All posts by admin

Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

CVE-2025-0037: About AMD Versal™ Adaptive SoC – Initial publication 2025-06-03

Leave a comment

(9th June 2025)

Preface: AMD’s Versal™ Adaptive SoCs are used in a wide range of industries, particularly those requiring high-performance, low-latency processing and flexibility, such as data centers, wireless networking, automotive, aerospace, and defense. Versal chips are also utilized in areas like 5G wireless, advanced driver assist, and even 3D printing.

AMD’s Versal™ Adaptive SoC technology is used in several different chip series, including the Versal AI Edge, Versal AI Core, Versal Prime, Versal Premium, and Versal RF series. These SoCs are designed for a variety of applications, including AI inference, data-intensive workloads, and high-speed communication.

Background: Platform Management Controller (PMC), Platform Loader and Manager (PLM), and boot and configuration are key components in modern embedded systems, especially in Xilinx Versal ACAPs and similar platforms.

Key Steps Illustrated:

1.BootROM loads PL –  Initial boot step from non-volatile memory.

2.PLM starts running – Executes on the MicroBlaze inside the PMC.

3.PLM authenticates and decrypts partitions – Uses hardware accelerators in the PMC for cryptographic operations.

4.PLM configures programmable logic – Loads and configures the Adaptive Engines and other programmable resources.

Remark: To understand the process, please refer to the attached diagram.

Vulnerability details: In Versal™ Adaptive SoC devices, the Platform Loader and Manager (PLM) implements runtime (post-boot) software services that can allow a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECDSA – using the hardened cryptographic accelerators, eFUSE and BBRAM reads and writes, reloading PDIs, and reading back the FPGA on behalf of the remote processor.

A potential vulnerability exists with commanding these runtime services, in that the memory passed with the command to execute the services is not checked by the PLM to verify that the requesting processor has access to the memory space.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html

Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

CVE-2025-1246: A non-privileged user process can perform valid GPU processing operations (8th June 2025)

Leave a comment

Preface: The Valhall family of Mali GPUs uses the same top-level architecture as the previous generation Bifrost GPUs. The Valhall family uses a unified shader core architecture. Arm’s 5th generation GPU architecture, on the other hand, is a type of GPU architecture that is designed for visual computing, especially on mobile devices, and includes features like deferred vertex shading and hardware-based ray tracing. It is a part of the Arm Mali or Immortalis GPU family.

Background: Arm’s Mali GPUs are closely related to the Valhall architecture. Valhall is Arm’s fourth-generation architecture for Mali GPUs, and the Mali-G77 is the first high-end GPU to adopt this architecture. Valhall improves on previous generations of architectures such as Bifrost with a simplified, compiler-friendly instruction set and better compatibility with newer APIs such as Vulkan. The architecture also allows for configuration of the number of shader cores and the size of the L2 cache.

WebGL (Web Graphics Library) and WebGPU (Web Graphics Processing Unit) are both JavaScript APIs that allow web developers to use a computer’s GPU to render 3D graphics and perform computations within a web browser. WebGPU is a newer and more powerful API than WebGL, designed to provide better performance and support for modern GPUs.

Vulnerability details: A non-privileged user process can perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds. This issue has been assigned the identifier CVE-2025-1246.

Affected ProductsBifrost GPU Userspace Driver

CVE-2025-1246: All versions from r18p0-r49p3, r50p0-r51p0 Valhall GPU Userspace Driver

CVE-2025-1246: All versions from r28p0-r49p3, r50p0-r54p0 Arm 5th Gen GPU Architecture Userspace Driver

CVE-2025-1246: All versions from r41p0-r49p3, r50p0-r54p0

Recommendations – These issues have been fixed in the following versions:

Bifrost GPU Userspace Driver – CVE-2025-1246: r49p4, r54p1

Valhall GPU Userspace Driver – CVE-2025-1246: r49p4, r54p1

Arm 5th Gen GPU Architecture Userspace Driver – CVE-2025-1246: r49p4, r54p1

Official announcement: Please see the link for – detailshttps://developer.arm.com/documentation/110466/1-0

IoT, Potential Risk of CVE

CVE-2024-53010 – Improper Access Control in Core (5th Jun 2025)

Leave a comment

Preface: Android HLOS –

-Runs on the Application Processor (main CPU)    

-Main Android OS (Linux kernel, system services, apps)

Background: The Snapdragon 8 application processor (including variants like Snapdragon 8 Gen 3 and Snapdragon 8 Elite) uses the Adreno GPU. The Adreno GPU is a core component of Qualcomm’s Snapdragon mobile platforms and is responsible for handling graphics processing and rendering.

HLOS stands for High-Level Operating System, and in Qualcomm’s terminology, it refers to the Android OS running on the Application Processor (AP) of Snapdragon SoCs. This includes:

  • The Android framework
  • System services
  • Linux kernel
  • HALs (Hardware Abstraction Layers)
  • Drivers and other user-space components

In Snapdragon and ARM-based systems, a VM (Virtual Machine) typically refers to a virtualized environment managed by a hypervisor. Qualcomm platforms may use Type-1 hypervisors (like Qualcomm’s own hypervisor or ARM’s KVM/EL2) to isolate different OS environments.

Vulnerability details: Memory corruption may occur while attaching VM when the HLOS retains access to VM.

Official Announcement: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-53010

AI and ML, Potential Risk of CVE

CVE-2025-0036: A potential vulnerability exists with the configuration of the SSS (Secure Stream Switch) – 5th Jun 2025

Leave a comment

Preface: AMD’s Versal Adaptive SoCs are designed for high-performance computing, offering a blend of programmable logic, processing system, and AI engines, along with advanced memory and interfaces. They excel in cloud, network, and edge applications by combining heterogeneous compute with a wide range of hard IP. This architecture enables outstanding performance/watt and adapts to changing requirements, making them suitable for various applications like AI, data centers, and network acceleration.

Background: In Versal™ Adaptive SoC devices, the Platform Loader and Manager (PLM) implements runtime (post-boot) software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECDSA – on behalf of the remote processor. These operations require the Secure Stream Switch (SSS) to be configured such that the Direct Memory Access (DMA) hardware can send data to and read from these cryptographic engines.

Ref: Some crypto engines (like AES, SHA3) are integrated into the PMC for secure boot and runtime services. Others may be instantiated in the PL for custom cryptographic acceleration.

Vulnerability details: A potential vulnerability exists with the configuration of the SSS because the PLM does not clear the SSS configuration after a cryptographic operation completes. This allows an improper SSS configuration when setting up the SSS for any following cryptographic command.

Official announcement: For more details, please refer to the following link – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html

Potential Risk of CVE, Under our observation

Cache-based Side-Channel Attack Against SEV (4th Jun 2025)

Leave a comment

Originally posted by AMD 3rd Feb 2025

2025-02-17 – Updated Acknowledgement

2025-06-03 Update:A subsequent report of the same attacks was received from researchers at Graz University of Technology.

Preface: FIPS 186-5 removes DSA as an approved digital signature algorithm “due to a lack of use by industry and based on academic analyses that observed that implementations of DSA may be vulnerable to attacks if domain parameters are not properly generated.

February 3, 2023 – NIST published Federal Information Processing Standard (FIPS) 186-5, Digital Signature Standard (DSS), along with NIST Special Publication (SP) 800-186, Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters.  

Background: The SEV feature relies on elliptic-curve cryptography for its secure key generation, which runs when a VM is launched. The VM initiates the elliptic-curve algorithm by providing points along its NIST (National Institute of Standards and Technology) curve and relaying the data based on the private key of the machine.

Vulnerability details: AMD has received a report from researchers at National Taiwan University detailing cache-based side-channel attacks against Secure Encrypted Virtualization (SEV).

Remedy: AMD recommends software developers employ existing best practices for prime and probe attacks (including constant-time algorithms) and avoid secret-dependent data accesses where appropriate.  AMD also recommends following previously published guidance regarding Spectre type attacks (refer to the link in the reference section below), as it believes the previous guidance remains applicable to mitigate these vulnerabilities.

Supplement: The lack of authentication in the memory encryption is one major drawback of the Secure Memory Encryption (SME) design, which has been demonstrated in fault injection attacks. SEV inherits this security issue. Therefore, a malicious hypervisor may alter the ciphertext of the encrypted memory without triggering faults in the guest VM.

Office announcement: Please refer to the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3010.html

Potential Risk of CVE

CVE-2025-27029 – Buffer Over-read in WLAN HAL (3rd Jun 2025)

Leave a comment

Preface: Google has been transitioning HALs from HIDL to AIDL since Android 11, and by Android 13 and 14, most major HALs—including Wi-Fi (WLAN), Audio, Bluetooth, and Telephony—have adopted AIDL as the standard interface definition language.

Background: In Android, defining and managing buffers in the WAN HAL (Wide Area Network Hardware Abstraction Layer) isn’t a standard or commonly documented component like the Camera HAL or Audio HAL. However, if you’re referring to buffer management in a HAL module (such as for networking or other hardware interfaces), the general approach follows Android’s HAL architecture principles.

The WLAN HAL (Hardware Abstraction Layer) allows the Android operating system to interact with Wi-Fi hardware by providing a standardized, hardware-independent interface. This interface, specified by HIDL (Hardware Interface Definition Language) in Android 8.0 and above, enables the Android framework to control Wi-Fi functionalities like scanning, connecting, and sending/receiving data, regardless of the specific Wi-Fi chipset used by the device.

Vulnerability details: Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

Official Announcement: Please see the link for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

IoT, Potential Risk of CVE

CVE-2025-21479: Incorrect Authorization in Graphics (2nd June 2025)

Leave a comment

Preface: Snapdragon chipsets, which are a type of System-on-a-Chip (SoC), often include memory components, such as RAM (Random Access Memory) and ROM (Read-Only Memory), within the chip itself. This integrated approach allows for faster and more efficient data processing within the device.

Background: In Qualcomm Snapdragon SoCs, the Adreno GPU is responsible for graphics and compute tasks. The GPU is managed through a combination of firmware, drivers (like KGSL on Android), and secure execution environments. Authorized memory operations are typically handled as follows:

1. Initialization Phase

  • The GPU driver (KGSL) initializes the GPU and sets up memory mappings.
  • The TrustZone or Secure Execution Environment (SEE) may be involved in verifying firmware and boot integrity.

2. Command Submission

  • Memory operations (e.g., buffer allocation, mapping, copying) are submitted via command buffers.
  • These buffers are managed by the GPU Command Processor (CP) and passed through the Ringbuffer.

3. Permission Check

  • Before execution, the GPU driver and firmware perform permission checks:
    • Is the memory region accessible to the current process?
    • Is the memory marked as GPU-accessible?
    • Are the command buffers properly signed or validated?
  • These checks may involve IOMMU (Input-Output Memory Management Unit) to ensure memory isolation and protection.

Ref: The IOMMU (Input-Output Memory Management Unit) is responsible for managing DMA (Direct Memory Access) from I/O devices and ensuring that these devices can only access the memory they are authorized to. A problem where the IOMMU is not checking permissions would mean that I/O devices could potentially access memory they shouldn’t, leading to security vulnerabilities and system instability.

Vulnerability details: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Official announcement: Please see the link for details

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Potential Risk of CVE

CVE-2025-1763: About GitLab EE (2nd Jun 2025)

Leave a comment

Preface: The computer industry favors GitLab because it provides a comprehensive, integrated software development platform that covers everything from planning and code management to continuous integration and deployment. This “full operation and maintenance” approach simplifies the software development life cycle and promotes collaboration between different teams. GitLab’s open source nature, free basic version, and strong community have further enhanced its popularity.

Background: GitLab Enterprise Edition (EE) is the self-hosted, open-core version of the GitLab platform. It builds upon the core features of GitLab Community Edition (CE) and offers additional features, support, and licensing options designed for enterprise users. EE is not a free-to-use version but offers a free tier for initial self-hosting and then provides paid subscription levels (Core, Starter, Premium, and Ultimate) for enhanced features and support.

Vulnerability details: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user’s browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

My Speculation: The issue stems from improper sanitization of user-controllable input, which is then rendered in a web page. This is a classic DOM-based XSS scenario, where the browser executes injected scripts due to insufficient input validation and output encoding.

Official announcement: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-1763

Science

The relationship between humans and water in the Old Testament (30-05-2025)

Leave a comment

Preface: Humans need water to survive. Water is a basic need for life and an important component of the human body.

On the other hand, Massive floods have occurred multiple times in Earth’s history, some of which are significant geological events that have shaped the landscape and influenced the course of life on Earth. Examples include the Missoula Floods and the “refilling of the Mediterranean Sea” refers to the event when the Mediterranean Sea was restored to its current level after a period of near-desiccation, known as the Messinian Salinity Crisis. This event, known as the Zanclean flood, occurred approximately 5.3 million years ago.

人類生存需要水。水是生命的基本需求,也是人體的重要組成部分。另一方面,地球歷史上曾多次發生大規模洪水,其中一些是重大的地質事件,塑造了地形並影響了地球生命的進程。例如米蘇拉洪水,以及「地中海再注水」事件,指的是地中海在經歷了一段近乎乾涸的時期後恢復到當前水位的事件,這被稱為墨西拿鹽度危機。這場事件被稱為贊克林洪水,發生在大約530萬年前。

Will an asteroid or comet hit Earth (小行星或彗星會撞擊地球嗎)?

A crater at the edge of the Yucatán peninsula in Mexico was created by a massive asteroid that hit Earth 66 million years ago. The Chicxulub impactor, as it is called, was somewhere between 10 and 15 kilometres in diameter. As a result, the asteroid that killed the dinosaurs.

6600萬年前,一顆巨大的小行星撞擊地球,在墨西哥尤卡坦半島邊緣形成了一個隕石坑。這顆名為(Chicxulub impactor)希克蘇魯伯的小行星直徑約10至15公里。最終,這顆小行星導致了恐龍滅絕。

Was it God or an advanced civilization that drove Chicxulub to crash into the Yucatan Peninsula and cause the extinction of the dinosaurs? Or a natural phenomenon?

是上帝,還是某個先進文明,驅使希克蘇魯伯隕石撞擊尤卡坦半島,導致恐龍滅絕?又或者,這只是一種自然現象?

Involving an asteroid or comet hitting the Earth was happened in past.

過去曾發生過小行星或彗星撞擊地球的事件。

Meteor Hits Russia Feb 15, 2013

No know the reason why the Meteor exploded on sky. The witness stated that after the flash came the bang.

Regarding to the headline news in 2013, The meteorite exploded with a force around 30 times that of the atom bomb dropped on Hiroshima, or 500 kilotonnes of TNT. The shockwave knocked people off their feet and shattered windows in thousands of apartments. The Earth rang to the blast, with vibrations picked up by seismic sensors 4,000km away.

YouTube Videos Unlock Russian Meteor’s Secrets – 2013 | The New York Timeshttps://www.youtube.com/watch?v=yQHDzTH6Wtc

My wish: There have been many news reports recently predicting an earthquake in Japan this year (2025). I wonder if advanced civilization or God will help mankind survive this disaster.

AI and ML, Potential Risk of CVE

Deserialization of Untrusted Data vulnerability in Apache InLong (29-05-2025)

Leave a comment

Preface: Apache InLong can be a valuable component in machine learning (ML) and artificial intelligence (AI) workflows, particularly in the data engineering and streaming data pipeline stages.

Background: Apache InLong is a one-stop massive data integration framework that provides automatic, secure, reliable and high-performance data transmission capabilities. It also supports batch and streaming, making it easier for businesses to build streaming-based data analysis.

InLong Sort requires Apache Flink and uses Flink SQL to define and run data processing jobs.

Data Ingestion and Integration – Apache InLong is designed as a one-stop, full-scenario integration framework for massive data. It supports:

•       Batch and stream data ingestion

•       Data synchronization and subscription

•       Real-time ETL (Extract, Transform, Load)

Real-Time Data Processing

Integration with ML Pipelines

Vulnerability details: Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. 

Remedy: Users are advised to upgrade to Apache InLong’s 2.2.0.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-27528