Monthly Archives: January 2025

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-43704: improper GPU system calls to gain access to the graphics buffers of a parent process. (10th Jan 2025)

Leave a comment

Preface: PowerVR is a division of Imagination Technologies (formerly VideoLogic) that develops hardware and software for 2D and 3D rendering, and for video encoding, decoding, associated image processing and DirectX, OpenGL ES, OpenVG, and OpenCL acceleration. 

Background: Imagination maintains DDKs for Android, Linux and Windows operating systems, ensuring they have access to the latest APIs and popular extensions.

To build the Android kernel and other kernel artifacts (modules, boot images, etc.), they provide a framework called “Kleaf”. • One part of Kleaf is the Driver Development Kit (DDK) which is used to build external modules.

Vulnerability details: Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.

PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused, said imagination Technologies.

Official announcement: Please refer to the link for details –

https://source.android.com/docs/security/bulletin/2025-01-01

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-20154: Stack overflow in Modem (9th Jan 2024)

Leave a comment

Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible,   a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.

Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.

Background: Chipsets affected by this vulnerability: MT2735, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798

An example: The MediaTek MT8791T integrates Bluetooth, FM, WLAN, and GPS modules and is a highly integrated baseband platform that includes a modem and application processing subsystem to support LTE/5G/NR and C2K tablet applications. The chip integrates two Arm®Cortex-A78 cores running at up to 2.6 GHz, six Arm®Cortex-A55 cores running at up to 2.0 GHz, and a powerful multi-standard video codec. In addition, an extensive set of interfaces and connectivity peripherals for connecting cameras, touchscreen displays, and UFS/MMC/SD cards are included.

Vulnerability details: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: Please refer to the link below for details –

https://corp.mediatek.com/product-security-bulletin/January-2025

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-21464 – msm: ipa3: adding a preventive check for holb stats (8th JAN 2025)

Leave a comment

Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible,   a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.

Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.

Background: IPA Capabilities

● Presented by its driver as a network device

● Performs checksum offload, packet aggregation

○ Reduces processing and interrupt load on the main CPU

● Also implements integrated IPA filtering, routing, and NAT

○ These features are not supported by the upstream driver (yet!)

● Capable of operation independent while AP is asleep

○ Tethered operation (WiFi hotspot)

○ Requires much less power than operating AP

○ This mode is not supported upstream either

Vulnerability details: Memory corruption while processing IPA statistics, when there are no active clients registered.

[CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)]

In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an undersized stack buffer. The result is that information on the call stack is overwritten, including the function’s return pointer

Official announcement: Please refer to the link below for details –

https://source.android.com/docs/security/bulletin/2025-01-01

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

An Android security bulletin was published on January 6, 2025, which disclosed multiple vulnerabilities but did not provide details (7th Jan 2025)

Leave a comment

Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible,   a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.

Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.

Background: CUPS provides the “cups” library to talk to the different parts of CUPS and with Internet Printing Protocol (IPP) printers. The “cups” library functions are accessed by including the <cups/cups.h> header. CUPS is based on the Internet Printing Protocol (“IPP”), which allows clients (applications) to communicate with a server (the scheduler, printers, etc.) to get a list of destinations, send print jobs, and so forth. You identify which server you want to communicate with using a pointer to the opaque structure http_t. The CUPS_HTTP_DEFAULT constant can be used when you want to talk to the CUPS scheduler.

Vulnerability details: Five critical Android fixes (CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748) were released in the January 2025 Security Advisory Bulletin. We are aware that the above vulnerability advisory was released on December 3, 2024. But why not provide details?

Perhaps it related to CUPS. When android install this opensource system, Android itself cannot protect itself.So, it bring out the vulnerabilities.

I speculated the vulnerability exchange CVE reference numbers on CUPS to Android is shown as below:

Android CVE-2024-43096 – CVE-2024-47076 (CUPS)

Android CVE-2024-49747 – CVE-2024-47175 (CUPS)

Android CVE-2024-49748 – CVE-2024-47176

Android CVE-2024-43770 – CVE-2024-47176 (CUPS): When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Android CVE-2024-43771 – CVE-2024-47177 (CUPS)

Official announcement: Please refer to the link below for details –

https://source.android.com/docs/security/bulletin/2025-01-01

Potential Risk of CVE

CVE-2025-0222 A vulnerability was found in IObit Protected Folder up to 13.6.0.5. (6th Jan 2025)

Leave a comment

Preface: Dereferencing just means accessing the memory value at a given address. So when you have a pointer to something, to dereference the pointer means to read or write the data that the pointer points to.

Background: IObit Uninstaller is one of the free software uninstallers for Windows thanks to a batch uninstall feature, an installation monitor, support for most Windows versions, and a quick install itself. Every piece of an application is searched for and removed completely, leaving no useless, junk files behind.

IObit Protected Folder is designed to password-protect your folders and files from being seen, read or modified in Windows OS platform. It works like a safety box, just drag and drop the folders or files you want to hide or protect into Protected Folder, then no one can see, read or modify them.

IObit have 20 free trials of Protected Folder. When the trials end, end user require click on the Register button in the left corner and then click Purchase Online to buy a license code.

If you forget your Iobit protected folder password, so you have to use a  tool (uninstall). It allow local user uninstall Iobit Protected software without password.

Vulnerability details: A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Official details: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-0222

AI and ML

Machine learning: From basics to GPU-related INT8( 3rd Jan 2025)

Leave a comment

Preface: If a living thing wants to survive, his life involve competition. For example, hunting and defense. During this process, he started learning. that’s the nature of it.

Remember this is the basic principle. When non-human beings on Earth can enter into the learning process. He will be humanity’s rival. In fact, who will rule the earth depends entirely on the wisdom of the opponent?

Integer Arithmetic for machine learning: INT8 uses 8 bits, which allows for 256 possible values, while INT4 uses 4 bits, which allows for 16 possible values. In comparison, floating-point precision, such as FP32, uses 32 bits to represent a wide range of values.

The advantage of int over float is computational speed. Integers are represented in memory as a fixed value. Floats, on the other hand are stored as a mathematical construct, mantissa and exponent so there is computation involved just in assessing the value.

Integers are the simplest numerical data types (Numeric data types). Because of this, their storage space is much less, and their processing is much faster than floating point types.

An integer (known also as int) is a whole number without a decimal part. It can be positive, negative, or zero. Examples of integers are -3, 0, 5, 100, and so on. The integer data type is used to represent values such as counting, indexing, or storing quantities that can only be whole numbers.

Float (floating-point number) is a number that includes a decimal part. Examples of floating-point numbers are -3.14, 2.71828, 0.5, 1.0, and so on. The float data type is used to represent values that can have a decimal part or require high precision, such as measurements, calculations involving decimal values, or scientific computations.

Summary: Integer represents whole numbers without a decimal part, while float represents floating-point numbers with a decimal part. Integer has exact precision and a larger range, whereas float has limited precision and can represent numbers with a decimal part.

Technical article: Is Integer Arithmetic Enough for Deep Learning Training? Please refer to link –  https://proceedings.neurips.cc/paper_files/paper/2022/file/af835bd1b5b689c3f9d075ae5a15bf3e-Paper-Conference.pdf

AI and ML

People focus on Apple M4 proprietary design. But Apple seems to prefer SME in ARM not his AMX (2nd Jan 2025)

Leave a comment

Preface: Matrices help break down large, complex datasets into digestible chunks. Matrix multiplication allows machine learning models to identify complex patterns. By updating these matrices during training, the AI system continually improves and becomes more accurate.

Background: The New Armv9 architecture feature offers significant performance uplifts for AI and ML-based applications, including generative AI. SME (Scalable Matrix Extension) is an Instruction Set Architecture (ISA) extension introduced in the Armv9-A architecture, which accelerates AI and ML workloads and enables improved performance, power efficiency, and flexibility for AI and ML-based applications running on the Arm CPU.

Technology focus:  AMX was Apple’s proprietary design, it basically takes over CPU work for ML where something hasn’t been programmed for or isn’t able to be accelerated by the neural engine itself, that is bleeding edge experimental ML that hasn’t been “baked in” to the hardware. It makes the CPU less bad at sparse matrices.

Ref: The Sparse matrices are widely used in the various fields particularly in the machine learning and data science: Recommendation Systems: In collaborative filtering for the recommendation systems user-item interaction matrices are often sparse as users typically interact with the only a small subset of items.

SME is ARM’s version which is now industry standard which can be addressed by standard ARMv9 toolchains. The new feature on M4 shown that apple targeted this industry standard.

Official announcement: Apple introduces M4 chip – https://www.apple.com/hk/en/newsroom/2024/05/apple-introduces-m4-chip/