Understanding machine learning (activation functions) in a casual way. (30th Nov 2023)

Preface: Maybe it’s a long story, but in a nutshell, this is page one. In fact, when you start studying on your first day. No matter it is an overview of AI technology. The information covers advanced mathematics, graphics and technical terminology. It will reduce your interest. In fact, the world of mathematics is complex. If a child is naturally insensitive to mathematical calculations. Could it be said that he is not suitable for working in artificial intelligence technology? The answer is not absolute. For example: Computer assembly language is difficult and complex to remember. Therefore, the solution is to develop other programming languages ​​and then convert (compile) them into machine language. This is a successful outcome in today’s technological world. Therefore, many people believe that artificial intelligence technology should help humans in other ways rather than replace human work.

Background: The machine learning process requires CPUs and GPUs. GPUs are used to train large deep learning models, while CPUs are good for data preparation, feature extraction, and small-scale models. For inference and hyperparameter tweaking, CPUs and GPUs may both be utilized.

CPU and GPU memory coherence requires data transfer, and requires defining what areas of memory are shared and with which GPUs.

Long story short: Cognition refers to the process of acquiring knowledge and understanding through thinking, experience and senses. In machine learning some neural networks will use custom non-linear activation functions or a non-standard image filter.

The technology behind facial recognition is based on deep learning, a subset of machine learning that involves training artificial neural networks to recognize patterns in data.

Ref: Non-Linear Activation Functions. The non-linear functions are known to be the most used activation functions. It makes it easy for a neural network model to adapt with a variety of data. Adaptive neural networks have the ability to overcome some significant challenges faced by artificial neural networks. The adaptability reduces the time required to train neural networks and also makes a neural model scalable as they can adapt to structure and input data at any point in time while training.

CVE-2023-46589: About TOMCAT , HTTP Trailer Header request smuggling (28th Nov 2023)

Preface: Forward proxy is used to forward traffic from a client to the internet, while a reverse proxy is used to forward traffic from the internet to a web server.

Background: A reverse proxy is a server, app, or cloud service that sits in front of one or more web servers to intercept and inspect incoming client requests before forwarding them to the web server and subsequently returning the server’s response to the client.

The HTTP specification provides two different ways to specify the end of a request: Content-Length and Transfer-Encoding. Classic request smuggling attacks involve placing both the Content-Length header and the Transfer-Encoding header into a single HTTP/1 request and manipulating these so that the front-end and back-end servers process the request differently.

Vulnerability details: Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

Remedy: Upgrading to version 8.5.96, 9.0.83, 10.1.16 or 11.0.0-M11 eliminates this vulnerability.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-46589

CVE-2023-33936: Vendor response to side-channel attacks targeting some Arm v8 CPUs (28th Nov 2023)

Preface: Prefetching means that monitors the memory access pattern of the running program and tries to predict what data the program will access next and prefetches that data.

The Spatial Memory Streaming, a practical on-chip hardware technique that identifies code- correlated spatial access patterns and streams predicted blocks to the primary cache ahead of demand misses.

Background: Software that performs secret-based memory access is vulnerable to well-known cache-based side channel attacks, which can be used to extract secrets based on memory access patterns.

Vulnerability details: Arm reserved CVE-2023-33936 for this issue, however, the Arm PSIRT is not aware of any implementation which strictly adheres to the earlier specification of FEAT_CSV2 and therefore no Arm-based CPUs are thought to be affected by this change. 

Security Focus: Under certain conditions, it may be possible for code in one hardware-defined context to leak to the speculative execution of code in a different hardware-defined context using virtual address-based cache prefetch predictions.

Affected Products: Under the new guidance in section B2.2.3.11 which will be updated in the next public release of the ArmARM, the Arm PSIRT is not aware of any products affected under the revised specification.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Prefetcher%20Side%20Channels

Get closer CVE-2023-20592: Related to certain models of AMD CPUs (27th Nov 2023)

Preface: Since we have virtual machines, memory management is more difficult to manage. Maybe you disagree. Yes, in theory, the effective memory type is determined by the PAT entry value and the MTRR value.

Background: The hypervisor (HV) virtualizes real physical memory so an unmodified OS (such as Linux or Android) that is running in a virtual machine can manage its own contiguous physical memory. The ACRN Hypervisor is a Type 1 hypervisor, running directly on bare-metal hardware. Examples of popular bare-metal hypervisors are Microsoft Hyper-V, Citrix XenServer and VMware ESXi. In ACRN, the hypervisor only virtualizes MTRRs fixed range (0~1MB). The HV sets MTRRs of the fixed range as Write-Back for a User VM, and the Service VM reads native MTRRs of the fixed range set by BIOS.

The INVD instruction is a privileged instruction. When the processor is running in protected mode, the CPL of a program or procedure must be 0 to execute this instruction.

Vulnerability details: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

Mitigation:

No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.

As a mitigation for the potential vulnerability, AMD has provided a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”) for customers with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled.  No performance impact is expected from the patch.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-20592

Pulling back the curtain on Python satellite technology (24th Nov 2023)

Preface: Satellite communications use the very high-frequency range of 1–50 gigahertz (GHz; 1 gigahertz = 1,000,000,000 hertz) to transmit and receive signals. The frequency ranges or bands are identified by letters: (in order from low to high frequency) L-, S-, C-, X-, Ku-, Ka-, and V-bands. The band 435- 438 MHz is heavily used for amateur satellites in accordance with No. 5.282. No. 5.278 (WRC-19) provides primary status for the amateur service at 430-440 MHz in 11 countries in Region 2.

Background: About twenty-five years ago, satellites were advanced technology. Satellite technology services, especially GPS, have become commonplace today. Perhaps it is an invisible force that makes development stronger and stronger. Who is this knight? It is the Python programming language technology. But you may ask, why do people always say that Python program development has a large share in the industrial world including aerospace technology. Long story short, Python has ready-made software modules, and software developers can use similar concepts to start their new development. This is the advantage of open source software.

Pulling back the curtain on Python satellite technology: gr-satellites is an OOT module encompassing a collection of telemetry decoders that supports nearly 40 different Amateur satellites. This open-source project started in 2015 with the goal of providing telemetry decoders for all the satellites that transmit on the Amateur radio bands.

gr-satellites is a GNU Radio out-of-tree module encompassing a collection of telemetry decoders that supports many different Amateur satellites.It supports most popular protocols, such as AX.25, the GOMspace NanoCom U482C and AX100 modems, an important part of the CCSDS stack, the AO-40 protocol used in the FUNcube satellites, and several ad-hoc protocols used in other satellites.

The KISS frame allow transmission of AX.25 packet radio frames containing IP packets over an asynchronous serial link.

KISS stands for “Keep It Simple, Stupid” and is not only a design principle, but also one of the most used Host-to-TNC communication protocols in HAM Radios. It is a very simple protocol that standardizes the transmission of data, normally AX.25 packets, over a asynchronous serial link, like RS232 or UART. It allows the transmission any arbitrary data, with no length limitation.

Reference: Using GPS in amateur radio is about GPS and other GNSS (Global Navigation Satellite System) satellites and how we can use the data broadcast by them for amateur radio. You will find that GPS benefits in digital modes like FT8, WSPR, and WSJT which rely on accurate transmit and receive period timing and this is easy to achieve with internet access to international time servers.

Please refer to the link for details:

https://orbitntnu.com

https://github.com/daniestevez/gr-satellites

CVE-2023-48105: Weakness in buffer boundary checks in wasm loader (23rd Nov 2023)

Preface: Decentralized AI is an approach to AI where the data and models are distributed across multiple devices, rather than being centralized in a single location. Such design benefits to AI infrastructure avoiding denial of service attack and let unknown technical matter occurs during this period.

Background: Internet Computing aims to extend the capabilities of the public Internet through a serverless cloud model. Serverless is a cloud computing application development and execution model that enables developers to build and run application code without provisioning or managing servers or backend infrastructure.

WebAssembly (wasm), is a virtual machine for executing general purpose code. When designing the architecture of the Internet Computer, the DFINITY Foundation recognized the potential of WebAssembly as a virtual machine for blockchain. Apart from Blockchain, Dfinity Foundation and Singularitynet Partner to Transform Decentralized AI with Blockchain Integration.

A canister is a WebAssembly (wasm) module that can run on the Internet Computer. Only four programming language currently have Canister Development Kits (CDK) — a suite of libraries and scripts for building WebAssembly binaries that are compatible with the Internet Computer. They are Motoko, Python, TypeScript, and Rust.

Note: As shown above, it shows the future sustainability of Python. There is no doubt that Python can be expanded into the world of artificial intelligence.

Vulnerability details: An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader[.]c.

Additional: Internet Computing aims to extend the capabilities of the public Internet through a serverless cloud model. While the snapshot and rewinding technique with nested attestation can enable a fast and verifiable reset of an enclave, ensuring the security of such techniques is not trivial, particularly in a serverless environment where an adversary may try to breach the security by executing a malicious workload. To address this issue, it is proposed multi-layer intra-enclave compartmentalisation (MLIEC) using compiler techniques. With MLIEC, we can protect the snapshot and rewinding technique in a higher security layer than the regular enclave code (e.g., the Wasm runtime), ensuring that even if the regular enclave environment is compromised, the enclave reset can still be carried out correctly and restore the environment. However the design weakness occurs on buffer boundary checks in wasm loader. So, the remedy is adding more buffer boundary checks in wasm loader. Example: CHECK_BUF(p, p_end, 1);

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-48105

Do not contempt CVE-2023-6238: kernel: nvme: memory corruption via unprivileged user passthrough  (22nd Nov 2023)

Preface: High-performance computing is a method of processing large amounts of data and performing complex calculations at high speed. HPC is well suited for AI, which uses large data sets and complex models. HPC and AI combined have use cases in the following areas: Predictive Analytics. Physics and Modeling.

IO-Heavy HPC Computing: Requires systems that can read/write and store large amounts of data on disks. This type of computing includes systems that provide fast NVMe implementations for local IO or as part of a parallel file system.

Background: What is metadata for NVMe? Similar to SCSI / SAS devices, the NVMe standard supports the addition of 8 bytes (called metadata or protection information (PI)) to each data sector to ensure data integrity during data transfer.

NVMe protocol defines commands that utilize Physical Region Pages (PRP)/Scatter Gather Lists (SGL) to denote a data buffer location in host memory. The data buffer may be represented using single or multiple PRP/SGL entries similar to a linked list. Associated information for a command including PRP/SGL may be formed before the command is issued to the SSD for execution. The SSD, while executing the command, may fetch the associated PRP/SGL and perform data movement related to the command.

However, NVMe has no separate field to encode the metadata length expected (except when using SGLs). Because of that we can’t allow to transfer arbitrary metadata, as a metadata buffer that is shorted than what the device expects for the command will lead to arbitrary kernel (if bounce buffering) or userspace (if not) memory corruption.

Vulnerability details: A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-6238

About CVE-2023-48223: Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. (20th Nov 2023)

Preface: How is JavaScript different from Java? · Java is an OOP programming language, and Javascript is an OOP description language.

Background: JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWT is suitable for stateless scenarios and APIs, while server-side tokens work best for session-based authentication in web applications.

Vulnerability details: The fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, fast-jwt library does not properly prevent JWT algorithm confusion for all public key types.

The ‘publicKeyPemMatcher’ in ‘fast-jwt/src/crypto[.]js’ does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application.

Attack scenario: This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier.

Solution: Version 3.3.2 contains a patch for this issue.

Workaround: As a workaround, change line 29 of `blob/master/src/crypto[.]js` to include a regular expression.

Official announcement: Official details: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-48223

CVE-2023-20519 whether similar to CVE-2023-33250? (20th Nov 2023)

Preface: The term cloud native refers to the concept of building and running applications to take advantage of the distributed computing offered by the cloud delivery model. Cloud native involves cloud technologies like microservices, container orchestrators, and auto scaling. AMD 4th Gen EPYC CPU EPYC 97X4 processors, with up to 128 cores, deliver up to 3.7x throughput performance for key cloud native workloads.

Background: AMD EPYC™ 9004 Series Processors represent the fourth generation of AMD EPYC server-class processors. The 4th Gen AMD EPYC processors with AMD 3D V-Cache technology further extend the AMD EPYC 9004 Series of processors to deliver the world’s best x86 CPU for technical computing workloads such as computational fluid dynamics (CFD), finite element analysis (FEA), electronic design automation (EDA) and structural analysis.

Vulnerability details: AMD Processors could allow a local authenticated attacker to bypass security restrictions, caused by an use-after-free vulnerability in the management of an SNP guest context page. By sending a specially crafted request, an attacker could exploit this vulnerability to masquerade as the guest’s migration agent resulting in a potential loss of guest integrity.

Platforms Affected:
AMD 3rd Generation EPYC
AMD 4th Generation EPYC

Official announcement: Official details: Please refer to the link for details –https://www.supermicro.com/en/support/security_AMD_Nov_2023?mlg=0

About PostgreSQL : CVE-2023-5869 (17th Nov 2023)

Preface: As a PostgreSQL database’s workload increases, the instance’s memory usage increases. Instances that consume lots of memory can create a performance bottleneck that can sometimes lead to out-of-memory issues. An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold. The C standard defines this situation as undefined behavior. Refer to posgreSQL manual, user-defined functions can be written in C (or a language that can be made compatible with C, such as C++).

Background: PostgreSQL is a powerful, open source object-relational database system. Besides, PostgreSQL is a relational database. It stores data points in rows, with columns as different data attributes. A table stores multiple related rows.

PostgreSQL memory components are broadly divided into two sections:

1.Global memory: this is shared across all processes to execute queries; for example, shared_buffers and max_connections.

2.Local memory: this is dedicated memory assigned to each connection; for example, work_mem, maintenance_work_mem, and temp_buffers.

Vulnerability details: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The CVE-2021-32027 fix covered some attacks of this description, but it missed others.

About CVE-2021-32027: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Fixed In Version: PostgreSQL 16.1, PostgreSQL 15.5, PostgreSQL 14.10, PostgreSQL 13.13, PostgreSQL 12.17 and PostgreSQL 11.22

Official announcement: Official details: Please refer to the link for details –

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/