All posts by admin

Potential Risk of CVE, Science, Under our observation

To be new or it was former: Rowhammer Attacks on AMD Zen-Based Platforms. So called ZenHammer (25-03-2024)

Leave a comment

Preface: It is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations, said researchers at ETH Zurich.

Background: When high-energy charged particles pass through the crystal lattice of a silicon wafer, their charges can interfere with the electrons within the lattice itself and provide energy. If the lattice is moved closer together within the wafer, this disturbed electron trajectory can create a temporary highly conductive path that did not exist before. The effect of this trace is similar to running a very thin wire across the wafer in random directions. If the particle’s path crosses a feature within the die, such as a floating MOSFET gate or an NMOS DRAM cell, the result may be a flipped bit.

Vulnerability details: On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD “Zen” platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation: Please see the following official announcement for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7021.html

Potential Risk of CVE

CVE-2024-29059  – [.]NET Framework Information Disclosure Vulnerability (24th Mar 2024)

Leave a comment

Preface: Microsoft did not tell the details of the vulnerability! What happened to the .NET Framework? Can we guess what happened?

[.]NET is a platform framework. Currently, there are two types: the [.]NET Framework exclusive to the Windows platform and the cross-platform .NET Core.

Background: The [.]NET Framework works with applications developed in C#, F#, or Visual Basic and compiled to Common Intermediate Language (CIL). The Common Language Runtime (CLR) runs [.]NET applications on a given machine, converting the CIL to machine code.

The Common Language Runtime (CLR), the virtual machine component of Microsoft .NET Framework, manages the execution of .NET programs

Vulnerability details: [.]NET Framework Information Disclosure Vulnerability

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-29059

If you are interested in my speculation, please see the attached picture.

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

What are the security updates for 17.4.1? Apple, as always, won’t tell you the details of the vulnerability! (22-03-2024)

Leave a comment

Preface: iPhone XS is powered by the A12 Bionic processor. iPhone 13 and iPhone 13 Mini use the Apple-designed A15 Bionic chip system. Additionally, the iPhone 15 is powered by a six-core Apple A16 Bionic processor. All above Bionic processors have common point. They are 64-bit ARM-based system on a chip (SoC) designed by Apple Inc.

Speculation: If you remember, a vulnerability related to AMD on 15th Mar, 2024.(CVE-2024-21930) Specter v1 variant inheriting the Specter v1 vulnerability. So called GhostRace. But this design weakness not only to AMD. For example, ARM Limited do not announce they do not impact with this vulnerability. So, do you think, Apple Inc. might worries about this vulnerability thus in priority to update Firmware and Linux base OS to mitigate this risk?

Official announcement: Please refer to the link for details  – https://support.apple.com/en-us/HT201222

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditionshttps://www.kb.cert.org/vuls/id/488902

Potential Risk of CVE

CVE-2024-22019: About Node.js HTTP module(21st Mar 2024)

Leave a comment

Preface: Express framework is built on top of the Node.js HTTP module and provides us, with a clean way to write the backend.

Background: The HTTP module extends two built-in classes:

Net module: Provides network API for creating stream-based TCP servers or clients.

Events module: Provides an event-driven architecture using EventEmitter class.

Ref: Chunked transfer encoding is a streaming data transfer mechanism available in Hypertext Transfer Protocol (HTTP) version 1.1, defined in RFC 9112#section-7.1. In chunked transfer encoding, the data stream is divided into a series of non-overlapping “chunks”. The chunks are sent out and received independently of one another.

Each chunk is preceded by its size in bytes. The transmission ends when a zero-length chunk is received. The chunked keyword in the Transfer-Encoding header is used to indicate chunked transfer.

Vulnerability details: A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Official announcement: Please see the link below for details:

https://nvd.nist.gov/vuln/detail/CVE-2024-22019

Potential Risk of CVE

CVE-2024-2612: Self referencing object could have potentially led to a use-after-free (20-03-2024)

Leave a comment

Preface: If you want the best internet browser that puts security first, not data collection, then Firefox is your best bet.

Background: Smart pointers are C++ objects that not only store a pointer to a dynamically allocated resource but also manage the lifetime cycle of that resource, ensuring it is properly deallocated when no longer needed or when it is out of scope. It helps prevent memory leaks.

The Firefox browser is a collection of C++ libraries designed to be assembled into any number of applications that you can run on machines with any of the major desktop operating systems (Windows, OS X, Linux, etc.).

Vulnerability details: If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Official announcement: Please see the link below for details.

https://nvd.nist.gov/vuln/detail/CVE-2024-2612

AI and ML, Application Development, Potential Risk of CVE

CVE-2024-21661: Argo CD suffers denial of service (DoS) vulnerability (18-03-2024)

Leave a comment

Preface: What does multi threaded environment mean? Multithreading is the ability of a program or an operating system to enable more than one user at a time without requiring multiple copies of the program running on the computer.

Background: Argo CD is implemented as a Kubernetes controller which continuously monitors running applications and compares the current, live state against the desired target state (as specified in the Git repo). Hooks are simply Kubernetes manifests tracked in the source repository of your Argo CD Application. Synchronization can be configured using resource hooks. Hooks are ways to run scripts before, during, and after a Sync operation. Hooks can also be run if a Sync operation fails at any point. For example:

Using a Sync hook to orchestrate a complex deployment requiring more sophistication than the Kubernetes rolling update strategy.

Vulnerability details: An attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment.

Official announcement: Please see the link below for details – https://nvd.nist.gov/vuln/detail/CVE-2024-21661

Application Development, Potential Risk of CVE

CVE-2024-28862: The Ruby One Time Password library (ROTP) Affected versions had overly permissive default permissions (18-03-2024)

Leave a comment

Preface: In this rushed, demanding digital world, people don’t think about what the back-end platform or its design is. Therefore, vulnerability management actually relies on vendors and software developers.

Background: Ruby on Rails is forming a niche as it is used by millions of websites, which includes well-known companies like Github, Shopify, Airbnb, Fiverr and more.

ROTP is a gem used to generate and verify TOTP (Time-Based One Time Password), rqrcode gem generates QR code SVG based on the generated TOTP.

Vulnerability details: The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions (CWE-276 – Incorrect Default Permissions).

When file has 666 permissions, which grants read and write permission to everyone. This CVE hits this matter.

Workaround: Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Official announcement: Please refer to the link below for details –https://nvd.nist.gov/vuln/detail/CVE-2024-28862

AI and ML, Potential Risk of CVE

CVE-2024-2193: Specter v1 variant inheriting the Specter v1 vulnerability. So called GhostRace. AMD believes the previous guidance remains applicable to mitigate this vulnerability (15-03-2024)

Leave a comment

AMD made this announcement on March 12, 2024.

Preface: Spectre variant 1 attacks take advantage of speculative execution of conditional branches, while Spectre variant 2 attacks use speculative execution of indirect branches to leak privileged memory.

Background: Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. Speculative execution includes instruction or data pre-fetch, branch prediction, or any operation performed speculatively based on the prediction of program/system behavior.

Vulnerability details: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace”, for ease of communication.

Official announcement: Please refer to the following link for details –

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditionshttps://www.kb.cert.org/vuls/id/488902

AMD official article https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

AI and ML, Potential Risk of CVE

About CVE-2023-39368: The machine learning process requires CPUs and GPUs. Does bus lock regulator mechanism impact this area? Glad to tell, the problem fixed. (14-03-2024)

Leave a comment

CVE-2023-39368 was published on 13th March 2024. In fact, Intel solve this problem since the end of 2020. Maybe hesitant about this design weakness. So it wasn’t announced until this month.

Preface: What is Intel E core? While P cores are focused on delivering peak performance for intensive workloads, E cores ensure that the system runs efficiently during regular use.

Background: What is the lock prefix in Intel? The LOCK prefix is typically used with the BTS instruction to perform a read-modify-write operation on a memory location in shared memory environment. The integrity of the LOCK prefix is not affected by the alignment of the memory field. Memory locking is observed for arbitrarily misaligned fields.

Vulnerability details: CVE-2023-39368 – A potential security vulnerability in the bus lock regulator mechanism for some Intel Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.

Official announcement: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html

Potential Risk of CVE

Could CVE-2022-2637 and CVE-2023-38575 be the same? (13th March 2024)

Leave a comment

Preface: In August 2022, CVE-2022-26373 told that Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. It looks that same vulnerability with new CVE reference number. What’s going on?  CVE-2023-38575 was published on 13th March 2024.

Background: Fundamentally, branch prediction unit can reduce pipeline stalls and keep the CPU executing instructions. However, if the prediction has fault, the CPU may have to flush the pipeline, as a result it has performance penalty.

Operating systems have a process or task scheduler, which schedules the execution of various available tasks by allocating the CPU time. Furthermore, each process stores information about its state, which we call its context.

Vulnerability details: CVE-2023-38575 – Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access.

Remark: Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues.

Official announcement: Please refer to the link for details – https://www.suse.com/security/cve/CVE-2023-46839.html