are using the graphics user space driver of the device. Whenever a user space application requests a memory allocation for graphics processing, existing design will seek to allocated nearest order pages from system memory (initially) to map to the GPU. Once the application is done with its work, it releases those pages back to the KGSL pool as free for another allocation. the KGSL pool is common for all the clients or processes that are using the graphics user space driver of the device.
Vulnerability details: Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
Preface: NVIDIA DGX-1 is an integrated deep learning workstation with a large computing capacity, which can be used to run demanding deep learning workloads. It provides GPU computing power of 1 PetaFLOPS (1 quadrillion floating-point operations per second).
Background: Historically, both vendors and attackers have overlooked (pre)EFI boot process (in)security; pre-EFI Initialization (PEI) boot stage opens many doors and offers flexibility to attackers. The Pre-EFI Initialization (PEI) phase provides a standardized method of loading and invoking specific initial configuration routines for the processor, chipset, and system board. The PEI phase occurs after the Security (SEC) phase. The primary purpose of code operating in this phase is to initialize enough of the system to allow instantiation of the Driver Execution Environment (DXE) phase. The Driver Execution Environment (DXE) phase is where most of the system initialization is performed. Pre-EFI Initialization (PEI), the phase prior to DXE, is responsible for initializing permanent memory in the platform so that the DXE phase can be loaded and executed.
Note: Security (SEC) and Pre-EFI (PEI) phases – both are controlled by the firmware vendor. SEC – Init CPU, clear caches, load BIOS ROM PEI – Initialize chipset, RAM, devices, Secure Boot (Record Secure Boot in PCR 7)
Vulnerability details: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.
Preface: The NFS 4.1 design flaw was released in August 2019 because it only affected the Linux operating system kernel at the time. It was hard to predict, and now it is going to the Windows platform!
Background: Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows operating systems, such as Linux or UNIX. NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers. Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.
Vulnerability detail: Windows Network File System Remote Code Execution Vulnerability
Since vendor do not disclose the technical details. My speculation is shown as below:
Point 1 – Network File System (NFS) Protocol uses Open Network Computing (RPC) to exchange control messages. The design weakness occurs due to incorrect calculation of the size of response messages. Point 2 – The server calls a function to calculate the size of each opcode response, though it does not include the size of the opcode itself. Due to this, the response buffer becomes too small and an overflow may happen.
When the source Linux server is invaded by the NFS4.1 vulnerability, the attacker will rely on point 1 and point 2 design weakness to attack the target Windows OS server.
Workaround: This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1.
Preface: The vulnerability was fixed in Aug 2022. This is not a zero day and therefore published this month.
Background: ext4 is the default file system for many Linux distributions including Debian and Ubuntu. Furthermore, ext4 is the default file system for DigitalOcean Volumes Block Storage. Also, Google has used Ext4 on Android since Android 2.3.
To create files on Ext4, you need to format the partition with the Ext4 file system using the mkfs.ext4 command:
mke4fs -t ext4 blockdevice
Vulnerability details: A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Preface: The 2012 Mayans doomsday prophecy perhaps is a joke. However the poor weather havoc and unpredictable. The sudden weather change become more destructive. As a matter of fact, scientists urge that this extreme change of weather related to current environment. What’s more, the prophecy does not record how nature will change immediately. Nor does it say that the specified date will be over on the same day.
Background: AI inventions, similar advent of the atomic bomb, will completely change the world, said Warren Buffett. Going back two years, some speakers at the workshop said not to worry. AI won’t affect your job. In fact, artificial intelligence will replace low-level labor in the next few years. It does not substitute 100% immediately within the specified time. Buffett said that Microsoft founder Bill Gates once showed him the latest version of ChatGPT, in which the program can check all legal opinions in a very short time, which impressed him. He believes the power of AI technology should be cause for concern.
Common Open Source AI Software: Before AI knows how to use his intelligence to protect itself well without relying on people. We should know who he is and receive a basic understand to him.
Preface: TEE is an area on the chipset that works like a TPM, but is not physically isolated from the rest of the chip.
Background: The Trusted Execution Environment (TEE) is a secure area within the main processor. As an isolation environment, it ensures that the code and data loaded in the TEE are protected from software attacks and vulnerabilities in the Rich Execution Environment (REE). How Samsung Blockchain Keystore leverages TEE? Samsung Blockchain Keystore SDK allows your Android DApp to communicate directly with Samsung Blockchain Keystore, a preloaded feature on selected Galaxy devices. Developers can use an API provided by the Samsung Blockchain Keystore to check if a user is ready to use Samsung Blockchain Keystore. If the user has not created a wallet yet, developers can direct the user to create a new wallet to leverage Samsung Blockchain Keystore features.
Vulnerability details: Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 18.104.22.168 allows local attacker to read arbitrary memory.
Preface: In former design weakness, attacker can smuggle commands using backticks in the “Name” field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system. This article a speculation, since vendor do not have technical details provided in this CVE record.
Background: FortiADC is an advanced Application Delivery Controller (ADC) that ensures application availability, application security, and application optimization.
For example: Configure a SAML service provider To configure an SP, you must have the required IDP metadata file imported into FortiADC ahead of time.
Click User Authentication > SAML.
Select the SAML Service Providers tab, if it is not selected.
Click Create New to open the SAML Service Providers configuration editor.
Configure the settings.
Vulnerability details: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.