All posts by admin

AI and ML, Potential Risk of CVE

CVE-2026-24148, CVE-2026-24154 and CVE-2026-24153: About NVIDIA Jetson (2nd-April-2026)

Leave a comment

Preface: NVIDIA JetPack and Jetson Linux (formerly L4T – Linux for Tegra) are the foundational software stacks for NVIDIA Jetson AI modules. Jetson Linux provides the essential BSP (bootloader, Linux kernel, Ubuntu rootfs, drivers), while JetPack SDK bundles this with developer tools, libraries (CUDA, TensorRT), and APIs for AI, computer vision, and robotics.

Background: The initrd and root file system (rootfs) unencrypted creates a significant security gap against local physical attacks. In a standard industrial or autonomous deployment, physical access is often the most direct threat to a machine’s integrity.

The Security Gap: Local Physical Access

When a Jetson device is left with its default, unencrypted configuration, an attacker with physical access can easily bypass system protections:

Because the bootloader cannot read encrypted files directly, it must first mount an unencrypted partition containing the kernel and initrd images. Without signing or encryption, these critical files can be replaced via a malicious USB or NVMe drive.

Ref: nvluks-srv-app is a NVIDIA Jetson Linux user-space application used to retrieve a unique, secure passphrase from the Trusted Execution Environment (TEE) to unlock encrypted partitions at boot time. It enables disk encryption on Jetson devices by facilitating secure communication between the normal operating system and the hardware-backed security services (OP-TEE).

Vulnerability details:

CVE-2026-24154 NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access could inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

CVE-2026-24148 NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

CVE-2026-24153 NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5797

AI and ML, Potential Risk of CVE

CVE-2026-5164: A flaw has been found in virtio-win. Don’t underestimate this; the field of artificial intelligence also needs virtio-win! (1st April 2026)

Leave a comment

Preface: While NVIDIA CUDA provides powerful parallel processing capabilities on both Linux and Windows, developers still need to run Windows on top of Linux using virtio-win in several specific environments:

For example: Windows-Exclusive HPC Applications

Many specialized scientific and engineering applications are only developed for Windows and cannot be easily recompiled for Linux.

Background: To programmatically use RhelDoUnMap() while ensuring user requests are correctly validated, you must specifically address the descriptor count validation to prevent buffer overflows. This function is part of the virtio-win drivers used in Red Hat Enterprise Linux environments.

Key Components of virtio-win include Network (NetKVM), Storage (viostor / virtio-scsi), Memory Balloon (balloon), Serial (virtio-serial), Graphics (virtio-gpu), Input (virtio-input) and Guest Agent (qemu-ga). The RhelDoUnMap() function is part of the virtio-win driver suite, specifically within the VioStor (Virtio Storage) driver.

Vulnerability details : A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/cve-2026-5164

Potential Risk of CVE

About Trivy: Closer Look what is happen through CI/CD Ecosystems. Staying alert! (31st Mar 2026)

Leave a comment

Preface: According to Mandiant, over a thousand SaaS environments have been impacted by ongoing supply chain compromises of Aqua Security’s open-source scanner Trivy, and researchers predict that the impact may grow by an order of magnitude.

Researchers have since reported multiple downstream attacks enabled by the compromise, possibly via implementations of Trivy. Sysdig observed the TeamPCP infostealer deployed in a GitHub action belonging to another software supply chain security developer, Checkmarx. Aikido Security reported attacks targeting the npm ecosystem and Kubernetes, spreading a persistent Python backdoor through “CanisterWorm,” which steals npm tokens to propagate itself through developers’ packages.

Background: Trivy is a popular open-source vulnerability and security scanner maintained by Aqua Security. Trivy is a “universal” scanner that consolidates multiple security checks into a single tool:

  • Vulnerability Scanning: Detects known vulnerabilities (CVEs) in operating system packages (e.g., Alpine, RHEL, Ubuntu) and language-specific dependencies (e.g., npm, pip, Go modules).
  • Misconfiguration Detection: Scans Infrastructure as Code (IaC) files like Terraform, Dockerfiles, Kubernetes manifests, and CloudFormation to find security flaws.
  • Secret Scanning: Identifies hardcoded sensitive information such as passwords, API keys, and tokens within code or container images.

Closer Look of Trivy design weakness:

The Mechanism: In Git, version tags (like @v1 or @v0.24.0) are mutable, meaning they can be reassigned to a different commit. The attackers used compromised credentials to “poison” 76 out of 77 existing version tags for trivy-action, pointing them to a new, malicious commit that contained a credential stealer.

The “Design Weakness”: Because pipelines are usually configured to pull the latest version of a tag automatically, thousands of organizations executed the malicious code without any changes to their own workflow files.

Official details: Please refer to the link for details  – https://nvd.nist.gov/vuln/detail/CVE-2026-33634

AI and ML, Potential Risk of CVE

CVE-2026-24157 and CVE-2026-24159: To protect your system, NVIDIA recommends updating to NeMo Framework version 2.6.2 or later (30-03-2026)

Leave a comment

Preface: NVIDIA NeMo is a widely adopted, end-to-end framework for building, customizing, and deploying generative AI models (LLMs) and conversational AI agents. It is primarily used to tailor open-source models—such as Llama, Mistral, and Google Gemma—using proprietary enterprise data.

Ollama, Mistral, and Google Gemma represent a powerful ecosystem for running local, open-weight Large Language Models (LLMs). Ollama acts as the engine to run models, while Mistral and Gemma are two of the most popular, high-performing model families designed to be efficient enough to run on personal computers.

Background: Regarding the restore_from() method, it is a core functionality used to load local checkpoint files with the .nemo extension.

Key Details of restore_from() –

  • Purpose: Fully restores a model instance, including its weights and configuration, from a local [.]nemo file for evaluation, inference, or fine-tuning.
  • File Structure: A [.]nemo file is an archive (specifically a tar.gz file) containing the model’s weights and a model_config[.]yaml file that defines its architecture.
  • Usage: It is called directly from the model’s base class (e.g., ASRModel[.]restore_from(restore_path="path/to/file[.]nemo")).

Vulnerability details: (see below)

CVE-2026-24157 NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVE-2026-24159 NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5800

AI and ML, Potential Risk of CVE

CVE-2026-24141: NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature. (27th Mar 2026)

Leave a comment

Preface: A design limitation has been discovered in the ONNX quantization function of the NVIDIA model optimizer for Windows and Linux. However, confusingly, the ONXY function appears to only work on Windows/RTX (not Linux). What is the actual design limitation?

A sophisticated technical question. The confusion often stems from the fact that while ONNX is the primary deployment format for Windows/RTX, the quantization process (where the vulnerability often lies) frequently occurs on Linux development servers.

Background: Why does the vulnerability affect both Linux and Windows?

Although ONNX is the target format for Windows AI PC applications, the NVIDIA Model Optimizer (ModelOpt) library is cross-platform.

*Linux as the “Factory”: Most developers use powerful Linux servers (with A100/H100 GPUs) to run the ModelOpt quantization scripts. They generate the optimized ONNX model on Linux and then “ship” it to Windows clients. Therefore, the vulnerability exists in the Linux-based conversion tools.

Vulnerability details: NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. (Initial release – March 24, 2026)

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5798

AI and ML, Potential Risk of CVE

Remedy CVE-2025-33244, securely deserialize data for use with APEX or PyTorch. (26th Mar 2026)

Leave a comment

Preface: The core design goal of NVIDIA Apex is to achieve mixed precision training, which mainly involves a combination of **16-bit (FP16)** and **32-bit (FP32)**.

Background: In NVIDIA APEX, handling FP16 and FP32 data is primarily managed through the Automatic Mixed Precision (AMP) module. You don’t need to manually cast your data.

  • Use FP32 if you are doing scientific simulations that require extreme precision or if your model fails to converge using lower bit-depths.
  • Use FP16 for Inference (running a finished model on a phone or server) or when training Large Language Models (LLMs) to save massive amounts of time and electricity.

Current Gold Standard is FP16; balances speed and memory.

Scientific simulations (such as those simulating black holes or aircraft airflow) require extremely high numerical stability to prevent errors from accumulating over time; while LLM training is more like finding a probability distribution of the “general direction,” where speed and model size are more important than accuracy to the 15th decimal place.

Vulnerability details: NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5782

Best Practices:

•Weight Files: Always convert and store your .pth or .bin files as .safetensors.

•API Inputs: Prefer Protocol Buffers (Protobuf) or JSON for real-time requests.

•Integrity Checks: Before deserializing, verify the file’s SHA-256 hash to ensure it hasn’t been tampered with during transit

Potential Risk of CVE

Do not underestimate the design flaws of jsrsasign (CVE-2026-4603) – 25th Mar 2026

Leave a comment

Preface: Software and platforms known to use jsrsasign include CustomJS, ServieNow, Postman, jwt.io, the BitcoinJS library, OpenPGP.js, Google Apps Script, and add-on utilities.

Background: Jsrsasign (RSA-Sign JavaScript Library) is a pure JavaScript cryptographic library designed to handle RSA, ECDSA, and DSA operations, including key generation, digital signature creation/verification, and encryption. It provides the mathematical and structural setup for parsing keys (PKCS#1/5/8) and managing signatures.

Objectives of Specific Code Paths

  • ext/rsa[.]js (RSASetPublic/KEYUTIL parsing path):
    • Objective: This path is responsible for initializing an RSA public key by parsing raw data (like a modulus n and exponent e).
    • Function: It takes external key formats—such as JSON Web Keys (JWK) or PEM-encoded strings—and converts them into a internal format that the library can use for cryptographic math.
  • ext/jsbn[.]js (BigInteger.modPowInt reduction logic):
    • Objective: This logic performs modular exponentiation (m to power e), which is the core mathematical operation of RSA.
    • Function: It uses an optimized algorithm (often a sliding window or Montgomery representation) to calculate high-power results efficiently on large numbers that standard JavaScript cannot handle. 

Vulnerability details: Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to deterministic zero outputs and hide “invalid key” errors by supplying a JWK whose modulus decodes to zero.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2026-4603

Science

Legendary and Astronomical: Observations of Regulus in April 2026 (23rd Mar 2026)

Leave a comment

Preface: The strongest evidence of extraterrestrial life discovered to date, 124 light-years from Earth… Leo constellation may be an ocean world capable of supporting microbial life. Regulus (Alpha Leonis) is the brightest star in the constellation Leo, marking the “heart of the lion”.

Ref: https://www.sciencealert.com/strongest-evidence-of-alien-life-yet-found-124-light-years-away

Background: Some studies suggest that the Sphinx was designed so that, at the spring equinox or a specific astronomical cycle, its gaze would be directly aligned with Regulus (known as the “Lion’s Heart”) rising on the eastern horizon. Some theoretical simulations even suggest that around 9500 to 9000 BC, Regulus would rise precisely from the east before sunrise at the summer solstice, coinciding with the Sphinx’s line of sight.

Ancient Egyptian architecture is associated with the constellations Draco, Leo, and Orion. The exact reasons are still unclear, but observations using current technology have revealed the following matter –

Draco, Leo, and Orion have no physical relationship; they are merely 2D patterns formed by stars at vastly different, unrelated distances. During observations, their only “connection” is their seasonal timing: Orion (winter) sets as Leo (spring) rises, metaphorically “chasing” it across the sky. Draco is circumpolar (always visible from northern latitudes), acting as a constant northern anchor regardless of the season.

Best Observation Time in 2026

Date: Mid-April 2026 (around April 15th).

Reason: Although Regulus rises in the east every day, during the spring equinox in March, the sun is relatively close to Leo, and the strong sunlight at sunrise will obscure the starlight. By mid-April, after sunset, Regulus will be high in the eastern sky (approximately 45-60 degrees). At this time, if you stand behind the Sphinx and look forward, the “Heart of the Lion” will be precisely above the statue’s line of sight.

Potential Risk of CVE

About Chrome: CVE-2026-3910 is triggered by CVE-2026-3543. (23rd Mar 2026)

Leave a comment

Preface: Electron is a framework enabling developers to build cross-platform desktop applications for macOS, Windows, and Linux by combining web technologies (HTML, JavaScript, CSS) with Node.js and native code. It is open-source, MIT-licensed, and free for both commercial and personal use. JavaScript calling Inter-Process Communication (IPC) is a critical technique, particularly in desktop application frameworks like Electron, to bridge the gap between the isolated renderer process (user interface) and the main process (Node.js backend/OS access.

Background: Electron is popular for building desktop apps—like

VS Code and Slack—because it allows developers to use web technologies (HTML, CSS, JavaScript) to create cross-platform applications. By bundling Chromium and Node.js, it eliminates the need to write separate code for Windows, macOS, and Linux.

Key Facts about CVE-2026-3910

Root Cause: The flaw is a logic error specifically within the V8 engine’s JIT (Just-In-Time) optimization process.

Primary Impact: It allows a remote attacker to execute arbitrary code within the browser’s sandbox environment via a specially crafted HTML page.

Because V8 is the core engine for all Chromium-based software, these vulnerabilities exist in Google Chrome, Microsoft Edge, and Opera—none of which use the Electron framework for their internal logic. Because V8 is the core engine for all Chromium-based software, these vulnerabilities exist in Google Chrome, Microsoft Edge, and Opera—none of which use the Electron framework for their internal logic.

If an attacker uses CVE-2026-3543 to get memory access, they can then use that “foothold” to manipulate the IPC (Inter-Process Communication) and trigger CVE-2026-3910.

Vulnerability details: Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Official announcement: Please refer to the link for details.

https://nvd.nist.gov/vuln/detail/CVE-2026-3910

Potential Risk of CVE

This analysis examine the security content of Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 (23rd Mar 2026)

Leave a comment

Preface: Since the details of the vulnerability are not described in detail, based on my interest in the topic, specific details are shown in the attached diagram.

Background: The Navigation API is a standard, modern web platform API, not specific to WebKit’s internal code, but implemented by WebKit (and other browser engines like Chromium and Gecko) for use by web application developers.

To implement the Navigation API in a WebKit-based environment (like Safari) while adhering to the Same-Origin Policy (SOP), you must focus on intercepting and managing navigation events within the same origin.

The Navigation API is designed to work strictly within the current browsing context and only exposes history entries with the same origin (matching protocol, host, and port) as the current page.

Related Mechanisms – Developers can use controlled mechanisms to relax the SOP when legitimate cross-origin communication is necessary: window[.]postMessage(): A method for securely communicating between scripts in different windows or iframes regardless of their origin, using message passing.

Vulnerability details: A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.

CWE-346 is a logic failure where the code tries to check the origin but does it incorrectly (e.g., your WebKit case where it validated the host but ignored the port).

Impact: An attacker could use maliciously crafted web content to bypass SOP entirely, potentially accessing sensitive data from other sites, such as session tokens or credentials.

Official announcement: Fix – Apple addressed this in March 2026 through its new Background Security Improvements system for iOS 26.3.1 and macOS 26.3.1.