About CVE-2023-2124: If you manage very large Linux environments, maybe you’ve already fixed it. (16th May 2023)

Preface: For very large environments, the XFS file system that was developed by SGI for use on supercomputers is probably the best choice.

Background: XFS consumes roughly twice as much CPU per metadata operation as Ext3 and Ext4 compared to Ext3 and Ext4. XFS is a 64-bit file system. XFS is the default file system for Red Hat Enterprise Linux 7.
XFS is well-known for its ability to handle large amounts of data with ease. By using XFS on your SSD, you can ensure that your files are safe. Solid-state drives (SSDs) are the most common storage drives today.

Vulnerability details: CVE-2023-2124 – An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Official technical details: please refer to the link – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210

About CVE-2022-40023: Do not contempt the earlier CVE record. Perhaps it will became a key point benefits to cyber criminals. (15th May 2023)

Preface: The lexer creates tokens (see TokenType and Token) from an input string. The input string is expected to be in infix notation form. The lexer can convert an infix stream into a postfix stream (Reverse Polish Notation) for further processing by a Parser.

Background: Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance.
Why template is used in Python? Template Method is a behavioral design pattern that allows you to defines a skeleton of an algorithm in a base class and let subclasses override the steps without changing the overall algorithm’s structure.

Vulnerability details: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2258 advisory.

Official announcement:For details, please refer to the link – https://errata.almalinux.org/9/ALSA-2023-2258.html

Reference: https://www.businesswire.com/news/home/20230413005066/en/AlmaLinux-to-be-Used-by-CERN-and-Fermilab-in-Groundbreaking-Physics-Experiments

About CVE-2023-21666 – Memory Corruption in Graphics while accessing a buffer [Android Security Bulletin in 1st May 2023] (12th May 2023)

Preface: In smartphone, a GPU is similar a graphic card. Meanwhile, it’s the GRAPHICS PROCESSING UNIT which is similar to the CPU processor but instead it’s specifically dedicated for rendering 3D graphics. If your phone does not have one, then you will not be able to play any 3D games.

Background: Whenever a user space application requests a memory allocation for graphics processing, existing technology will seek to allocated nearest order pages from system memory (initially) to map to the GPU.
A patent design
KGSL pool is common for all the clients or processes that are using the graphics user space driver of the device. Whenever a user space application requests a memory allocation for graphics processing, existing design will seek to allocated nearest order pages from system memory (initially) to map to the GPU. Once the application is done with its work, it releases those pages back to the KGSL pool as free for another allocation.
the KGSL pool is common for all the clients or processes that are using the graphics user space driver of the device.

Vulnerability details: Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Official announcement – For details, please refer to the link below
Android: https://source.android.com/docs/security/bulletin/2023-05-01
Qualcomm: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2023-bulletin.html

About Artificial Intelligence (NVIDIA® DGX-1): Closer look at CVE‑2023‑0209 (11th May 2023)

Preface: NVIDIA DGX-1 is an integrated deep learning workstation with a large computing capacity, which can be used to run demanding deep learning workloads. It provides GPU computing power of 1 PetaFLOPS (1 quadrillion floating-point operations per second).

Background: Historically, both vendors and attackers have overlooked (pre)EFI boot process (in)security; pre-EFI Initialization (PEI) boot stage opens many doors and offers flexibility to attackers.
The Pre-EFI Initialization (PEI) phase provides a standardized method of loading and invoking specific initial configuration routines for the processor, chipset, and system board. The PEI phase occurs after the Security (SEC) phase. The primary purpose of code operating in this phase is to initialize enough of the system to allow instantiation of the Driver Execution Environment (DXE) phase.
The Driver Execution Environment (DXE) phase is where most of the system initialization is performed. Pre-EFI Initialization (PEI), the phase prior to DXE, is responsible for initializing permanent memory in the platform so that the DXE phase can be loaded and executed.

Note: Security (SEC) and Pre-EFI (PEI) phases – both are controlled by the firmware vendor.
SEC – Init CPU, clear caches, load BIOS ROM
PEI – Initialize chipset, RAM, devices, Secure Boot (Record Secure Boot in PCR 7)

Vulnerability details: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.

Official announcement: For details, please refer to the link – https://nvidia.custhelp.com/app/answers/detail/a_id/5458

CVE-2023-24941 – Windows Network File System Remote Code Execution Vulnerability. One of the possible ways to trigger the attack. (10th May 2023)

Preface: The NFS 4.1 design flaw was released in August 2019 because it only affected the Linux operating system kernel at the time. It was hard to predict, and now it is going to the Windows platform!

Background: Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows operating systems, such as Linux or UNIX.
NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers. Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.

Vulnerability detail: Windows Network File System Remote Code Execution Vulnerability

Since vendor do not disclose the technical details. My speculation is shown as below:

Point 1 – Network File System (NFS) Protocol uses Open Network Computing (RPC) to exchange control messages. The design weakness occurs due to incorrect calculation of the size of response messages.
Point 2 – The server calls a function to calculate the size of each opcode response, though it does not include the size of the opcode itself. Due to this, the response buffer becomes too small and an overflow may happen.

When the source Linux server is invaded by the NFS4.1 vulnerability, the attacker will rely on point 1 and point 2 design weakness to attack the target Windows OS server.

Workaround: This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1.

Official announcement: For details, please refer to the link – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941

CVE-2023-2513: use-after-free in ext4_xattr_set_entry (8th May 2023)

Preface: The vulnerability was fixed in Aug 2022. This is not a zero day and therefore published this month.

Background: ext4 is the default file system for many Linux distributions including Debian and Ubuntu. Furthermore, ext4 is the default file system for DigitalOcean Volumes Block Storage. Also, Google has used Ext4 on Android since Android 2.3.

To create files on Ext4, you need to format the partition with the Ext4 file system using the mkfs.ext4 command:

mke4fs -t ext4 blockdevice

Vulnerability details: A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-2513

Do you know what AI thinking?But sooner or later he will become smarter than common people (8th May 2023).

Preface: The 2012 Mayans doomsday prophecy perhaps is a joke.
However the poor weather havoc and unpredictable. The sudden weather change become more destructive. As a matter of fact, scientists urge that this extreme change of weather related to current environment.
What’s more, the prophecy does not record how nature will change immediately. Nor does it say that the specified date will be over on the same day.

Background: AI inventions, similar advent of the atomic bomb, will completely change the world, said Warren Buffett.
Going back two years, some speakers at the workshop said not to worry. AI won’t affect your job. In fact, artificial intelligence will replace low-level labor in the next few years. It does not substitute 100% immediately within the specified time.
Buffett said that Microsoft founder Bill Gates once showed him the latest version of ChatGPT, in which the program can check all legal opinions in a very short time, which impressed him. He believes the power of AI technology should be cause for concern.

Common Open Source AI Software: Before AI knows how to use his intelligence to protect itself well without relying on people. We should know who he is and receive a basic understand to him.

Acumos AI: Based on Linux, to help integrate other frameworks and develop cloud-based AI apps.
ClearML: ClearML announced a free hosted plan to give data scientists the freedom to manage AI/ML experiments and orchestrate workloads without investing in additional resources.
H2O.ai: Integration with Hadoop and Spark for big data-based AI modeling. Library of ML algorithms including supervised and unsupervised learning
Mycroft.ai: Mycroft powers various elements of the voice stack using open source AI technology. There is a large community of users, developers, and translators, to constantly improve the AI algorithms.
OpenCV: Proven applications across a variety of use cases, including facial recognition, human-computer interactions, object detection, motion tracking, and more.
ML library containing algorithms for decision tree learning, k-nearest neighbor algorithm, artificial neural networks, random forest, and deep neural networks (DNN), among others.
OpenNN: OpenNN is an open source AI software library for implementing neural networks and ML.
PyTorch: A production-ready environment powered by TorchServe for quickly deploying models. A distributed backend architecture to enable distributed training and performance optimization.
Rasa (Open Source): Natural language understanding to convert messages into structured data and analyze intent.
TensorFlow: Support for multiple languages, including JavaScript, which is relatively rare in the open source AI space.
Tesseract OCR: Tesseract is an OCR engine originally developed by Hewlett Packard as a proprietary technology in the 1980s. It launched as an open source AI software with sponsorship from Google in 2006. Its primary implementation is meant for unstructured data processing and text from image extraction, executed entirely from a common line interface.

Former CNBC article for reference: https://www.cnbc.com/2017/11/06/stephen-hawking-ai-could-be-worst-event-in-civilization.html

About CVE-2023-21511 – How local attacker to read arbitrary memory? (6th May 2023)

Preface: TEE is an area on the chipset that works like a TPM, but is not physically isolated from the rest of the chip.

Background: The Trusted Execution Environment (TEE) is a secure area within the main processor. As an isolation environment, it ensures that the code and data loaded in the TEE are protected from software attacks and vulnerabilities in the Rich Execution Environment (REE).
How Samsung Blockchain Keystore leverages TEE? Samsung Blockchain Keystore SDK allows your Android DApp to communicate directly with Samsung Blockchain Keystore, a preloaded feature on selected Galaxy devices.
Developers can use an API provided by the Samsung Blockchain Keystore to check if a user is ready to use Samsung Blockchain Keystore. If the user has not created a wallet yet, developers can direct the user to create a new wallet to leverage Samsung Blockchain Keystore features.

Vulnerability details: Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Official announcement: For details, please refer to the link – https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05

About CVE-2023-27999 (FortiADC from Fortinet): Are old vulnerabilities showing up again? (4th May 2023)

Preface: In former design weakness, attacker can smuggle commands using backticks in the “Name” field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system.
This article a speculation, since vendor do not have technical details provided in this CVE record.

Background: FortiADC is an advanced Application Delivery Controller (ADC) that ensures application availability, application security, and application optimization.

For example: Configure a SAML service provider
To configure an SP, you must have the required IDP metadata file imported into FortiADC ahead of time.

  • Click User Authentication > SAML.
  • Select the SAML Service Providers tab, if it is not selected.
  • Click Create New to open the SAML Service Providers configuration editor.
  • Configure the settings.

Vulnerability details: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Official Announcement: See the link below for details – https://cve.report/CVE-2023-27999