CVE-2025-38085: About hugetlb[.]c of Linux kernel. (29-06-2025)

June 29, 2025 admin Leave a comment

Preface: Does Big Data use the TLB in the Linux kernel?

Yes, big data applications in Linux utilize the Translation Lookaside Buffer (TLB) as a crucial component of memory management. The TLB speeds up address translation by caching recently used virtual-to-physical address mappings. Applications like databases, which often handle large datasets and have specific memory access patterns, can benefit from the TLB’s ability to reduce the overhead of accessing physical memory.

Background: The Linux kernel’s mm/hugetlb directory contains the code for Huge TLB (Translation Lookaside Buffer) support. This feature allows the kernel to use larger page sizes (like 2MB or 1GB instead of the usual 4KB) for memory management, potentially improving performance by reducing TLB misses.

Ref: syscalls are part of the operating system kernel and provide an interface for user space programs to request services from the kernel. User space refers to the memory area where applications run, while kernel space is where the operating system’s core and privileged operations reside.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don’t see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.

Official announcement: Please see the link for details https://nvd.nist.gov/vuln/detail/CVE-2025-38085

My comment: If your system is running a stable, older Linux kernel that predates the tlb_remove_table_sync_one() addition. The kernel will not call tlb_remove_table_sync_one() because it doesn’t exist in that version. The new kernel will enforce stricter synchronization, which could affect performance or expose latent bugs. You can make your decision to patch or remain unchanged.

AI and ML, Potential Risk of CVE

CVE-2025-23260: About NVIDIA AIStore on Kubernetes (26-06-2025)

June 26, 2025 admin Leave a comment

Preface: AI and machine learning workloads rely on optimized object storage to handle the massive, unstructured datasets needed for training and operation. NVIDIA AIStore (AIS) aims to overcome the limitations of traditional filesystems in handling large AI datasets by providing a distributed storage system that can handle the demands of modern AI models.

Background: An AIStore (AIS) target node primarily stores and manages user data, object replicas, and erasure-coded slices. It also handles bucket metadata and other persistent data structures. Essentially, it acts as a storage server within an AIS cluster.

To set up a service account for NVIDIA AIStore running inside Kubernetes, especially for storage services, you’ll typically follow these steps:

(1) The AIS Operator manages the lifecycle of AIStore clusters, including storage provisioning and access control.

(2) Create a Kubernetes Service Account.

(3) Bind Roles to the Service Account

(4) Configure AIStore to Use the Service Account

(5) Ensure Persistent Volumes Are Set Up

Vulnerability details: NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Official announcement: Please see the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5660

AI and ML, Potential Risk of CVE

CVE-2025-23264 and CVE-2025-23265: About NVIDIA Megatron-LM (25-06-2025)

June 25, 2025 admin Leave a comment

Preface: What Does “Linear” Mean in Machine Learning? In the context of machine learning and neural networks:

A linear function is one where the relationship between inputs and outputs can be represented as a straight line (in 2D), or more generally, a hyperplane in higher dimensions.

Background: NVIDIA Megatron-LM is an open-source framework designed for training large transformer models, particularly those with billions of parameters, across distributed GPU architectures. It leverages techniques like tensor and pipeline parallelism to enable efficient training of these massive models.

* Pipeline parallelism is when different stages of a process are executed in separate devices simultaneously. For instance, in the context of Machine Learning, various layers of a model can be distributed across different devices to create a pipeline.

Vulnerability details:

CVE-2025-23264: NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

CVE-2025-23265: NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

Official announcement: Please see the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5663

AI and ML, Potential Risk of CVE, System

AMD Fixed CVE-2024-21969 (23rd June 2025)

June 24, 2025 admin Leave a comment

CVE-2024-21969: Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs.

Preface: How to Enable Secure GPU Mode (Register Clearing)

This mode is supported on the following AMD GPUs:
Radeon RX 5000, 6000, 7000, 9000 series
Radeon PRO W5000, W6000, W7000 series
Radeon AI PRO 9000 series
Radeon VII, RX Vega
Instinct MI210, MI250, MI300X, etc.

Background: The proliferation of graphics processing units (GPUs) has brought unprecedented computing power.

Multiple register-based vulnerabilities found across different GPU implementations.

So-called whisper pixels. The vulnerability poses unique challenges to an adversary due to opaque scheduling and register remapping algorithms present in the GPU firmware, complicating the reconstruction of leaked data.

GPU Programming: An application has to use vendor- provided libraries in order to translate a shader from its high-level source code to an architecture-dependent binary code. Vendors provide these libraries for a variety of high-level languages.

Vulnerability details: Improper clearing of GPU registers could allow a malicious shader to read left-over pixel data leading to loss of confidentiality.

Mitigation (13^th Aug 2024): AMD plans to create a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products.

Last Updated Date (23-06-2025): AMD has created a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products. This mode is not enabled by default and needs to be set by an administrator. AMD expects performance impacts if the new mode is enabled in environments where multiple processes would have been running simultaneously on the GPU. The performance impact will be related to the number of processes that would have been running in parallel. Additionally, a lesser performance impact may arise due to the additional clearing of registers between processes.

Instructions for enabling the new mode can be found in the relevant release notes and/or product documentation.

AMD started rolling out mitigation options beginning in May 2024 through applicable driver updates.

Official announcement: Please refer to the website for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6013.html

Potential Risk of CVE

About Veeam Backup (CVE-2025-23120 and CVE-2025-23121) – 23-06-2025

June 23, 2025 admin Leave a comment

CVE-2025-23121

NVD Published Date: 06/18/2025

NVD Last Modified: 06/18/2025

Preface: Veeam introduced a custom serialization formatter to protect against unsafe deserialization vulnerabilities (see below):

-They override the default .NET deserialization behavior.

-They validate or restrict which types can be deserialized.

-This is a security hardening measure to prevent attackers from exploiting deserialization to execute arbitrary code.

Background: A BinaryFormatter is a class in .NET used for serializing and deserializing objects into a binary format. Serialization converts an object’s state into a byte stream, allowing it to be stored (e.g., in a file) or transmitted. Deserialization is the reverse process, reconstructing the object from the byte stream. The BinaryFormatter provides a compact binary representation, making it relatively fast for serialization and deserialization.

Veeam introduced a custom formatter that prevents insecure deserialization through a whitelist-like mechanism.

The Veeam.Backup.Model.CDbCryptoKeyInfo class is marked as [Serializable] and is explicitly allowed for deserialization within Veeam’s implementation. According to a detailed vulnerability analysis, this class:

Is part of the whitelist of types that Veeam permits for deserialization.
Has a “magic constructor” (a constructor that can be invoked during deserialization) that can be reached via .NET Remoting or other deserialization mechanisms.
Was involved in a Remote Code Execution (RCE) vulnerability (CVE-2025-23120), where the deserialization of this class could be exploited due to insufficient validation and reliance on a blacklist rather than a strict whitelist.

This vulnerability highlights the risks of allowing deserialization of complex or sensitive types, especially when relying on blacklist-based filtering, which can be bypassed.

Vulnerability details: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Official announcement: For details, please see the reference link – https://nvd.nist.gov/vuln/detail/CVE-2025-23121

Potential Risk of CVE

CVE-2025-52556: Insufficient verification of timestamp response signatures. Users should immediately upgrade to rfc3161-client 1.0.3 or later. (23-06-2025)

June 22, 2025 admin Leave a comment

Preface: rfc3161-client version 1.0.3 is not designed to be installed on the server side. It’s a Python library, specifically a client-side tool, for interacting with RFC 3161 Time-Stamp Protocol (TSP) servers. It’s used to create timestamp requests and process timestamp responses, which is a client-side function of interacting with a time-stamping authority.

Background: The primary design objective of the Python Time-Stamp Protocol (TSP) library is to enable trusted timestamping of digital data. This means providing a secure and verifiable way to associate a specific point in time with electronic documents or signatures. The library allows users to request a timestamp token from a Time-Stamp Authority (TSA), which then attests to the existence of the data at that time.

The Time-Stamp Protocol (TSP), defined in RFC 3161, is a cryptographic protocol used for trusted timestamping of electronic data. It involves a Time-Stamp Authority (TSA) that provides a digitally signed timestamp, proving that a specific piece of data existed before a certain point in time. This is achieved by hashing the data, sending the hash to the TSA, and receiving a timestamp token containing the hash, a unique serial number, a timestamp, and the TSA’s digital signature.

Ref: TSR (Trust Store Repository) embedded certificates up to the trusted root(s) form the foundation of a chain of trust, allowing devices and systems to verify the authenticity and trustworthiness of other certificates. These embedded certificates, often root certificates, act as the ultimate authority, establishing a baseline for trust within the system.

Vulnerability details: rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR’s embedded certificates up to the trusted root(s), but fails to verify the TSR’s own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce any TSR signature so long as the embedded leaf chains up to some root TSA.

Official announcement: For details, please see the reference website – https://nvd.nist.gov/vuln/detail/CVE-2025-52556

Science

When dreams come true (M78 Nebula) – 20-06-2025

June 20, 2025 admin Leave a comment

Preface: When I was a kid watching Japanese science fiction TV series, the M78 Nebula is the location of the Kingdom of Light and the hometown of most Ultraman in the Kingdom of Light world. So believe that M78 Nebula was not real! At that time 70s, the internet technologies of today never been develop! The processor is 8087.

Background: The Orion Nebula, or Messier 42(NGC 1976), is a bright cloud of gas and dust in the Orion constellation, about 1,344 light-years from Earth. Orion Nebula is a diffuse nebula in the Milky Way situated south of Orion’s Belt in the constellation of Orion.

Messier 78 or M78, also known as NGC 2068, is a reflection nebula in the constellation Orion. It was discovered by Pierre Méchain in 1780 and included by Charles Messier in his catalog of comet-like objects that same year.

The distance between Messier 78 and Messier 42 is approximately 250 light-years. Messier 42, also known as the Orion Nebula, is about 1,344 light-years away. Messier 78 is approximately 1,600 light-years away.

SETI observations in M78: Till today, there are no confirmed signals from Messier 78 detected by SETI that are widely accepted as evidence of extra-terrestrial intelligence. While the “Wow! signal” is a famous example of a strong, unexplained signal detected by a SETI project, it was not from Messier 78, and its origin remains a mystery. Subsequent searches in the same direction as the Wow! signal have not yielded any further detections.

Ref: SETI, which stands for Search for Extra-terrestrial Intelligence, is a scientific area focused on searching for evidence of civilizations beyond Earth. It involves using telescopes and other instruments to detect potential signals from other star systems that might indicate intelligent life. The SETI Institute is a non-profit research organization dedicated to this quest.

Supplement: The Wow! signal was a strong, narrow-band radio signal detected by the Big Ear radio telescope during a SETI (Search for Extraterrestrial Intelligence) project on August 15, 1977. It was so named because of the exclamation “Wow!” written on the computer printout by astronomer Jerry Ehman when he discovered the anomaly. The signal appeared to come from the direction of the constellation Sagittarius and exhibited characteristics that suggested an extraterrestrial origin, though its source remains unknown.

Question: If I assume that extraterrestrial life is real, why do they would it avoid contact with humans?

Official article: Please refer to the URL for details – https://science.nasa.gov/mission/hubble/science/explore-the-night-sky/hubble-messier-catalog/messier-78/

Science

Did Nikola Tesla encounter a solar flare in 124 years ago? (19-06-2025)

June 19, 2025 admin Leave a comment

Preface: In 1901, engineer Nikola Tesla made the astonishing claim that he was receiving radio communications from Mars. His description was picked up and reported on broadly in the press.

Reference URL – http://www.antihackingonline.com/science/a-hundred-years-later-communication-was-ready-to-receive-phone-call-again/

Background: Solar flares are a regular part of the solar cycle, which lasts about 11 years on average. In 1901, a major solar event was observed that was not a large storm, but a “huge solar disturbance” with visible Sunspots, bright spots and distinctive coronal disturbances.

A coronal disturbance, often in the form of a coronal mass ejection (CME), is a significant eruption of plasma and magnetic field from the Sun’s outer atmosphere, or corona. These disturbances can propagate through space and, if directed towards Earth, can cause geomagnetic storms and other space weather phenomena.

Ref: Geomagnetic storms, disturbances in Earth’s magnetic field caused by solar activity, can impact our planet in various ways, primarily affecting technology and infrastructure. While not directly harmful to humans due to our planet’s protective magnetic field and atmosphere, they can disrupt communication systems, navigation, and power grids.

Do you think Nikola Tesla encountered a solar flare 124 years ago? Or was the radio communication sent from Mars?

There was a large solar flare in April 1901, specifically on April 21, which was associated with bright faculae. This event was noted by observers and is possibly linked to a short-lived sunspot group. However, the more commonly referenced “huge solar disturbance” from 1901 is related to Nova Persei 1901, a bright nova that appeared in February 1901 and reached its peak brightness in September. The bright patch of faculae in April was likely a separate event.

Do you want to know what the solar flares are like this week?

In June 2025, NASA’s PUNCH mission (Polarimeter to Unify the Corona and Heliosphere) captured detailed images of coronal mass ejections (CMEs) as they erupted from the Sun. Additionally, NASA’s Solar Dynamics Observatory (SDO) observed a strong solar flare on June 17, 2025.

Official announcement: Please see the link for details – https://science.nasa.gov/blogs/solar-cycle-25/2025/06/17/sun-releases-strong-flare-8/

Cell Phone (iPhone, Android, windows mobile), Network (Protocol, Topology & Standard), Potential Risk of CVE

CVE-2025-44952: About Open5GS (19-6-2025)

June 19, 2025 admin Leave a comment

Preface: Open5GS is a popular open-source 5G core network (5GC) implementation, particularly among researchers and those building private 5G networks. It’s recognized as one of the leading open-source 5GC projects. Open5GS is known for its adherence to 3GPP standards and its mature development, making it suitable for various applications like testbeds, research, and even some deployments

Background: The PFCP library refers to a software component, often implemented in programming languages like Go, designed to support the Packet Forwarding Control Protocol (PFCP). PFCP is a signaling protocol used in mobile core networks, particularly in the context of Control and User Plane Separation (CUPS) within 4G and 5G architectures. It enables communication between control plane elements (like the Session Management Function or SMF) and user plane elements (like the User Plane Function or UPF). PFCP is used by network equipment (like 5G base stations and core network elements) to manage data forwarding.

Vulnerability details: A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.

Comment: The developer added the strcpy block as a new logic to handle the DNN field. If the patch doesn’t include bounds checking, it introduces a new vulnerability.

Suggestion: the strcpy should be replaced with a safe alternative.

Official announcement: Please refer to the supplier announcement –

https://nvd.nist.gov/vuln/detail/CVE-2025-44952

AI and ML, Potential Risk of CVE, System

CVE-2025-23252 – NVIDIA has released a software update for NVIDIA® NVDebug tool to address the security issue.(18-06-2025)

June 18, 2025 admin Leave a comment

Preface: The NVdebug tool, used for NVIDIA GPU debugging, relies on the NVIDIA Data Center GPU Manager (DCGM) library. Specifically, it utilizes DCGM version 2.2.x or later. DCGM is a suite of tools for managing and monitoring NVIDIA GPUs in data center and cluster environments.

Background: The NV Debug Tool is part of the NVIDIA Nsight Systems and Nsight Graphics development tools. These tools are designed for debugging and profiling GPU-accelerated applications, including those using CUDA and other graphics APIs. It’s useful for debugging both CPU and GPU code, especially for CUDA applications.

Nsight Systems can collect logs for both Nsight Compute and Nsight Graphics. Nsight Systems is a system-wide performance analysis tool, while Nsight Compute focuses on kernel-level profiling and Nsight Graphics specializes in graphics application debugging and profiling. Nsight Systems can gather data that is relevant to both, and the collected data can be analyzed within the respective tools.

Vulnerability details: The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.

Ref: CVE-2021-34398: NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service. (Public on May 29, 2025)

Point of view: In attached diagram description, if your system uses NVDebug, it’s very likely that it also includes or interacts with a version of the DCGM library, and therefore could be affected by vulnerabilities in DCGM versions prior to 2.2.9.