All posts by admin

AI and ML, Potential Risk of CVE

CVE-2025-33255: About NVIDIA TensorRT-LLM (22nd May 2026)

Leave a comment

Preface: DeepSpeed MII, an open-source Python library developed by Microsoft, aims to make powerful model inference accessible, emphasizing high throughput, low latency, and cost efficiency. TensorRT LLM, an open-source framework from NVIDIA, is designed for optimizing and deploying large language models on NVIDIA GPUs.

Background: TensorRT-LLM is a library developed by NVIDIA to optimize and run large language models (LLMs) efficiently on NVIDIA GPUs. It provides a Python API to define and manage these models, ensuring high performance during inference.

The Python Executor within TensorRT-LLM is a component that orchestrates the execution of inference tasks. It manages the scheduling and execution of requests, ensuring that the GPU resources are utilized efficiently. The Python Executor handles various tasks such as batching requests, managing model states, and coordinating with other components like the model engine and the scheduler.

MPI (Message Passing Interface) helps distribute workloads across multiple GPUs by allowing independent CPU processes to manage different GPUs and coordinate their operations. Because GPUs cannot communicate directly across network nodes, MPI coordinates the sending and receiving of data between nodes while utilizing hardware-accelerated paths to shift workloads off the CPU.

Vulnerability details: CVE-2025-33255 NVIDIA TensorRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, or information disclosure.

Note: To completely mitigate the risk shown in attached diagram, ensure your deployment workflow includes these two final rules:

  1. Isolate MPI Traffic: Set up your cluster so that the network fabric connecting Nodes 1–4 sits on a private, isolated VLAN or subnet with no external internet ingress.
  2. Upgrade the Image: Verify that your docker pull command grabs a TensorRT-LLM container image version released after the May 2026 security patch advisory.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5805

AI and ML, Potential Risk of CVE

CVE-2026-24207: About NVIDIA Triton Inference Server (21st May 2026)

Leave a comment

Preface: The NVIDIA Triton Inference Server natively supports gRPC as one of its primary communication protocols for the client API. Furthermore, gRPC can also be used for health checks, statistics, and model loading/unloading operations, not just inference requests. Inference requests arrive at the server via either HTTP/REST or GRPC or by the C API and are then routed to the appropriate per-model scheduler.

Background: NVIDIA’s security bulletin did not provide details. I speculate the cause of CVE-2026-24207 is as follows:

The Bypass Logic

A standard gRPC request path is canonical: /package.Service/Method. If an attacker crafts a raw HTTP/2 frame where the :path pseudo-header is package[.]Service/Method (missing the leading /), the following happens:

Step1 – Routing Success: The gRPC server sees the request and correctly identifies which handler to trigger, even without the leading slash.

Step2 – Match Failure: The authorization engine (like grpc/authz) checks the path against its rules. It looks for a literal match for /package[.]Service/Method. Since the incoming path is package[.]Service/Method, the Deny rule does not trigger.

Step3 – Fallback Triggered: Because the specific deny rule failed to match, the engine falls back to its next rule, which is typically a “catch-all” Allow rule.

My question is that gRPC has an authorization bypass vulnerability affecting all gRPC-Go (google[.]golang[.]org/grpc) versions prior to 1.79.3. However, Triton’s gRPC functionality is primarily implemented in src/grpc/grpc_server[.]cc. Can I say that the CVE-2026-24207 vulnerability occurs on the client side rather than the server side? Because for edge deployments, Triton Server is also provided as a shared library, and its API allows the full functionality of the server to be directly integrated into the application. What are your thoughts on this?

If you are using the standard Triton Inference Server binary (which is built in C++), it uses the C++ gRPC implementation, not the Go version. Therefore, it is not vulnerable to CVE-2026-24207 on the server side.

Vulnerability details: CVE-2026-24207 – NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5828

IoT, Potential Risk of CVE

CVE-2026-8836: A vulnerability was found in lwIP up to 2.2.1. (20th May 2026)

Leave a comment

Preface: IoT manufacturers are very willing to use lwIP (Lightweight IP) in firmware, and it is widely used in commercial IoT products. It is a dominant TCP/IP stack in the embedded space because it provides a full-featured networking stack (TCP, UDP, DHCP, DNS) while being highly optimized for resource-constrained, low-power devices.

Even though firmware allocate an lwIP pbuf to hold the payload in RAM

[// PBUF_TRANSPORT automatically reserves space for UDP/IP headers]

If your firmware explicitly uses SNMPv3 alongside your Wake-on-LAN feature, you must apply the patch.

Background: Inbound parsing and outbound allocation are two completely different memory directions (see below):

Outbound – When you call pbuf_alloc(PBUF_TRANSPORT, …), you are allocating memory for an outgoing packet. This works perfectly and securely for transmitting your Magic Packet.

Inbound – When an SNMPv3 management command comes into your device, lwIP allocates an incoming pbuf automatically to hold the raw network packet. The vulnerability happens after allocation, during the parsing phase inside snmp_msg[.]c.

Why CVE-2026-8836 Bypasses Pbuf Protection

The flaw is a stack-based buffer overflow, not a pbuf heap overflow.

i.When a remote user sends an SNMPv3 packet, the function snmp_parse_inbound_frame sets up a fixed-size array on the CPU stack called request->msg_authentication_parameters. This buffer is hardcoded to a maximum size of SNMP_V3_MAX_AUTH_PARAM_LENGTH (usually 32 bytes).

ii.The unpatched code uses the variable tlv.value_len (which comes directly from the untrusted incoming packet header) to decide how many bytes to decode into that stack array.

iii.An attacker can craft a malicious SNMPv3 packet stating that the authentication data is 100 bytes long. Because the check was commented out (/* IF_PARSE_ASSERT(…) */), lwIP blindly executes snmp_asn1_dec_raw and writes all 100 bytes into the 32-byte stack buffer, smashing the CPU stack, corrupting the return address, and crashing your chip or allowing remote code execution.

Vulnerability details: A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely.

Remedy: The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue.

Official announcement: Please refer to link for details –

https://nvd.nist.gov/vuln/detail/CVE-2026-8836

Science

The connection to suspected unidentified phenomena in the sky – my hypothesis is ER=EPR (11th May 2026)

Leave a comment

Preface: I am applying the concept that “spacetime is woven by entanglement” to a localized atmospheric setting. If entanglement can alter spatial connectivity, an “entangled cloud” would indeed behave as a region with anomalous physical properties.

Background: If there were a large amount of quantum-entangled hydrogen gas in the atmosphere at normal temperature and pressure, the phenomena we observe might be imperceptible to the naked eye. Under normal circumstances, molecules collide billions of times per second, causing quantum decoherence and rapidly destroying the entangled state.

Besides the aurora borealis, other unexplained phenomena have appeared in the sky in the past.

From a scientific perspective, I’m curious whether these phenomena are related to quantum entanglement in the sky?

If a massive amount of quantum entanglement occurred within an area of the atmosphere, here is how space-time and visual phenomena might be affected?

Point of view: The ER=EPR conjecture is a bold theoretical proposal in modern physics suggesting that two of the most famous concepts in Einstein’s work—Einstein-Rosen bridges (wormholes) and Einstein-Podolsky-Rosen (EPR) pairs (quantum entanglement)—are actually two ways of describing the same underlying reality.

As described, collisions in standard temperature and pressure usually destroy entanglement. To support my hypothesis, physics offers potential workarounds:

Dynamic Equilibrium: While individual particles decohere, the continuous oxidation of methane (as in my diagram) might generate new entangled hydrogen atoms at a rate that maintains a “steady-state” of coherence.

Macroscopic Quantum States: In specific atmospheric plasma environments, collective behavior can sometimes suppress individual particle noise, allowing quantum effects to manifest at larger scales.

Scientific Summary:

Science

The Tang Dynasty understood the composition of the moon earlier than modern astronauts. (19th May 2026)

Leave a comment

Preface: This story, from *Youyang Zazu: Tianzhi* ((酉陽雜俎: 天咫), recounts how a Tang Dynasty scholar, lost in the Songshan Mountains (嵩山), encountered a “moon man 《修月人》” repairing the moon. The character describes the moon as a sphere composed of seven precious materials and suggests that the light and shadow on its surface are caused by the sun’s rays. He then gives the two scholars mysterious food and guides them on their way.

Background: The story’s protagonists are Zheng Renben’s (鄭仁本) cousin (Duan Chengshi (段成式)notes he forgot his name) and a scholar named Wang, not Duan Chengshi himself. • Plot Summary: The two get lost in Mount Song (嵩山) and encounter a white-clad man lying asleep in the grass, using a bundle as a pillow. Upon waking, the white-clad man claims to be one of the “Moon Repairers 《修月人》” and reveals the astonishing statement that “the moon is a sphere composed of seven treasures, and its light is produced by the sun illuminating its convex parts.”

Point of view: The Tang Dynasty (618–907 CE) concluded approximately 1,119 years ago as of 2026. How did they know that the moon was a sphere made of seven precious materials? People in the Middle Ages or ancient times generally believed that the Earth was flat, but educated people and scholars knew as early as ancient Greece (around the 5th to 3rd centuries BC) that the Earth was a sphere. This shows that no one knows the details of the moon.

From the Song Dynasty(宋代) to the Ming and Qing Dynasties(明清): Minor adjustments to the text rather than plot modifications. Song Dynasty(宋代)  scholars (such as when compiling the Taiping Guangji (太平天國光記)) widely quoted this passage. Subsequent Ming Dynasty(明代) editions, such as the Wang Shixian edition (王世賢本), the Mao Jin Jigu Pavilion edition(毛錦極閣本), and the Qing Dynasty Siku Quanshu edition 《清代四庫全書》, all preserved the core plot of this story without any alterations to the storyline.

These seven dominant elements, which make up about 98% to 99% of lunar rocks, include: 

  • Oxygen (41% – 45%)
  • Silicon
  • Aluminum
  • Calcium
  • Iron
  • Magnesium
  • Titanium 

The remaining 1% to 2% of the Moon’s surface material contains trace amounts of other elements like manganese, sodium, potassium, and phosphorus.

End of article

AI and ML, Cell Phone (iPhone, Android, windows mobile), IoT, Network (Protocol, Topology & Standard), Potential Risk of CVE

CVE-2026-46300 (Fragnesia) is a Linux kernel privilege escalation in the XFRM ESP-in-TCP subsystem. Does it affect GX-grade supercomputers? (18th May 2026)

Leave a comment

Preface: If BlueField DPU supports configuring IPsec rules using strongSwan 5.9.0bf, does it use kernel IPsec in ARM?

Yes, when using strongSwan 5.9.0bf on the BlueField DPU, it utilizes the Linux kernel IPsec stack (xfrm) running on the ARM cores to manage and configure security associations, which can then be offloaded to the hardware acceleration engines.

Background: The only scenario where a GPU or advanced SoC interacts with the Linux kernel’s XFRM subsystem is during IPsec Network Offloading (SmartNICs / DPUs).

If an enterprise SoC or Data Processing Unit (like an NVIDIA BlueField DPU) handles high-speed network traffic, the Linux XFRM subsystem can act as a control plane. It passes the encryption policies (SAs and SPIs) down to the chip’s network engine so that standard internet IPsec traffic can be encrypted at wire speed directly on the network interface card (NIC) hardware rather than taxing the main host CPU.

Vulnerability details: Fragnesia is a Linux local privilege escalation vulnerability that is a member of the Dirty Frag vulnerability class.

Are there any remedies available for CVE-2026-46300?

Patch Your Kernel:

Update your Linux kernel immediately. Patches were released by major distributions (AlmaLinux, Ubuntu, Red Hat, Debian, Amazon Linux) around May 14-16, 2026.

Apply Temporary Mitigation (If Patching is Delayed): Disable the vulnerable modules (esp4, esp6, and rxrpc) to block the exploit.Run: sudo rmmod esp4 esp6 rxrpcCreate blacklist file: echo -e “install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false” | sudo tee /etc/modprobe[.]d/fragnesia[.]conf

Clear Page Cache: If you suspect a machine was targeted before patching, run sync; echo 3 | sudo tee /proc/sys/vm/drop_caches to evict potentially corrupted cached pages.

Official announcement: Please refer to the link for details – https://github.com/v12-security/pocs/tree/main/fragnesia

AI and ML, Under our observation

A more imaginative assumption on TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads (15th MAY 2026)

Leave a comment

Preface: In these scenarios (see attached diagram), microarchitecture side-channel attacks targeting Intel TDX can directly impact and jeopardize the security of AMD accelerators.

Even though the AMD Instinct APU operates on a completely different silicon package, the two architectures are fundamentally tied together by a shared software stack, device driver interface, and physical interconnect fabric.

The specific risks regarding how TDXRay and cross-domain side-channel leakage bypass the hardware boundary in your diagram are detailed below:

Technical details:

1. Host-Side Driver Leakage (The Primary Target)

As illustrated in attached diagram, the ROCm Driver and HIP Runtime execute inside the Intel TDX Virtual Machine / Trust Domain.

•When primitives like those found in the TDXRay research paper (e.g., page-level or cache-line tracking) are utilized by an untrusted host hypervisor, they target the Intel CPU’s caches and memory controller.

•Because the Intel CPU must actively prepare, schedule, and feed data arrays (h_a, h_b) to the AMD accelerator, the memory access patterns of the ROCm driver itself are leaked.

•An attacker can infer exactly when the AMD kernel is being launched, what memory addresses are being mapped, and the size or stride of the datasets being transferred.

2. Interconnect Fabric Bottlenecks & Shared Cache Timing

The highlighted section in your diagram notes that memcpy can leak info via cache and memory controller interaction.

•During hipMemcpyHostToDevice or hipMemcpyDeviceToHost, data travels across the PCIe Gen 5 / CXL Interconnect Fabric.

•If a malicious actor on the host hypervisor induces resource contention on the shared Intel CPU core or memory bus, they can observe subtle latency shifts.

•By monitoring the timing delays of the Intel CPU waiting for the AMD APU to complete its tasks (hipDeviceSynchronize), the attacker can infer secret-dependent execution paths inside the AMD hardware without ever probing the AMD chip directly.

3. The Cross-Domain Threat Model (AMD SEV-SNP Parallel)

According to AMD’s Official Security Bulletin (AMD-SB-3044) published regarding the TDXRay findings, these types of microarchitectural host-side tracing methodologies fall within a category of behaviors that affect both Intel TDX and AMD SEV-SNP.

If an application leaks data structure layouts through its memory access patterns on the Intel host, the fact that the actual matrix operations happen on an AMD chip does not protect the workflow’s overall confidentiality.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3044.html

Under our observation, Virus & Malware

Checkmarx Jenkins AST Plugin Compromised (14th May 2026)

Leave a comment

Preface: Jenkins’ popularity and its rich plugin ecosystem are the main reasons for integrating event monitoring tools with it. While there isn’t a single “API plugin,” Jenkins has a powerful built-in remote access API (supporting XML, JSON, and Python), which many external monitoring tools use to retrieve data.

Background: With its unparalleled flexibility, vast plugin ecosystem, and vendor neutrality, Jenkins remains the preferred tool for cloud applications, especially in DevOps environments. Despite the emergence of many newer cloud-native tools, Jenkins remains the preferred solution for complex, hybrid, or highly customized CI/CD pipelines.

The TanStack incident and the Checkmarx Jenkins AST plugin intrusion incident were actually part of a well-planned coordinated supply chain attack campaign by the same threat group, TeamPCP.

Security researchers from Wiz, Snyk, and Socket have dubbed this large-scale, multi-targeted attack campaign (expected to launch in May 2026) the “Mini Shai-Hulud” worm attack. While the two incidents targeted different environments and used different initial entry points, they both originated from the same threat group, malware family, infrastructure, and ultimate target.

Incident details: The previous version of the Checkmarx Jenkins AST plugin (specifically version 2026.5.09) was compromised as part of an ongoing supply chain attack by the threat actor group TeamPCP, following their earlier compromise of Checkmarx infrastructure in March 2026.

The attack appears to be another TeamPCP incident because the attackers used the same techniques—gaining unauthorized access to Checkmarx’s GitHub repositories—to inject credential-stealing “Dune-themed” malware, similar to the previous KICS and GitHub Actions attacks.

Official announcement: Please refer to the link for details. – https://checkmarx.com/blog/ongoing-security-updates/

Virus & Malware

Shai-Hulud operates as a multi-vector, self-propagating worm. It routinely changes its entry points to compromise environments. Stay vigilant! (14th May 2026)

Leave a comment

Preface: The TanStack incident was a highly sophisticated software supply-chain compromise that occurred on May 11, 2026. An attacker successfully hijacked TanStack’s legitimate GitHub Actions release pipeline to publish 84 malicious versions across 42 @tanstack/* npm packages, including widely used tools like @tanstack/react-router.

Background: Both @tanstack/react-router and @tanstack/react-query are client-side frontend libraries and K8s is a backend orchestration platform. In normal circumstances, Frontend applications running inside Kubernetes (K8s)-managed containers are typically containerized web assets (static files or server-side rendered apps) packaged with a lightweight web server (like Nginx or Apache). But @tanstack/react-router and @tanstack/react-query are highly relevant to building robust frontend applications that run inside a K8s-managed containerized. These tools handle frontend data fetching and routing, while Kubernetes manages the infrastructure, pods, and scaling of the APIs they consume. TanStack Query handles caching and server state synchronization, reducing unnecessary API calls to backend services running on K8s. You can call @tanstack/react-router and @tanstack/react-query part of a suite. They are core components of the TanStack suite, a collection of high-quality, open-source libraries designed for modern web development.

Incident details: A supply chain attack, dubbed as “Mini Shai-Hulud”, is affecting well-known projects including TanStack, Mistral AI, UiPath, and OpenSearch.

Official announcement: Please refer to the link for details – https://digital.nhs.uk/cyber-alerts/2026/cc-4781

AI and ML, Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

CVE-2026-43284: Dirty Frag tricks the IPsec/TCP stack into doing the “dirty work”(13th May 2026)

Leave a comment

Preface: The “Dirty Frag” attack chains two separate flaws in the Linux kernel’s networking stack: one in the ESP(Encapsulating Security Payload) protocol used by IPsec and another in the RxRPC protocol used for the AFS distributed file system. If you do not use IPsec, disabling its modules removes one of the major attack paths.

Background: The “Dirty Frag” vulnerability is deemed difficult to patch immediately due to its exploitation of a long-standing core Linux kernel optimization, which initially lacked official, widespread patches upon disclosure. While disabling ESP modules helps, effective mitigation requires blacklisting both ESP and RxRPC modules, or patching the kernel directly.

How to mitigate vulnerabilities:

Step 1:Block the ESP and RxRPC modules: Create a configuration file (e.g., /etc/modprobe.d/dirtyfrag.conf) to ensure the modules cannot be auto-loaded by an exploit:

bash

install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false

Step 2:Unload current modules: Remove the modules if they are currently active in memory:

bash

sudo modprobe -r esp4 esp6 rxrpc
 

Step 3:Clear the Page Cache: The exploit works by corrupting the page cache. After applying the blocks, clear the cache to ensure no malicious changes persist in RAM:

bash

sudo sync && echo 3 | sudo tee /proc/sys/vm/drop_caches
 

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2026-43284