Monthly Archives: May 2025

Potential Risk of CVE

CVE-2025-21756: Does the vsock design flaw affect Hyper-V? (4th May 2025)

Leave a comment

Preface: Hyper-V is still available as a role in Windows Server 2022 and will be supported as long as that operating system is, currently scheduled for end of extended support on October 14, 2031.

Background: The vsock can also be used in QEMU/KVM as well as HyperV but the code is close source. H2G (host to guest) transports: they run in the host and usually they provide the device emulation; currently we have vhost and vmci transports. G2H (guest to host) transports: they run in the guest and usually they are device drivers; currently we have virtio, vmci, and hyperv transports.

– virtio-vsock provides a way for applications running on a guest VM and the host system to communicate with each other using the standard socket interface ( socket , connect , bind , listen , accept ).

– VMCI sockets communicate between the host and a guest on VMware platform products. You could also use VMCI sockets for interprocess communications on a guest. You cannot use VMCI sockets between the host and a virtual machine running on a different host.

– Starting with the Windows 10 Anniversary Update, anyone can create applications that communicate between a Hyper-V host and its virtual machines over Hyper-V sockets. Hyper-V Sockets is a Windows Sockets that uses a new address family and specialized endpoints for virtualizers. All communications run over Hyper-V sockets without using the network, and all data remains in the same physical memory. Applications that use Hyper-V sockets are similar to Hyper-V Integration Services.

Vulnerability details: Design weakness on vsock.

Remedy: Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().

Prevents socket unbinding during a transport reassignment, which fixes a use-after-free:

Ref: Based on the latest information, CVE-2025-21756 does not appear to impact Microsoft Hyper-V. The recent vulnerabilities affecting Hyper-V are CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, which involve privilege escalation and are already being exploited in the wild.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-21756

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3f43540166128951cc1be7ab1ce6b7f05c670d8b

Science

Power outage in Spain and Portugal on caused by rare atmospheric phenomenon. So called Induced atmospheric vibration. (1st May 2025)

Leave a comment

Preface: MADRID/LISBON, April 28 (Reuters) – Power started returning to parts of the Iberian peninsula late on Monday after a huge outage brought most of Spain and Portugal to a standstill, grounding planes, halting public transport, and forcing hospitals to suspend routine operations.

Background: The recent widespread power outage in Spain, Portugal, and parts of southern France was indeed attributed to a rare atmospheric phenomenon. The initial reports suggested that “induced atmospheric vibration” might have been the cause. This term refers to oscillations in the power lines caused by extreme changes in temperature or air pressure, leading to synchronization failures in the electrical grid.

Technical focus: The term “induced atmospheric vibration” refers to oscillations in power lines caused by extreme atmospheric conditions, such as significant temperature changes or strong winds . These oscillations can affect the stability of the electrical grid.To simplify, imagine the power lines as giant coils. When the atmosphere changes rapidly, it can cause these coils to vibrate or oscillate. This vibration can lead to synchronization issues in the power grid, making it unstable and potentially causing outages.

Synchronization issues in the power grid often refer to the phase angle differences between the voltage waveforms of different parts of the grid. When the phase angles are not in sync, it means that the peaks and troughs of the voltage waveforms are not aligned, which can lead to instability in the grid.

In simpler terms, think of the power grid as a large orchestra. For the music (electricity) to flow smoothly, all the instruments (generators) need to play in harmony (synchronization). If one instrument is out of sync, it disrupts the harmony, causing issues.

The term “cos phi” (cosine of the phase angle) refers to the power factor, which is a measure of how effectively the electrical power is being used. When the phase angles are not aligned, the power factor deviates from its optimal value, leading to inefficiencies and potential disruptions

Headline News: Please refer to the link – https://www.reuters.com/world/europe/large-parts-spain-portugal-hit-by-power-outage-2025-04-28/