All posts by admin

IoT, Potential Risk of CVE

CVE-2025-52496: Mbed TLSan open-source C library design weakness (6th July 2025)

Leave a comment

Preface: What is the difference between FreeRTOS and Cmsis-RTOS?

Basically FreeRTOS is a RTOS, while CMSIS-RTOS is only a wrapper for any RTOS (like FreeRTOS, CMSIS-RTOS RTX or anything you want). CMSIS-RTOS is an API that enables consistent software layers with middleware and library components. Mbed TLS aims to provide a set of powerful and flexible cryptographic and security building blocks, mainly for embedded systems, focusing on ease of integration and security. The design objective strives to be lean,  prioritizing readability, documentation and testability, while minimizing dependencies and providing a loosely coupled architecture. This allows developers to integrate only the necessary components without the overhead of the entire library.

Background: Do multi-threaded programs use the same AES key?

Yes, multithreaded programs using AES encryption typically use the same AES key for both encryption and decryption, as AES is a symmetric encryption algorithm. Both the sender and receiver need to share the same secret key to encrypt and decrypt data. In a multithreaded context, each thread would utilize this shared key when performing encryption or decryption operations.

Vulnerability details: Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-52496

IoT, Potential Risk of CVE

CVE-2025-6073 – Industrial Controls Be Aware! (4th July 2025)

Leave a comment

Preface: The default configuration of the ABB RMC-100’s REST interface is disabled. ABB recommends leaving the REST interface disabled when not in use, particularly when configuring MQTT functionality. The RMC-100 is not intended for access over public networks.

Background: The ABB RMC-100 is a popular and widely used remote modular controller, particularly within the oil and gas industry. It is known for its scalability and ability to manage automation, liquids and gas measurement, and asset data concentration for various facility sizes, from large production and transmission facilities to smaller systems. The RMC-100 is part of ABB’s Totalflow portfolio, which has seen over 430,000 units sold since the 1980s.

Service available in some Totalflow devices like the RMC-100. When enabled, the device REST server capabilities are enabled. The device then can be accessed by a REST client such as a web browser. The access is for the configuration of the MQTT parameters.

Uses HTTP methods (protocol) to access resources on a REST server. For example, the web browser which accesses the MQTT configuration interface on the RMC-100.

Vulnerability details: Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer for username or password.

Affected Products: This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-6073

Potential Risk of CVE

CVE-2025-46647: A vulnerability of plugin openid-connect in Apache APISIX.(3rd July 2025)

Leave a comment

Preface: API Gateway can be helpful for ChatGPT plugin developers to expose, secure, manage, and monitor their API endpoints. This repo demonstrates how to use Apache APISIX API Gateway as a front door for communication between ChatGPT custom plugins and backend APIs. For more details, please refer to the link – https://github.com/Boburmirzo/apisix-chatgpt-gateway-plugin

Background: The primary design objective of Apache APISIX is to provide a high-performance, cloud-native API gateway that can handle a large volume of API traffic and microservices, with a focus on flexibility, scalability, and dynamic configuration management. It aims to be a unified proxy infrastructure for various scenarios like API management, service mesh, and ingress control.

The OpenID Connect (OIDC) plugin for Apache APISIX enables centralized authentication for APIs by integrating with OpenID Connect providers (like Okta, Auth0, Keycloak). It allows users to authenticate through a designated provider and then access APIs through APISIX. The plugin handles the redirection to the provider’s login page, token exchange, and passing user information to the upstream services.

Vulnerability details: A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met:

1. Use the openid-connect plugin with introspection mode

2. The auth service connected to openid-connect provides services to multiple issuers

3. Multiple issuers share the same private key and relies only on the issuer being different If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer.

Remedy: This issue affects Apache APISIX: until 3.12.0. Users are recommended to upgrade to version 3.12.0 or higher.

Official announcement: For more details, please refer to the link –

https://nvd.nist.gov/vuln/detail/CVE-2025-46647

IoT, Potential Risk of CVE

CVE-2025-0038 exposes a runtime vulnerability due to missing checks in PMU firmware. (2nd July 2025)

Leave a comment

Preface: Users typically build custom PMU firmware tailored to their specific hardware platform and application requirements.

PMU firmware can be loaded by either FSBL or CSU BootROM (CBR). Both these flows are supported by AMD. Loading PMU firmware using FSBL has the following benefits:

– Possible quick boot time, when PMU firmware is loaded after bitstream.

– In use cases where you want two BIN files – stable and upgradable, PMU firmware can be part of the upgradable (by FSBL) image.

Background: The primary design objective of AMD’s Zynq™ UltraScale+™ devices is to provide a highly integrated platform that combines the processing power of a multi-core ARM processor with the flexibility of programmable logic (FPGA fabric). This enables a wide range of applications by offering both real-time control and processing capabilities within a single chip. The devices also prioritize low power consumption, security features, and efficient memory management.

Ref: Arm Trusted Firmware (ATF) and its role in managing the Secure Monitor and Trusted Board Boot Requirements (TBBR). These are essential for establishing a secure boot process and managing transitions between the secure and non-secure worlds in Arm-based systems like the Zynq UltraScale+.

Vulnerability details: In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.

Official announcement: Please see the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html

https://docs.amd.com/r/en-US/000037628/Affected-Products

Uncategorized

CVE-2025-49521: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (1st July 2025)

Leave a comment

Preface: Ansible Automation Platform is a broader enterprise automation platform designed to manage and automate various IT operations, including infrastructure, cloud, networking, and security. While it can be used for automating web server deployments and configurations. Besides, web hosting service providers can and often do use the Ansible Automation Platform for automating various tasks related to web hosting and infrastructure management.

Background: In Ansible, Jinja2 templating is widely used to dynamically render variables, expressions, and logic in playbooks, templates, and even hooks (like webhooks or event triggers in EDA).

You can use Jinja2 in:

•       Playbooks: For dynamic task names, conditions, and variables.

•       Templates: To generate configuration files.

•       Hooks or Webhooks: Especially in EDA, where incoming payloads can be parsed and matched using Jinja2 expressions.

When a POST request is sent to http[:][//]<EDA_HOST>[:]5000/alert with the payload:

•       The EDA controller receives the event.

•       It evaluates the condition using Jinja2.

•       If matched, it runs the playbook respond_to_critical_alert[.]yml.

Vulnerability details: A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-49521

AI and ML, Potential Risk of CVE

CVE-2025-38085: About hugetlb[.]c of Linux kernel. (29-06-2025)

Leave a comment

Preface: Does Big Data use the TLB in the Linux kernel?

Yes, big data applications in Linux utilize the Translation Lookaside Buffer (TLB) as a crucial component of memory management. The TLB speeds up address translation by caching recently used virtual-to-physical address mappings. Applications like databases, which often handle large datasets and have specific memory access patterns, can benefit from the TLB’s ability to reduce the overhead of accessing physical memory.

Background: The Linux kernel’s mm/hugetlb directory contains the code for Huge TLB (Translation Lookaside Buffer) support. This feature allows the kernel to use larger page sizes (like 2MB or 1GB instead of the usual 4KB) for memory management, potentially improving performance by reducing TLB misses.

Ref: syscalls are part of the operating system kernel and provide an interface for user space programs to request services from the kernel. User space refers to the memory area where applications run, while kernel space is where the operating system’s core and privileged operations reside.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don’t see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.

Official announcement: Please see the link for details https://nvd.nist.gov/vuln/detail/CVE-2025-38085

My comment: If your system is running a stable, older Linux kernel that predates the tlb_remove_table_sync_one() addition. The kernel will not call tlb_remove_table_sync_one() because it doesn’t exist in that version. The new kernel will enforce stricter synchronization, which could affect performance or expose latent bugs. You can make your decision to patch or remain unchanged.

AI and ML, Potential Risk of CVE

CVE-2025-23260: About NVIDIA AIStore on Kubernetes (26-06-2025)

Leave a comment

Preface: AI and machine learning workloads rely on optimized object storage to handle the massive, unstructured datasets needed for training and operation. NVIDIA AIStore (AIS) aims to overcome the limitations of traditional filesystems in handling large AI datasets by providing a distributed storage system that can handle the demands of modern AI models.

Background: An AIStore (AIS) target node primarily stores and manages user data, object replicas, and erasure-coded slices. It also handles bucket metadata and other persistent data structures. Essentially, it acts as a storage server within an AIS cluster.

To set up a service account for NVIDIA AIStore running inside Kubernetes, especially for storage services, you’ll typically follow these steps:

(1) The AIS Operator manages the lifecycle of AIStore clusters, including storage provisioning and access control.

(2) Create a Kubernetes Service Account.

(3) Bind Roles to the Service Account

(4) Configure AIStore to Use the Service Account

(5) Ensure Persistent Volumes Are Set Up

Vulnerability details: NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Official announcement: Please see the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5660

AI and ML, Potential Risk of CVE

CVE-2025-23264 and CVE-2025-23265: About NVIDIA Megatron-LM (25-06-2025)

Leave a comment

Preface: What Does “Linear” Mean in Machine Learning? In the context of machine learning and neural networks:

A linear function is one where the relationship between inputs and outputs can be represented as a straight line (in 2D), or more generally, a hyperplane in higher dimensions.

Background: NVIDIA Megatron-LM is an open-source framework designed for training large transformer models, particularly those with billions of parameters, across distributed GPU architectures. It leverages techniques like tensor and pipeline parallelism to enable efficient training of these massive models.

* Pipeline parallelism is when different stages of a process are executed in separate devices simultaneously. For instance, in the context of Machine Learning, various layers of a model can be distributed across different devices to create a pipeline.

Vulnerability details:

CVE-2025-23264: NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

CVE-2025-23265: NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

Official announcement: Please see the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5663

AI and ML, Potential Risk of CVE, System

AMD Fixed CVE-2024-21969 (23rd June 2025)

Leave a comment

CVE-2024-21969: Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs.

Preface: How to Enable Secure GPU Mode (Register Clearing)

  • This mode is supported on the following AMD GPUs:
  • Radeon RX 5000, 6000, 7000, 9000 series
  • Radeon PRO W5000, W6000, W7000 series
  • Radeon AI PRO 9000 series
  • Radeon VII, RX Vega
  • Instinct MI210, MI250, MI300X, etc.

Background: The proliferation of graphics processing units (GPUs) has brought unprecedented computing power.

Multiple register-based vulnerabilities found across different GPU implementations.

So-called whisper pixels. The vulnerability poses unique challenges to an adversary due to opaque scheduling and register remapping algorithms present in the GPU firmware, complicating the reconstruction of leaked data.

GPU Programming: An application has to use vendor- provided libraries in order to translate a shader from its high-level source code to an architecture-dependent binary code. Vendors provide these libraries for a variety of high-level languages.

Vulnerability details: Improper clearing of GPU registers could allow a malicious shader to read left-over pixel data leading to loss of confidentiality.

Mitigation (13th Aug 2024): AMD plans to create a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products.

Last Updated Date (23-06-2025): AMD has created a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products.  This mode is not enabled by default and needs to be set by an administrator. AMD expects performance impacts if the new mode is enabled in environments where multiple processes would have been running simultaneously on the GPU.  The performance impact will be related to the number of processes that would have been running in parallel.  Additionally, a lesser performance impact may arise due to the additional clearing of registers between processes.

Instructions for enabling the new mode can be found in the relevant release notes and/or product documentation.

AMD started rolling out mitigation options beginning in May 2024 through applicable driver updates.

Official announcement: Please refer to the website for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6013.html

Potential Risk of CVE

About Veeam Backup (CVE-2025-23120 and CVE-2025-23121) – 23-06-2025

Leave a comment

CVE-2025-23121

NVD Published Date: 06/18/2025

NVD Last Modified: 06/18/2025

Preface: Veeam introduced a custom serialization formatter to protect against unsafe deserialization vulnerabilities (see below):

-They override the default .NET deserialization behavior.

-They validate or restrict which types can be deserialized.

-This is a security hardening measure to prevent attackers from exploiting deserialization to execute arbitrary code.

Background: A BinaryFormatter is a class in .NET used for serializing and deserializing objects into a binary format. Serialization converts an object’s state into a byte stream, allowing it to be stored (e.g., in a file) or transmitted. Deserialization is the reverse process, reconstructing the object from the byte stream. The BinaryFormatter provides a compact binary representation, making it relatively fast for serialization and deserialization.

Veeam introduced a custom formatter that prevents insecure deserialization through a whitelist-like mechanism.

The Veeam.Backup.Model.CDbCryptoKeyInfo class is marked as [Serializable] and is explicitly allowed for deserialization within Veeam’s implementation. According to a detailed vulnerability analysis, this class:

  • Is part of the whitelist of types that Veeam permits for deserialization.
  • Has a “magic constructor” (a constructor that can be invoked during deserialization) that can be reached via .NET Remoting or other deserialization mechanisms.
  • Was involved in a Remote Code Execution (RCE) vulnerability (CVE-2025-23120), where the deserialization of this class could be exploited due to insufficient validation and reliance on a blacklist rather than a strict whitelist.

This vulnerability highlights the risks of allowing deserialization of complex or sensitive types, especially when relying on blacklist-based filtering, which can be bypassed.

Vulnerability details: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Official announcement: For details, please see the reference link – https://nvd.nist.gov/vuln/detail/CVE-2025-23121