Monthly Archives: May 2025

Science

The relationship between humans and water in the Old Testament (30-05-2025)

Leave a comment

Preface: Humans need water to survive. Water is a basic need for life and an important component of the human body.

On the other hand, Massive floods have occurred multiple times in Earth’s history, some of which are significant geological events that have shaped the landscape and influenced the course of life on Earth. Examples include the Missoula Floods and the “refilling of the Mediterranean Sea” refers to the event when the Mediterranean Sea was restored to its current level after a period of near-desiccation, known as the Messinian Salinity Crisis. This event, known as the Zanclean flood, occurred approximately 5.3 million years ago.

人類生存需要水。水是生命的基本需求,也是人體的重要組成部分。另一方面,地球歷史上曾多次發生大規模洪水,其中一些是重大的地質事件,塑造了地形並影響了地球生命的進程。例如米蘇拉洪水,以及「地中海再注水」事件,指的是地中海在經歷了一段近乎乾涸的時期後恢復到當前水位的事件,這被稱為墨西拿鹽度危機。這場事件被稱為贊克林洪水,發生在大約530萬年前。

Will an asteroid or comet hit Earth (小行星或彗星會撞擊地球嗎)?

A crater at the edge of the Yucatán peninsula in Mexico was created by a massive asteroid that hit Earth 66 million years ago. The Chicxulub impactor, as it is called, was somewhere between 10 and 15 kilometres in diameter. As a result, the asteroid that killed the dinosaurs.

6600萬年前,一顆巨大的小行星撞擊地球,在墨西哥尤卡坦半島邊緣形成了一個隕石坑。這顆名為(Chicxulub impactor)希克蘇魯伯的小行星直徑約10至15公里。最終,這顆小行星導致了恐龍滅絕。

Was it God or an advanced civilization that drove Chicxulub to crash into the Yucatan Peninsula and cause the extinction of the dinosaurs? Or a natural phenomenon?

是上帝,還是某個先進文明,驅使希克蘇魯伯隕石撞擊尤卡坦半島,導致恐龍滅絕?又或者,這只是一種自然現象?

Involving an asteroid or comet hitting the Earth was happened in past.

過去曾發生過小行星或彗星撞擊地球的事件。

Meteor Hits Russia Feb 15, 2013

No know the reason why the Meteor exploded on sky. The witness stated that after the flash came the bang.

Regarding to the headline news in 2013, The meteorite exploded with a force around 30 times that of the atom bomb dropped on Hiroshima, or 500 kilotonnes of TNT. The shockwave knocked people off their feet and shattered windows in thousands of apartments. The Earth rang to the blast, with vibrations picked up by seismic sensors 4,000km away.

YouTube Videos Unlock Russian Meteor’s Secrets – 2013 | The New York Timeshttps://www.youtube.com/watch?v=yQHDzTH6Wtc

My wish: There have been many news reports recently predicting an earthquake in Japan this year (2025). I wonder if advanced civilization or God will help mankind survive this disaster.

AI and ML, Potential Risk of CVE

Deserialization of Untrusted Data vulnerability in Apache InLong (29-05-2025)

Leave a comment

Preface: Apache InLong can be a valuable component in machine learning (ML) and artificial intelligence (AI) workflows, particularly in the data engineering and streaming data pipeline stages.

Background: Apache InLong is a one-stop massive data integration framework that provides automatic, secure, reliable and high-performance data transmission capabilities. It also supports batch and streaming, making it easier for businesses to build streaming-based data analysis.

InLong Sort requires Apache Flink and uses Flink SQL to define and run data processing jobs.

Data Ingestion and Integration – Apache InLong is designed as a one-stop, full-scenario integration framework for massive data. It supports:

•       Batch and stream data ingestion

•       Data synchronization and subscription

•       Real-time ETL (Extract, Transform, Load)

Real-Time Data Processing

Integration with ML Pipelines

Vulnerability details: Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. 

Remedy: Users are advised to upgrade to Apache InLong’s 2.2.0.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-27528

AI and ML, Potential Risk of CVE

CVE-2025-23247: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary (28-5-2025)

Leave a comment

Preface: ROCm open source software platform is AMD’s core strategy. This platform supports deep learning frameworks such as PyTorch 2.0 and TensorFlow.

Nvidia’s CUDA cores are indispensable for training and deploying neural networks and deep learning models, taking advantage of their parallel processing capabilities. To put that into perspective, a dozen Nvidia H100 GPUs can provide the same deep learning equivalent as 2,000 midrange CPUs.

Background: NVIDIA CUDA provides a simple C/C++ based interface. The CUDA compiler leverages parallelism built into the CUDA programming model as it compiles your program into code.
CUDA is a parallel computing platform and programming interface model created by Nvidia for the development of software which is used by parallel processors. It serves as an alternative to running simulations on traditional CPUs.

The CUDA Toolkit targets a class of applications whose control part runs as a process on a general purpose computing device, and which use one or more NVIDIA GPUs as coprocessors for accelerating single program, multiple data (SPMD) parallel jobs. Such jobs are self-contained, in the sense that they can be executed and completed by a batch of GPU threads entirely without intervention by the host process, thereby gaining optimal benefit from the parallel graphics hardware.

When a program like cuobjdump parses an ELF file, it expects certain structures and lengths to be valid. If it doesn’t validate the length of a buffer before copying or accessing it:

•        An attacker can overflow the buffer or inject data into memory.

•        This can overwrite return addresses or function pointers, leading to code execution.

Vulnerability details: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.

Official announcement: Please refer to the supplier announcement –https://nvidia.custhelp.com/app/answers/detail/a_id/5643

IoT, Potential Risk of CVE, Science

CVE-2025-35003: Apache NuttX RTOS Bluetooth Stack (HCI and UART components) 27-5-2025

Leave a comment

Preface: During the Dahe period of Emperor Wenzong of the Tang Dynasty (827-835 AD), there was a scholar named Zheng Renben(鄭仁本), his cousin and his friend Wang Xiucai(王秀才) wandering in Zhongyue Songshan Mountain(中嶽嵩山) and got lost in a deep valley. It was getting dark at this time, and the two were very scared. As they were walking around, they saw someone dressed in white snoring in the grass. They went up to him and asked, “I accidentally entered this path and got lost. Do you know the way to the official road?” The man raised his head, looked, and did not respond and continued to sleep. The two asked the man in white where he came from and called him again and again, so he sat up and said, “Come here.” The man in white introduced: “Do you know that the moon is made of seven treasures? The bright spots on the moon are the result of the sun shining on its convex parts. There are 82,000 people repairing the moon, and I am one of them, one of them…”

Background: The Bluetooth stack in Apache NuttX RTOS is used to enable Bluetooth communication in embedded systems, particularly for devices that require low-power wireless connectivity. This stack typically supports:

  • HCI (Host Controller Interface) over UART or USB
  • Bluetooth Classic and BLE (Bluetooth Low Energy) profiles
  • Device discovery, pairing, and data exchange

It is designed to be modular and lightweight, making it suitable for resource-constrained microcontrollers.

Vulnerability details: Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.

Remedy: NuttX’s Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0.

Official announcement: Please see the link for details – https://www.tenable.com/cve/CVE-2025-35003

AI and ML, Potential Risk of CVE

CVE-2025-37992: About NULL pointer dereference in net_sched (27-05-2025)

Leave a comment

Preface: Linux powers large parts of the Internet, cloud infrastructure, and supercomputers. But it is difficult to determine the exact number of Linux systems in the world. This appears to be a technology trend that includes AI system infrastructure.

Background: In Linux, a “qdisc” stands for queueing discipline. It’s a core component of the Linux traffic control system, responsible for managing and scheduling network traffic on a per-interface basis. Essentially, a qdisc determines how the kernel handles packets before sending them to the network adapter.

Vulnerability details: Previously, when reducing a qdisc’s limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q[.]qlen.

Remedy: This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-37992

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fe88c7e4fc2c1cd75a278a15ffbf1689efad4e76

AI and ML, Under our observation

When artificial intelligence encounters a geomagnetic storm (26-05-2025)

Leave a comment

Preface: About fifteen years ago, extreme climate sounded the alarm for humanity. But we haven’t woken up yet. As we enter 2025, extreme weather is raging. Are we awake now?

Background: A coronal mass ejection (CME) can induce a geomagnetic storm when it interacts with Earth’s magnetosphere. CMEs are large clouds of plasma and magnetic fields ejected from the Sun, and when they hit Earth, they can disrupt the Earth’s magnetosphere, leading to temporary disturbances and geomagnetic storms.

Geomagnetic storms create geomagnetically induced currents (GICs). Geomagnetic storms, which are disturbances of Earth’s magnetic field caused by space weather events like coronal mass ejections (CMEs), induce rapid changes in the magnetic field. These changes, in turn, create electric fields that drive GICs to flow through conductive paths on Earth’s surface, such as power grids, pipelines, and other infrastructure.

How much electricity does a supercomputer used for artificial intelligence consume?

A single modern AI GPU can consume up to 700 watts of power. A typical supercomputer, especially those used for AI training, can consume significantly more power, with some examples exceeding 4 megawatts (4,000,000 watts). This high power consumption is largely due to the large number of powerful GPUs and other specialized hardware needed for these complex computations.

How does artificial intelligence think about this problem?

Building a supercomputer facility underground with its own dedicated power supply does significantly reduce—but not entirely eliminate—the risks from geomagnetic storms. Here’s a breakdown:

1.Underground Location:

-Provides natural shielding from fluctuating magnetic fields.

-Reduces exposure to induced currents in long conductors.

2.Dedicated Power Supply:

-If it’s isolated from the main power grid (e.g., using local generators, batteries, or renewables), it avoids GICs that typically enter through long transmission lines.

Shorter internal cabling means less potential for induced voltages.

3.Shielded Infrastructure:

-If the facility uses shielded transformers, GIC-blocking devices, and grounding systems, it can further mitigate risks.

End.

Potential Risk of CVE

Point of view – IOLeak – CPU Side Channel Attacks  23-05-2025

Leave a comment

Preface: Hertzbleedis about inferring secrets from timing differencescaused by how CPUs adjust their frequency under load.

Background: The Hertzbleed vulnerability does not specifically target the L2 cache of AMD CPUs. Instead, it exploits a broader mechanism related to dynamic frequency scaling — a feature used by modern CPUs (including AMD Zen 2 and Zen 3) to adjust clock speeds based on workload and thermal conditions.

How is IOLeak Different?

FeatureHertzbleedIOLeak
Primary TriggerData-dependent CPU workloadI/O latency and interaction with CPU
Leakage SourceFrequency scaling due to computationFrequency scaling influenced by I/O timing
FocusCryptographic operations (e.g., SIKE)Broader I/O-related operations
NoveltyFirst to show DVFS can leak data remotelyFirst to show I/O latency can amplify DVFS-based leakage

Ref: AMD’s DVFS (Dynamic Voltage and Frequency Scaling) is a power management technique that dynamically adjusts the CPU’s voltage and frequency based on the current workload. This allows for a balance between performance and energy consumption by reducing both when the workload is light and boosting them when more processing power is needed. DVFS is used in AMD processors to optimize power usage and improve battery life in mobile devices, as well as to reduce energy costs in servers.

Vulnerability details: The researchers provided AMD with a summary of their comments and findings, detailed in a paper titled “IOLeak Side-Channel Attacks Exploiting CPU Frequency Scaling and I/O Latency.”

AMD reviewed the summary and believes this attack is similar to previously disclosed side-channel attacks such as “Hertzbleed” and that existing mitigation recommendations for such attacks remain applicable to mitigate the techniques described in the researchers’ summary.

Official announcement: Please see the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7042.html

IoT, Potential Risk of CVE

CVE-2025-27558: FragAttacks against mesh networks (21-05-2025)

Leave a comment

Preface: A Mesh Basic Service Set (MBSS) is a self-contained wireless network created by a group of interconnected mesh stations (STAs). Each mesh station can act as both an access point and a mesh node, enabling communication and data sharing within the mesh network. The MBSS uses a “mesh profile” to define the network’s characteristics, including a Mesh ID and other parameters. Unlike traditional Wi-Fi setups that rely on a single router, mesh networks create a more resilient, decentralized system.

Background: FragAttacks, short for Fragmentation and Aggregation attacks, are a category of Wi-Fi vulnerabilities that exploit design flaws in how Wi-Fi devices handle data packets. These flaws affect a wide range of Wi-Fi devices, potentially allowing attackers to steal information or disrupt network services.

Vulnerability details: IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

Ref: CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Official announcement: For details, please refer to the link –

https://nvd.nist.gov/vuln/detail/CVE-2025-27558

Potential Risk of CVE

CVE-2025-37991 – PA-RISC: Fix double SIGFPE crash (21-05-2025)

Leave a comment

Preface: In the Linux Kernel, SIGFPE (Signal Floating-Point Exception) indicates a computational error, specifically related to floating-point arithmetic or integer arithmetic errors. This signal is triggered by events like floating-point overflow, underflow, or division by zero. While named “Floating-Point Exception,” it actually covers a broader range of arithmetic errors.

Background: What triggers SIGFPE?

  • Floating-point errors: These include overflow (exceeding the maximum representable value), underflow (falling below the minimum non-zero value), and division by zero.
  • Integer errors: Specifically, integer division by zero can also trigger SIGFPE. 

How it works in the Linux Kernel:

  • When a process encounters an arithmetic error that triggers SIGFPE, the kernel sends this signal to the process.
  • By default, if a signal handler is not registered for SIGFPE, the process will be terminated.
  • If a signal handler is registered, the handler can be used to attempt to recover from the error, such as by retrying the operation or taking alternative actions.
  • The si_code field in a signal handler can provide more information about the specific type of arithmetic error that caused SIGFPE. For example, FPE_INTDIV indicates integer division by zero, according to a post on Stack Overflow

Vulnerability details: Camm Maguire noticed that on PA-RISC a SIGFPE exception will crash an application with a second SIGFPE in the signal handler.  Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, it hit a floating-point store in fpe_func almost immediately.

When the T bit is set , an assist exception trap occurs when when the co-processor encounters *any* floating-point instruction except for a double store of register %fr0.  The latter cancels all pending traps. 

Remedy: Linux fix this by clearing the Trap (T) bit in the FP status register before returning to the signal handler in userspace.

Official announcement: For details, please refer to the link –https://nvd.nist.gov/vuln/detail/CVE-2025-37991

Potential Risk of CVE

CVE-2025-47935 and CVE-2025-47944: About Multer design weakness (19-05-2025)

Leave a comment

Preface: In a typical web application, there are three layers of middleware: Web server middleware. Application server middleware and Database middleware. A common request for file upload applications.

For example: uploading user avatars, attaching documents or handling multimedia content.

Multer is a node.js middleware for handling multipart/form-data, which is primarily used for uploading files.

Background: Express is the most popular Node.js web framework, and is the underlying library for a number of other popular Node.js frameworks.

Multer is a popular middleware for handling file uploads in Node. js applications, especially those built with Express . It makes receiving, validating, and storing files from HTTP requests simple and straightforward.

Vulnerability details: Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.

Official announcement: For details, please refer to the link –

https://nvd.nist.gov/vuln/detail/CVE-2025-47935

https://nvd.nist.goc/vuln/detail/CVE-2025-47944