Preface: In computing, an oops is a serious but non-fatal error in the Linux kernel. An oops may precede a kernel panic, but it may also allow continued operation with compromised reliability.

Background: The Internet Communication Manager ensures that communication between the SAP System (SAP NetWeaver Application Server) and the outside world via HTTP, HTTPS and SMTP protocols works properly. In its role as a server, the ICM can process requests from the Internet that arrive as URLs with the server/port combination that the ICM can listen to. The ICM then calls the relevant local handler for the URL in question.

Vulnerability details:

SAP NetWeaver Application Server for ABAP is affected by NULL pointer dereference vulnerability:
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. (CVE-2024-47586)

Official announcement: SAP Security Patch Day – December 2024.

Please refer to the link for details – https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html

Preface: The Go language is also developed on fsnotify, but the file extension is fsnotify[.]go. fsnotify is a Go library to provide cross-platform filesystem notifications on Windows, Linux, macOS, BSD, and illumos. Go 1.17 or newer is .

Background: In Linux, fsnotify is actually implemented based on the inotify system call. inotify is a subsystem of Linux VFS, which can monitor changes in the file system. When the file system changes, the kernel will notify the user space of these changes, and the user space can do something based on these changes.

Vulnerability details: Fix ordering of iput() and watched_objects decrement. Ensure the superblock is kept alive until we’re done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watched_objects count elevated, so iput() must happen before the watched_objects decrement. This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super(). Also, ensure that fsnotify_put_sb_watched_objects() doesn’t call fsnotify_sb_watched_objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s_fsnotify_info.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-53143

Preface: Yes, it is possible to develop an Android app using C++. While Java and Kotlin are the recommended languages for Android development. Many memory manipulation functions in C and C++ do not perform bounds checking and can easily overwrite the allocated bounds of the buffers they operate upon.

Background: Skia Graphics Library (SGL) is an open source graphics library written in C++. It was originally developed by Skia Company and was open sourced under the New BSD License after being acquired by Google. The first product developed by Skia is the Skia Graphics Library, which can render high-quality 2D graphics on low-end devices such as mobile phones. As of 2017, it is used in Android, Google Chrome, Chrome OS, Chromium OS, Mozilla Firefox, Firefox OS, and Sublime Text.

Vulnerability details: This vulnerability lead to remote code execution with no additional execution privileges needed. It is related to size overflow when allocating SkMask data.

Official announcement: Please see the link below for details –

https://source.android.com/docs/security/bulletin/2024-12-01

Preface: Primitive types such as `int`, `double`, `char`, and `boolean` are stored directly in stack memory. Each time you declare a primitive variable, the JVM allocates a specific size of memory for it.

Background: Returns the available average/minimum GPU headroom in percentage for last ‘duration’ seconds. The get_gpu_headroom() API is used by applications to get feedback on the historical application rendering workload to know if the workload is GPU bound on the SoC. The purpose of this API is to help provide GPU performance information for the application content and help drive the workload, and other APIs to ensure smooth and sustained UX performance (minimize frame drops, reduce UI sluggishness). The application can monitor thermal. If the mobile device is approaching thermal limits; it can further check if the workload is GPU bound to decide if reducing the GPU load helps to reduce thermal status (<= LIGHT) and hence improve sustained performance.

Vulnerability details: Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Remark: A stack–based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-43048

Preface: What is a buffer over-read? The opposite of a buffer overflow is a buffer overread. In this case, the program requests data from outside the buffer. Because data read from outside the buffer is irrelevant to the program, it may cause the program to crash or behave unexpectedly.

Background: Qualcomm SoC chips are divided into 4 layers, including EL3, EL2, EL1 and EL0. Both EL3 and EL2 are handled by Qualcomm. However, EL 1 is divided into two regions. The Linux core is open source. The remaining non-secure and secure areas will be the responsibility of Qualcomm. The upper level (ELO) is the developer application area (Except the secure area).

Vulnerability details: Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Remark: The MProc component located inside the kernel is responsible for managing inter-processor communication.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-33056

Preface: The Qualcomm Hypervisor provides a modern virtualization framework that allows multiple operating systems to run independently and concurrently, delivering high performance. The Qualcomm Type 1 Hypervisor facilitates the hosting of multiple trusted execution environments for secure use cases.

Background: On some Qualcomm platforms, the hypervisor emulates more than 128 SMR (Stream Matching Register) groups. This doesn’t conform to the ARM SMMU architecture specification which defines the range of 0-127. Moreover, the emulated groups don’t exhibit the same behavior as the architecture supported ones.

For instance, emulated groups will not detect the quirky behavior of some firmware versions intercepting writes to S2CR register, thus skipping the quirk implemented in the driver and causing boot crash.

Vulnerability details: Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Official announcement: Please see the link below for details –

https://www.tenable.com/cve/CVE-2024-33044

Preface: Preface: Imagination Technologies Group Limited is a British semiconductor and software design company owned by Canyon Bridge Capital Partners, a private equity fund based in Beijing that is ultimately owned by the Chinese government. With its global headquarters in Kings Langley, England, its primary business is in the design of PowerVR mobile graphics processors (GPUs), neural network accelerators for AI processing, and networking routers. The company was listed on the London Stock Exchange until it was acquired by Canyon Bridge in November 2017.

Background: Why system calls are needed to set up shared memory between two processes?

To share memory between two processes, the MMU must be modified. That’s privileged – you can’t let a process just help itself to whatever memory it wants! Being privileged means the kernel is involved, hence system calls.

Remark: A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit that examines all memory references on the memory bus, translating these requests, known as virtual memory addresses, into physical addresses in main memory.

Vulnerability details: Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-43703