Preface: GPUs are efficient at performing parallel processing tasks, making them ideal for artificial intelligence and machine learning applications. CPUs are better suited for tasks that require single-threaded performance or large amounts of memory access.

Background: NVIDIA vGPU software can be used in several ways. Guest VMs use NVIDIA vGPUs in the same manner as a physical GPU that has been passed through by the hypervisor: an NVIDIA driver loaded in the guest VM provides direct access to the GPU for performance-critical fast paths, and a paravirtualized interface to the NVIDIA Virtual GPU Manager is used for non-performant management operations.

Each NVIDIA vGPU is analogous to a conventional GPU, having a fixed amount of GPU framebuffer, and one or more virtual display outputs or “heads”. The vGPU’s framebuffer is allocated out of the physical GPU’s framebuffer at the time the vGPU is created, and the vGPU retains exclusive use of that framebuffer until it is destroyed.

All vGPUs resident on a physical GPU share access to the GPU’s engines including the graphics (3D), video decode, and video encode engines.

Vulnerability details:

CVE-2024-0127: NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

CVE-2024-0128: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5586

Preface: Typical REST APIs exhibit a few issues that we can solve with GraphQL. One of the most prominent is over fetching, which occurs when a client fetches too much data from the server. When OpenShift Console is fetching a lot of data, it leverages chunked responses introduced in k8s 1.9. Fetching is split into separate HTTP requests, which improves the responsiveness of the UI with results shown incrementally.

Background: GraphQL is a web service technology. It is a query language and server-side runtime for application programming interfaces (APIs) that gives API clients exactly the data they requested. As an alternative to REST, GraphQL allows developers to make requests to fetch data from multiple data sources with a single API call.

GraphQL technology is becoming the new standard for communication between front-end and back-end. Get started using GraphQL in OpenShift Console 4.6.

Vulnerability details: A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-50311

Preface: BPF is a highly flexible and efficient virtual machine-like construct in the Linux kernel allowing to execute bytecode at various hook points in a safe manner. It is used in a number of Linux kernel subsystems, most prominently networking, tracing and security (e.g. sandboxing).

Background: BPF does not define itself by only providing its instruction set, but also by offering further infrastructure around it such as maps which act as efficient key / value stores, helper functions to interact with and leverage kernel functionality, tail calls for calling into other BPF programs, security hardening primitives, a pseudo file system for pinning objects (maps, programs), and infrastructure for allowing BPF to be offloaded, for example, to a network card.

Vulnerability details : This affects the check_func_arg function of the bpf component. Because of the manipulation with an unknown input value leads to a denial of service vulnerability.

In check_func_arg() when the argument is as mentioned, the meta->raw_mode is never set. Later, check_helper_mem_access(), under the case of PTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the subsequent call to check_map_access_type() and given the BPF map is read-only it succeeds.

The helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT when results are written into them as opposed to read out of them. The latter indicates that it’s okay to pass a pointer to uninitialized memory as the memory is written to anyway.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-49861

Preface: T-SQL is widely used in SQL Server environments. For instance, communication between an app and a SQL Server instance involves sending T-SQL statements to the server.

Background: VMware HCX streamlines migration, helps rebalance workloads, helps protect data, and optimizes disaster recovery processes for both on-premises data centers and cloud servers.

HCX Connector or Cloud Manager must be registered with vCenter server and NSX manager.
The registration is done through HCX 9443 Admin UI and only ONE vCenter & ONE NSX can be registered at any given time.

To access HCX Admin UI Page: https://<HCX_Manager_IP>:9443

Vulnerability details: An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. 

Official announcement: Please refer to the vendor announcement for details – https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019