All posts by admin

IoT, Potential Risk of CVE

CVE-2025-8183: About µD3TN protocol.

Leave a comment

A spaceman came travel, cyber security in space (29-07-2025)

NVD Published Date: 07/25/2025

NVD Last Modified: 07/25/2025

Preface: Essentially, any industry or application that requires communication in environments with unreliable or intermittent network conditions can benefit from BPv7’s capabilities. µD3TN has been successfully tested in Low Earth Orbit (LEO) on the OPS-SAT satellite, demonstrating its ability to handle the unique challenges of space communication, such as high latency and intermittent connectivity.

Background: The uD3TN project, a software implementation of the Delay-/Disruption-Tolerant Networking (DTN) Bundle Protocol, incorporates an allocator that functions similarly to the C standard library’s malloc dynamic memory allocator.

This allocator within uD3TN is responsible for managing memory allocation and deallocation for various components and data structures used within the DTN protocol stack. This includes, for example, the allocation of memory for bundles, which are the fundamental data units in DTN, as well as for internal structures and buffers required for bundle processing, forwarding, and storage.

The design of this allocator aims to provide efficient memory management within the constraints and requirements of a DTN implementation, potentially considering factors such as resource limitations in embedded systems or the need for robust handling of intermittent connectivity.

Vulnerability details: NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-8183

AI and ML, System

The whole world is paying attention to Nvidia, but supercomputers using AMD are the super ones! (July 28, 2025)

Leave a comment

Preface: The El Capitan system at the Lawrence Livermore National Laboratory, California, USA remains the No. 1 system on the TOP500. The HPE Cray EX255a system was measured with 1.742 Exaflop/s on the HPL benchmark. El Capitan has 11,039,616 cores and is based on AMD 4th generation EPYC™ processors with 24 cores at 1.8 GHz and AMD Instinct™ MI300A accelerators. It uses the HPE Slingshot interconnect for data transfer and achieves an energy efficiency of 58.9 Gigaflops/watt. The system also achieved 17.41 Petaflop/s on the HPCG benchmark which makes it the new leader on this ranking as well. June 2025

Background: Does El Capitan Use Docker or Kubernetes? El Capitan does not use Docker directly, but it does use Kubernetes—specifically:

Kubernetes is deployed on Rabbit and worker nodes. It is part of a stateless orchestration layer integrated with the Tri-Lab Operating System Stack (TOSS).

Kubernetes is used alongside Flux (the resource manager) and Rabbit (the near-node storage system) to manage complex workflows.

Why Kubernetes Instead of Docker Alone?

While Docker is lightweight and flexible, Kubernetes offers orchestration, which is critical for:

  • Managing thousands of concurrent jobs.
  • Coordinating data movement and storage across Rabbit nodes.
  • Supporting AI/ML workflows and in-situ analysis.

But Kubernetes has a larger memory and CPU footprint than Docker alone.

Technical details: HPE Cray Operating System (COS) is a specialized version of SUSE Linux Enterprise Server designed for high-performance computing, rather than being a variant of Red Hat Enterprise Linux. It’s built to run large, complex applications at scale and enhance application efficiency, reliability, management, and data access. While COS leverages SUSE Linux, it incorporates features tailored for supercomputing environments, such as enhanced memory sharing, power monitoring, and advanced kernel debugging.

What Does Cray Modify?
Cray (now part of HPE) primarily modifies:
-The Linux kernel for performance tuning, scalability, and hardware support
-Adds HPC-specific enhancements, such as:
Optimized scheduling
NUMA-aware memory management
High-speed interconnect support (e.g., Slingshot)
Enhanced I/O and storage stack
-Integrates with Cray Shasta architecture and Slingshot interconnect

These modifications are layered on top of SUSE Linux, meaning the base OS remains familiar and enterprise-grade, but is tailored for supercomputing.

End.

Our world is full of challenges and hardships. But you must be happy every day!

AI and ML, Potential Risk of CVE

Security Focus: CVE‑2025‑23284 NVIDIA vGPU software contains a vulnerability (25-07-2025)

Leave a comment

Preface: Memory Allocation Flow:

  1. User-space request (e.g., CUDA malloc or OpenGL buffer allocation).
  2. Driver calls memmgrCreateHeap_IMPL() to create a memory heap.
  3. Heap uses pmaAllocatePages() to get physical memory.
  4. Virtual address space is mapped using UVM or MMU walker.
  5. Memory is returned to user-space or GPU context.

Background:

An OS-agnostic binary is a compiled program designed to run on multiple operating systems without requiring separate builds for each. This means the binary file can be executed on different OS platforms without modification, achieving a level of portability that’s not common with traditional compiled software.

The core loadable module within the NVIDIA vGPU software package is the NVIDIA kernel driver, specifically named nvidia[.]ko. This module facilitates communication between the guest virtual machine (VM) and the physical NVIDIA GPU. It’s split into two main components: an OS-agnostic binary and a kernel interface layer. The OS-agnostic component, for example, nv-kernel[.]o_binary for the nvidia[.]ko module, is provided as a pre-built binary to save time during installation. The kernel interface layer is specific to the Linux kernel version and configuration.

Vulnerability details:

CVE-2025-23285: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

CVE2025-23283: NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Official announcement: Please see the url for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5670

IoT, Potential Risk of CVE

CVE-2025-8058: The regcomp function in the GNU C library design weakness, do not contempt! (24-07-2025)

Leave a comment

Preface: Glibc is a fundamental component of many embedded systems, which are small, specialized computer systems found in vehicles for tasks like engine control, braking, and infotainment.

Background: The regcomp function in Linux is used to compile a regular expression pattern into a form that can be efficiently used by regexec for matching. A good example of its usage involves validating user input. For instance, you might want to ensure that a user-entered password meets certain criteria, such as containing at least one uppercase letter, one lowercase letter, one digit, and one special character.

The regcomp function in the GNU C Library’s <regex.h> is responsible for compiling a regular expression into an internal data structure that can be efficiently used for matching. Essentially, it takes a string representing a regular expression pattern and converts it into a format suitable for fast searching within other strings.

The GNU C Library (glibc) provides a consistent Application Binary Interface (ABI) across different architectures and versions, ensuring compatibility between compiled programs. Architectures define the underlying hardware instruction set, while ABIs specify how functions are called, data is passed, and objects are laid out in memory. glibc abstracts these details, allowing developers to write code once and have it run on various systems that adhere to the same ABI.

While compiling a regular expression avoids recompilation within the same program execution, a system shutdown will erase the in-memory compiled representation. When the system restarts and the program is run again, the regular expression will need to be re-compiled if the performance benefit of pre-compilation is desired. The ABI does not change this behavior; it merely dictates how the compiled code interacts with other system components.

Vulnerability details: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Ref: A double free error occurs if free() is called multiple times with the same memory address. Calling free() twice on the same value causes a memory leak. If a program calls free() twice with the same arguments, it corrupts the program’s memory management data structures.

Official announcement: Please refer to the URL for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-8058

IoT, Potential Risk of CVE

CVE-2025-7427: Affected Products (Arm Development Studio before 2025.0) [23-07-2025]

Leave a comment

Preface: Arm Development Studio (Arm DS) is a suite of software tools designed for developing and debugging software for Arm-based SoCs (Systems on Chip). Thus, Arm DS optimizing software for Arm-based hardware, primarily in embedded systems and IoT devices. These tools help developers write, compile, and debug code for various Arm processors, including those found in SoCs. Applications built with Arm DS can be deployed to various targets, including microcontrollers, embedded Linux systems, and even Android devices.

Background: Arm Development Studio is available for both Windows and Linux operating systems. Specifically, it supports 64-bit x86 host platforms for both Windows 10 and Linux distributions like Red Hat Enterprise Linux 7 and Ubuntu Desktop Editions 18.04 LTS and 20.04 LTS.

Redistributable Packages: For distributing applications built with Arm Development Studio, developers might need to include redistributable packages like those related to the Visual C++ runtime libraries, which are also provided as [.]dll files.

Vulnerability details: CVE-2025-32702: Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an unauthorized attacker to execute code locally.

Official announcement: Please refer to the URL for details https://nvd.nist.gov/vuln/detail/CVE-2025-32702

Potential Risk of CVE

Why CVE-2025-53770 and CVE-2025-53771 do not affect SharePoint Online, even though they exploit how SharePoint processes serialized input in on-prem environments. (22-07-2025)

Leave a comment

Preface: About a decade ago, a technical white paper evaluated how many cybersecurity experts a bank should hire to manage cybersecurity.

Although Tier 1 financial institutions have information security controls in-house, their effectiveness cannot be compared to managed security services. The examples at the time were AWS cloud and cybersecurity controls. Now, the details of these two CVE records extend this story again.

Background: The architectural differences between SharePoint Online (Office 365) and SharePoint Server (on-premises) in the context of vulnerabilities like CVE-2025-53770 and CVE-2025-53771.

According to Microsoft’s official guidance, these vulnerabilities only affect on-premises SharePoint Server installations (2016, 2019, and Subscription Edition). Do not impact SharePoint Online in Microsoft 365.

The reason SharePoint Online is not vulnerable involves multiple layers of architectural and operational differences, including:

Microsoft controls the infrastructure runtime environment.

In SharePoint Online, developers cannot deploy full-trust code or access server-side object models like SPSite or SPWeb. This eliminates many attack vectors that exist in on-prem environments. In SharePoint Online Intelligent Proxy and Request Filtering. These systems can detect and block unsafe deserialization attempts before they reach backend services.

Reference:

The SPWeb parameter in SharePoint refers to an object that represents a SharePoint website (or subsite) within a site collection. It’s used in PowerShell cmdlets like Get-SPWeb, New-SPWeb, Set-SPWeb, and Remove-SPWeb to interact with and manage these websites.

The term “SPSite parameter” generally refers to parameters used with the Get-SPSite, New-SPSite, and Set-SPSite cmdlets in SharePoint PowerShell. These parameters are used to specify or configure site collection properties, such as the URL, owner, template, quota, or lock state.

Vulnerability details:

CVE-2025-53770 is a “deserialisation of untrusted data” vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code on the SharePoint Server. CVE-2025-53770 addresses a partial fix for CVE-2025-49704 released in Microsoft’s July 2025.

CVE-2025-53771 is a “path traversal”, “improper neutralisation”, and “improper input validation” vulnerability. CVE-2025-53771 addresses a partial fix for CVE-2025-49706 released in Microsoft’s July 2025 scheduled security updates.

Ref: Avoiding exposure of vulnerable endpoints like /_layouts/15/ToolPane.aspx to the internet is directly related to CVE-2025-53771, as well as CVE-2025-53770. These two vulnerabilities are chained together in an exploit known as ToolShell.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

https://nvd.nist.gov/vuln/detail/CVE-2025-53771

AI and ML, Potential Risk of CVE

CVE-2023-4969 – Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.”, actually this GPU design weakness are fickle! (21-07-2025)

Leave a comment

Preface: “LeftoverLocals” allows recovery of data from GPU local memory created by other processes on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals affects the security posture of the entire GPU application, especially LLM and machine learning models running on affected GPU platforms. NVD published on January 16, 2024. So far, AMD appears to be the only company actively taking remediation measures.

Background: Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals” article to public on 16th January 2024. The corrective action was taken by AMD in following schedule.

2025-07-18: Updated the Mitigation section for AMD Radeon Graphics

2025-06-23: Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and revised Client Processors table

2025-04-07: Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and Client Processors

2025-02-11: Updated the Mitigation section – Data Center Graphics

2025-01-15: Mitigation section has been updated and AMD Ryzen™ AI 300 Series Processor (Formerly codenamed) “Strix Point” FP8 has been added to the Client Processors list

2024-11-07: Mitigation has been updated for MI300 and MI300A

Updated driver version from 24.x.y to 25.x.y

2024-10-30: Updated mitigation targets

2024-08-02: Updated AMD Software: Adrenalin Edition and PRO Edition versions.

Removed: AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (Not affected)

Added: AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics and AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics

2024-07-30: Updated the Mitigation section of AMD RadeonTM Graphics and Client processors product tables

Updated Data Center Graphics Inter-VM and Bare Metal/Intra-VM Mitigation product tables

Updated mitigation section month for driver update rollout

2024-05-07: Added Vega products and Mitigation section with Product tables

2024-01-26: Updated Graphics and Data Center Graphics products

2024-01-16: Initial publication

Vulnerability details: CVE-2023-4969: A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Official announcement: Please refer to the official link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6010.html

Remark: In step 5, CU2 is written incorrectly. The correct word should be CU.

AI and ML, IoT, Potential Risk of CVE

CVE-2025-23270: NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode (20th July 2025)

Leave a comment

Preface: To enter UEFI Management mode on a Jetson device, you’ll typically need to access it during the boot process by pressing a specific key (like F2, F10, or Del) before the OS starts loading. Once in UEFI, you can configure settings related to booting, such as boot order and device selection.

Background: CUDA is a parallel computing platform and programming model developed by NVIDIA, designed to leverage the power of GPUs for general-purpose computing. Linux for Tegra (L4T) is NVIDIA’s customized Linux distribution based on Ubuntu, optimized for their Tegra family of system-on-chips (SoCs), including those used in Jetson development kits. Essentially, L4T provides the operating system and necessary drivers for running CUDA-enabled applications on NVIDIA’s embedded platforms.

NVIDIA Jetson Linux is a customized version of the Linux operating system specifically designed for NVIDIA Jetson embedded computing modules. It provides a complete software stack, including the Linux kernel, bootloader, drivers, and libraries, tailored for the Jetson platform’s hardware and intended for edge AI and robotics applications.

Vulnerability details:

CVE-2025-23270 NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVE-2025-23269 NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.

Official announcement: Please see the link for details

https://nvidia.custhelp.com/app/answers/detail/a_id/5662

“When error occurs, the data remaining on cache memory. When OS started, a malicious program stored in device then executes read on shared memory.”

Potential Risk of CVE

CVE-2025-23263: About NVIDIA DOCA-Host and Mellanox OFED (17th July 2025)

Leave a comment

Preface: Mellanox OpenFabrics Enterprise Distribution for Linux (MLNX_OFED) is a software stack developed by NVIDIA (formerly Mellanox) that provides a tested and packaged version of the OpenFabrics Enterprise Distribution (OFED) for Mellanox network adapters. It enables high-performance networking capabilities, including RDMA and kernel bypass, for InfiniBand and Ethernet (RoCE) technologies.

Background: NVIDIA introduced DOCA-OFED in the DOCA-Host package. DOCA-Host is a unified package for host servers that includes all the basic components of DOCA and MLNX_OFED. MLNX_OFED is a single Virtual Protocol Interconnect (VPI) software stack that operates across all NVIDIA network adapter solutions.

Nvidia has also developed the Computing Unified Device Architecture (CUDA) and Data Center Infrastructure Single-Chip Architecture (DOCA) for CPU and GPU, CPU and DPU.

During the GTC conference in the fall of 2020, the SmartNIC technology they acquired after acquiring network equipment manufacturer Mellanox was officially unveiled under the name of DPU. Mellanox’s BlueField product line is considered a DPU (Data Processing Unit) because it’s designed to offload and accelerate data-centric tasks, such as networking, storage, and security, from the CPU. Essentially, DPUs like BlueField act as a specialized co-processor, handling tasks that would otherwise consume valuable CPU resources, improving overall system performance and efficiency. NVIDIA BlueField DPUs (Data Processing Units) are designed as System on a Chip (SoC) devices.

Vulnerability details: NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

Official announcement: Please refer to url for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5654

AI and ML, Potential Risk of CVE

CVE-2025-23266 and CVE-2025-23266: NVIDIA Container Toolkit design weakness (16-07-2025)

Leave a comment

Preface: Docker Compose is a tool that makes it easier to define and manage multi-container Docker applications. It simplifies running interconnected services, such as a frontend, backend API, and database, by allowing them to be launched and controlled together.

Docker Compose is a utility for defining and running multi-container Docker applications. Furthermore, Docker Compose responsible manages the container lifecycle. Container lifecycle management is a critical process of overseeing the creation, deployment, and operation of a container until its eventual decommissioning.

Background: Docker Compose v2.30.0 has introduced lifecycle hooks, making it easier to manage actions tied to container start and stop events. This feature lets developers handle key tasks more flexibly while keeping applications clean and secure.

Vulnerability details:

CVE-2025-23266: NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

CVE-2025-23267: NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Official announcement: Please refer to url for details

https://nvidia.custhelp.com/app/answers/detail/a_id/5659

Ref: Does Disabling Hooks Disable Container Lifecycle Management?

Hooks – In this context, hooks are scripts or binaries that run during container lifecycle events (e.g., prestart, poststart). The CUDA compatibility hook injects libraries or environment variables needed for CUDA apps.

Disabling the Hook – Prevents the automatic injection of CUDA compatibility libraries into containers. This does not disable the entire container lifecycle, but it removes one automation step in the lifecycle.