Preface: What is the difference between Hugging Face and transformers?

Transformers is a library that contains various state-of-the-art machine learning models, as well as a Trainer API which can be used to train models. Huggingface_hub is a library to programmatically integrate with the hub.

Backgound: Masks are often used in segmentation tasks, where they provide a precise way to isolate the object of interest for further processing or analysis.

MaskFormer is based on the DETR architecture, which uses a transformer decoder to predict masks for each object in an image. MaskFormer has been shown to be effective for both semantic segmentation and panoptic segmentation. However, it has not been as successful for instance segmentation.

Vulnerability details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files.

Official announcement: Please see the link below for details – https://nvd.nist.gov/vuln/detail/CVE-2024-11393

Preface: NVIDIA Delegated License Service (DLS) is a component of NVIDIA License System that serves licenses to licensed clients. A DLS instance is hosted on-premises at a location that is accessible from your private network, such as inside your data center.

Background: For deployment in a virtual machine, the Delegated License Server (DLS) component of the NVIDIA License System is supplied as a virtual appliance. The virtual appliance must be installed on a supported hypervisor software release.

The following hypervisor software releases are supported:

Citrix Hypervisor 8.2

Linux Kernel-based Virtual Machine (KVM) hypervisors with one of the following QEMU releases:

QEMU 4.2.0

QEMU 2.12.0 (qemu-kvm-2.12.0-64.el8.2.27782638)

Microsoft Windows Server with Hyper-V 2019 Datacenter edition

Red Hat Enterprise Linux Kernel-based Virtual Machine (KVM) 9.2, 9.1, 9.0, and 8.8

Red Hat Virtualization 4.3

Ubuntu Hypervisor 22.04

VMware vSphere Hypervisor (ESXi) ) 8.0.3, 8.0.2, 8.0.1, 8.0, 7.0.3, 7.0.2, and 7.0.1

Supported Container Orchestration Platforms

For deployment on a supported container orchestration platform, the Delegated License Server (DLS) component of the NVIDIA License System is supplied as a containerized software image.

The following container orchestration platform releases are supported:

Docker 27.1.1 with Docker Compose 2.29.1

Kubernetes 1.23.8

Red Hat OpenShift Container Platform 4.10.67 with Kubernetes 1.23.17

Podman 4.4.2 with Podman Compose 1.0.7

VMware Tanzu Application Platform 1.1 with Kubernetes 1.23.6

Vulnerability details: CVE-2024-0122 – NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.

Official announcement: Please refer to the link for details

https://nvidia.custhelp.com/app/answers/detail/a_id/5570

(Updated 11/18/2024 04:12 PM)

Preface: Nvidia acquires Bright Computing, maker of Bright Cluster Manager software that controls the configuration of clustered HPC systems, including Nvidia’s own DGX servers and HGX systems manufactured by OEMs and ODMs, as well as clusters from other manufacturers.

Background: NVIDIA Base Command Manager provides cluster management software for streamlining cluster provisioning, workload management, and infrastructure monitoring. It provides all the tools for deploying and managing an AI data center.

Note: Base Command Manager 10 is licensed on a per-GPU base. This differs from the node-base licensing model of Bright Cluster Manager. Customers with active support subscriptions using Bright Cluster Manager 9.2 and earlier can upgrade to Base Command Manager 10 by exchanging their current licenses for GPU-based Base Command Manager 10 licenses at no cost.

Vulnerability details: CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.      

Official announcement: For more details please see link – https://nvidia.custhelp.com/app/answers/detail/a_id/5595

Preface: If you talk to God, what is the difference between human and artificial intelligence? Maybe God will say that humans and A.I are incomparable. And both cannot live together in the same place.

Background: Intel Neural Compressor performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs.

Intel Neural Compressor aims to provide popular model compression techniques such as quantization, pruning (sparsity), distillation, and neural architecture search on mainstream frameworks such as TensorFlow, PyTorch, ONNX Runtime, and MXNet, as well as Intel extensions such as Intel Extension for TensorFlow and Intel Extension for PyTorch.

Vulnerability details:

CVEID: CVE-2024-28028

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Affected Products: Intel® Neural Compressor software before version 3.0.

Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-28028

Preface: A pointer is a variable that stores the memory address of another variable. Unlike typical variables that hold data like numbers or characters, pointers hold the location of where data is stored in your computer’s memory. By knowing the address, pointers can access & manipulate the data at that memory location.

Background:

1.Install NPU Drivers

2.Download the NPU driver installation package NPU Driver

3.Install the NPU drivers by following these steps:

4.Extract the downloaded “NPU_RAI1.2.zip” zip file.

5.Open a terminal in administrator mode and execute the[[.]\npu_sw_installer[.]exe] exe file.

6.Ensure that NPU MCDM driver (Version:32.0.201.204, Date:7/26/2024) is correctly installed by opening Device Manager -> Neural processors -> NPU Compute Accelerator Device.

Vulnerability details:

CVE-2024-21974 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

CVE-2024-21975 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

CVE-2024-21976 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

Official announcement: Please refer to the official announcement for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html