All posts by admin

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-38403 – Buffer Over-read in WLAN Firmware (8th Nov 2024)

Leave a comment

Preface: BSS Transition Management enables an AP to request a voice client to transition to a specific AP, or suggest a set of preferred APs to a voice client, due to network load balancing or BSS termination.

Background: A STA receiving a BSS Transition Management Request frame may respond with a BSS Transition Management Response frame.

The BSS Termination Included (bit 3) field indicates that the BSS Termination Duration field is included, the BSS or the AP MLD is shutting down and the STA or the non-AP MLD will be disassociated. The AP or AP MLD sets the BSS Termination Included bit in the Request mode field to 1 to indicate that the BSS or AP MLD is shutting down.

The BSS Termination Included bit is 0 if no BSS Termination Duration information is included in the BSS Transition Management Request frame.

Vulnerability details: Transient DOS while parsing BTM ML IE when per STA profile is not included.

Official announcement: Please refer to the vendor announcement for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

AI and ML, Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

CVE-2024-38408 – Cryptographic Issues in BT Controller (7 Nov 2024)

Leave a comment

Preface: Snapdragon 8 Gen 2 SoC comes with many new features and technologies such as new tri-cluster architecture, AI improvements, ray tracing support, and more. However, one largely overlooked feature is dual Bluetooth. Now, it’s not going to revolutionize the Bluetooth experience on mobile devices, but it will actually solve some of the fundamental problems we face when using Bluetooth technology on mobile devices.

Background: The encryption key negotiation protocol is conducted between two parties as follows: the initiator proposes an entropy value N that is an integer between 1 and 16, the other party either accepts it or proposes a lower value or aborts the protocol. If the other party proposes a lower value, e.g., N − 1, then the initiator either accepts it or proposes a lower value or it aborts the protocol. At the end of a successful negotiation the two parties have agreed on the entropy value of the Bluetooth encryption key. The entropy negotiation is performed over the Link Manager Protocol (LMP), it is not encrypted and not authenticated, and it is transparent to the Bluetooth.

Vulnerability details: Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Official announcement: Please refer to the vendor announcement for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

AI and ML, Potential Risk of CVE

About CVE-2024-0134 – NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability (5th Nov 2024)

Leave a comment

Preface: In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

Background: The NVIDIA container stack is architected so that it can be targeted to support any container runtime in the ecosystem. The components of the stack include:

-The NVIDIA Container Runtime (nvidia-container-runtime)

-The NVIDIA Container Runtime Hook (nvidia-container-toolkit / nvidia-container-runtime-hook)

-The NVIDIA Container Library and CLI (libnvidia-container1, nvidia-container-cli)

The components of the NVIDIA container stack are packaged as the NVIDIA Container Toolkit.

The NVIDIA Container Toolkit is a key component in enabling Docker containers to leverage the raw power of NVIDIA GPUs. This toolkit allows for the integration of GPU resources into your Docker containers.

Remark: The Podman command can be used with remote services using the –remote flag. Connections can be made using local unix domain sockets, ssh

Vulnerability details: NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Official announcement: Please refer to the vendor announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5585

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

About CVE-2024-43080: So called Intent Redirection by Google (4th Nov 2024)

Leave a comment

Preface: What is intent redirection and app security in Android? An intent redirection occurs when an attacker can partly or fully control the contents of an intent used to launch a new component in the context of a vulnerable app.

Background: An Intent in the Android operating system is a software mechanism that allows users to coordinate the functions of different activities to achieve a task. One or more of your apps contain an Intent Redirection issue which can allow malicious apps to access private app components or files.

Vulnerability details: CVE-2024-43080: This vulnerability could lead to privilege escalation. Please refer to the official announcement for details – https://source.android.com/docs/security/bulletin/2024-11-01

IoT, Potential Risk of CVE

CVE-2024-7883 – CMSE secure state may leak from stack to floating-point registers (3rd Nov 2024)

Leave a comment

Preface: The Cortex-M stands for the Microcontroller which is used in most of our daily life applications also starting from the automation to DSP applications, sensors, smart displays, IoT applications ,etc.

Background: In April of 2024, Arm Limited published a Cortex-M Security Extensions (CMSE) Security Bulletin that identifies a potential software security issue in code that uses CMSE. The security vulnerability allows an attacker to pass out-of-range values to code executing in Secure state to cause incorrect operation in Secure state. This security vulnerability is present in compilers that are not compliant with version 1.4 of the Arm v8-M Security Extensions Requirements on Development Tools.

Vulnerability details: When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

LLVM and the GNU Compiler Collection (GCC) are both compilers. The difference is that GCC supports a number of programming languages while LLVM isn’t a compiler for any given language. LLVM is a framework to generate object code from any kind of source code.

Official announcement: For more information about the vulnerability, please see the link –

https://nvd.nist.gov/vuln/detail/CVE-2024-7883

https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability

AI and ML, Potential Risk of CVE

AMD 000036938 – Potential Vulnerabilities When Deviating from ARM AXI Standard Protocol (1st Nov 2024)

Leave a comment

Preface: Sandia’s Astra is the world’s fastest Arm-based supercomputer according to the technical article, the supercomputer industry’s standard. With a speed of 1.529 petaflops, Astra placed 203rd on a ranking of top computers announced at SC18, the International Conference for High Performance Computing, Networking, Storage, and Analysis, in Dallas.

Background: A crossbar network is a switching network that allows multiple processors to connect and communicate simultaneously without contention. It enables one-to-one interconnections between processors and memory units, and is commonly used in the design of high-performance multiprocessors and network routers.

The AXI Interconnect core allows any mixture of AXI master and slave devices to be connected to it, which can vary from one another in terms of data width, clock domain and AXI sub-protocol (AXI4, AXI3, or AXI4-Lite). When the interface characteristics of any connected master or slave device differ from those of the crossbar switch inside the interconnect, the appropriate infrastructure cores are automatically inferred and connected within the interconnect to perform the necessary conversions.

Vulnerability details: Researchers from ETH Zurich, UC San Diego and RPTU Kaiserslautern-Landau shared a paper with AMD titled “EXPECT: On the Security Implications of Violations in AXI Implementations” which explores methods for exposing vulnerabilities related to the AXI interface when utilizing the AMD AXI Crossbar IP in Vivado™ designs. 

Official announcement: Please refer to the link for details –https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8005.html

AI and ML, Potential Risk of CVE

Security Bulletin: NVIDIA ConnectX and BlueField – October 2024 (CVE‑2024-0105 and CVE-2024-0106) – 31th Oct 2024

Leave a comment

Preface: Nvidia BlueField is a line of data processing units (DPUs) designed and produced by Nvidia. Initially developed by Mellanox Technologies. DOCA is a consistent and essential resource across all existing and future generations of BlueField DPU and SuperNIC products.

Background: The NVIDIA cloud-native supercomputing platform leverages the NVIDIA BlueField DPU architecture with high-speed, low-latency. The DPU enables native cloud services that let multiple users securely share resources without loss in application performance. HPC and AI communication frameworks and libraries play a critical role in determining application performance. Due to their latency and bandwidth-sensitive nature, offloading the libraries from the host CPU or GPU to the BlueField DPU creates the highest degree of overlap for parallel progression of communication and computation.

Vulnerability details:

CVE-2024-0105 – NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

CVE-2024-0106 – NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5562

Potential Risk of CVE

About btrfs: fix uninitialized pointer free in add_inode_ref() – CVE-2024-50088 (30th Oct 2024)

Leave a comment

Preface: The main benefit of a snapshot is that it can be created very rapidly—and frequently—allowing for a quick and straightforward way to recover files or data if something goes wrong. Data can be restored to a specific point in time when it was in a good state.

Background: Btrfs is a copy-on-write (COW) file system developed by Chris Mason. It is based on COW-friendly B-trees developed by Ohad Rodeh.

In contrast to the currently unofficial default Linux filesystem ext4, Btrfs offers some features that are generally not attributed to the functionality of a filesystem but is popular, especially in professional environments such as data centers.

Vulnerability details: The add_inode_ref() function does not initialize the “name” struct when it is declared. If any of the following calls to “read_one_inode() returns NULL, then “name[.]name” would be freed on “out” before being initialized.

If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service.

This issue was reported by Coverity with CID 1526744.

Remark: In the Linux kernel, the above vulnerability has been resolved.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-50088

Potential Risk of CVE, Public safety

CVE-2024-10455 Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block (28 Oct 2024)

Leave a comment

Preface: µD3TN is a free space-tested software protocol stack for delay-tolerant networks. It runs on POSIX and Linux operating systems and can easily adapt to a variety of challenging networks. The source code is available under a BSD license.

AREAS OF APPLICATION : Car-to-X Communication ,Offshore Communication , Maritime Research , Satellite Communication and Reliable One-Way Communication.

Background: µD3TN can be accessed by the application layer via plain IPC as well as TCP sockets. µD3TN can be operated on top of different lower-layer protocols. A generic interface, called a Convergence Layer Adapter, enables the Bundle Protocol to connect heterogeneous networks.

Vulnerability details: A BPv7 bundle with a malformed extension block can trigger an assertion failure that causes the service to terminate unexpectedly. This could be used by an attacker for launching a denial of service (DoS) attack.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-10455

AI and ML

Large solar storms can knock out electronics and affect the power grid. It also vulnerable to Super computer (28th Oct 2024)

Leave a comment

Preface: Large solar storms can knock out electronics and affect the power grid. Why? The solar wind disturbs the outer part of the Earth’s magnetic field, which undergoes a complex oscillation. This generates associated electric currents in the near-Earth space environment, which in turn generates additional magnetic field variations — all of which constitute a “magnetic storm.”

Background: Solar maximum is expected in July 2025, with a peak of 115 sunspots. “How quickly solar activity rises is an indicator on how strong the solar cycle will be,” said Doug Biesecker, Ph. D., panel co-chair and a solar physicist at NOAA’s Space Weather Prediction Center.

Official announcement: Please refer to the following URL for details https://www.weather.gov/news/201509-solar-cycle

Vulnerability details: Modern power grid consists PLC (Programmable logic controller), SCADA and electronic integrate circuit. During magnetic storms, electronics device especially semi-conductor and integrated circuit can be damaged through the build up and discharge of static-electric charges. If those component were damage, the consequence is city will encountered power suspension.

Ref: It occurs when accumulated electrostatic charge is discharged and causes a larger current than normal to flow in a circuit, generating heat that destroys the electronic part. In other words, ESD damage does not occur without a discharge caused by static electricity.