Preface: PostgreSQL allocates memory from the work_mem pool when a query requires sorting or hashing. If there is not enough memory available in the work_mem pool, PostgreSQL will spill to disk. temp_buffers controls the amount of memory allocated for temporary tables.

Does Postgres write to disk? To guard against unforeseen failures, PostgreSQL periodically writes full page images to permanent storage before modifying the actual page on disk. By doing this, during crash recovery PostgreSQL can restore partially-written pages.

Background: Declaring an array in PostgreSQL is straightforward. An array data type is defined by appending square brackets [] to any valid data type. This could be an array of integers, text, boolean values, or even more complex data types like composite types or other arrays.
Many databases support array fields of a scalar type. SQL allows ARRAY column types. In PostgreSQL INTEGER[5] represents an array of 5 integers.

Vulnerability details: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server’s memory.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-5869

Preface: But what is the significance of SPS keywords? Qualcomm didn’t mention it. Let’s trace if we can find what are the weak points of the design?

Background: The Qualcomm Secure Processing Unit is an isolated hardware security core implemented in the Snapdragon 8cx Gen 3 Mobile Compute Platform SoC. As such, this security core incorporates standalone ROM, RAM, CPU, cryptographic acceleration units, countermeasure sensors, one-time programmable memory, etc. Key generation, signing and verification utilizing RSA and ECC cryptosystems across a range of modes.

Ref: SPS can be a term related to encryption capabilities. It can be applied to UDSF. For example: Samsung SDS UDSF is a 3GPP standard based network function for 5G core network mainly to store call processing and session related unstructured information of network functions such as AMF, SMF, etc.

SPS encryption functions: Methods in this class can help admin to encrypt files been output from sps. For now it is only used to encypt and decrypt snapshots. This class requires the SPS database. This class inherits all functions from the spsDb class, so there is no need to initiate the spsDb container. This class is required to run a SPS app. This class needs to be initialized global level.

Vulnerability details: Memory Corruption in SPS Application while exporting public key in sorter TA.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2023-28546

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html

Preface: Unix domain sockets and network sockets have different security characteristics. In general, Unix domain sockets are considered to be more secure than network sockets, as they are not exposed to the network and are only accessible to processes on the same machine.

Background: A Unix domain socket aka UDS or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. It is also referred to by its address family AF_UNIX .

DOCA Socket Relay allows Unix Domain Socket (AF_UNIX family) server applications to be offloaded to the DPU while communication between the two sides is proxied by DOCA Comm Channel.

Vulnerability details: A use-after-free vulnerability in the Linux kernel’s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer’s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-4622

Preface: Null pointer dereference vulnerability can be exploited by hackers to maliciously crash a process to cause a denial of service. Can null pointer cause memory leak? This memory leak is caused by overwriting a pointer to allocated memory with either another valid pointer, or with a NULL pointer.

Background:

PLL – Phase Locked Loop is an electronic circuit which syntonizes clock signal of a device with an external clock signal. Effectively enabling device to run on the same clock signal beat as provided on a PLL input.

DPLL – Digital Phase Locked Loop is an integrated circuit which in addition to plain PLL behavior incorporates a digital phase detector and may have digital divider in the loop. As a result, the frequency on DPLL’s input and output may be configurable.

The main purpose of dpll subsystem is to provide general interface to configure devices that use any kind of Digital PLL and could use different sources of input signal to synchronize to, as well as different types of outputs. The main interface is NETLINK_GENERIC based protocol with an event monitoring multicast group defined.

Vulnerability details: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink[.]c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

Additional: Fix potential msg memleak encounter in drivers/dpll/dpll_netlink[.]c when genlmsg_put_reply failed

Remedy: Progam design should clean the skb resource if genlmsg_put_reply failed.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-6679

Preface: Many enterprises have implemented Kubernetes and containers, and most also run virtual machines. This environment therefore increases operational complexity as well as time and infrastructure costs.

Background: OpenStack, libvirt, Kubernetes, Vagrant, and boot2docker are the most popular alternatives and competitors to KubeVirt. What is the difference between Kubernetes and KubeVirt? Scheduling, networking and storage are all delegated to Kubernetes, while KubeVirt provides the virtualization functionality. KubeVirt allows you to run full virtual machines on Kubernetes alongside regular containers.

WIth KubeVirt, you can declaratively:

-Create a VM

-Schedule a VM on a Kubernetes cluster

-Launch a VM

-Stop a VM

-Delete a VM

Vulnerability details: On Mar 2023 CVE vulnerability details published that versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes.

This time the manufacturer did not mention any technical issues related to this vulnerability. But I firmly believe that this is a remedial action for the vulnerability discovered in March 2023.

Official details: Please refer to the link for details – https://www.suse.com/support/update/announcement/2023/suse-su-20234693-1/