All posts by admin

AI and ML, IoT, Potential Risk of CVE

CVE-2025-33182 and CVE-2025-33177: About NVIDIA Jetson Linux and IGX OS (20-10-2025)

Leave a comment

Official Updated 10/13/2025 09:19 AM

Preface: Railway applications have traditionally relied on fixed-function embedded computers to perform tasks such as signaling, monitoring, and train control. To bridge this gap, rail operators and system integrators are turning to AI-driven edge computing to meet the growing demand for real-time processing and automation.

Background: The Nvidia Jetson is not just a CPU; it is a complete embedded computing board with both a CPU and a powerful GPU, memory, and other components on a single module. It is a System on Module (SoM) designed for AI and machine learning applications at the edge.

CPU: The Jetson modules contain an ARM-based CPU for general-purpose processing.

GPU: A key feature is the integrated GPU with CUDA cores, which is specialized for parallel processing and AI tasks.

The NVIDIA Jetson Linux Driver Package includes a UEFI-based bootloader. This bootloader is the standard firmware for newer Jetson platforms like Orin and AGX Xavier, replacing the older CBoot system. The UEFI firmware is included with the Linux kernel, drivers, and a root filesystem for the Jetson platform. 

Component of the driver package: The UEFI bootloader is a standard part of the Jetson Linux Driver Package, alongside the Linux kernel, drivers, and utilities.

Support for modern platforms: Support for the UEFI bootloader is included in recent releases of Jetson Linux, such as R35.6.0 and later, for platforms like Jetson AGX Orin, Orin NX, Orin Nano, and others.

Vulnerability details:

CVE-2025-33182: NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service.

CVE-2025-33177: NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.

Official announcement: Please refer to the url for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5716

Science

Comet 3I/ATLAS poses no threat to Earth and will remain far away, said NASA. What are your thoughts on this “visitor”? (19-10-2025)

Leave a comment

Preface: Avi Loeb speculates that 3I/ATLAS has a diameter of at least 5 kilometers and a mass of over 33 billion tons, although his models suggest the nucleus could be as large as 15 kilometers in diameter. He bases these estimates on the object’s lack of a non-gravitational acceleration, which indicates it’s a massive object, and on data from the Hubble Space Telescope.

On October 19, 2025, Avi Loeb is likely commenting on the near-perihelion approach of the interstellar object 3I/ATLAS and the recent analysis of its properties, particularly focusing on anomalies like its unusual chemical composition and trajectory that he argues suggest a potential artificial origin.

Background: According to NASA’s announcement, we have to say goodbye to this comet! However, Professor Loeb has also uncovered many unsolved mysteries. Because 3I/ATLAS is so far away from Earth, even the Hubble Space Telescope can only see a bright spot. Current parameters are derived from predictions and analysis of the solar spectrum. This is based on some unknowns (see below). Perhaps we can add our own imaginations as a record. Given the current timeline, we may only see this comet once in our lifetime!

a. The spectral analysis of the interstellar object 3I/ATLAS has shown the presence of atomic nickel vapor and cyanide gas in its tail, with preliminary findings also indicating an unusual abundance of nickel without iron. The high nickel-to-iron ratio is considered anomalous compared to naturally occurring comets and has led to speculation about the object’s origins.

Ref: Nickel is essential in space and nuclear power due to its high-temperature resistance, corrosion resistance, and mechanical strength. In space, nickel alloys are used in rocket engines, fuel tanks, and batteries, while in nuclear power, they are used for structural components, fuel rod cladding, and steam generators.

b. Comet 3I/ATLAS exhibits an unusual “anti-tail” that points toward the Sun.

c. While Loeb has theorized that 3I/ATLAS could be an alien probe, his team’s observations of the comet and its environment so far have not revealed any such fragment. Current images show faint features that are likely noise or other unrelated objects, and the team is continuing to monitor the object for any signs of disintegration.

Professor Loeb’s recent research on 3I/ATLAS: Please see the link for details  –

https://avi-loeb.medium.com/a-sunward-jet-from-3i-atlas-imaged-by-the-two-meter-twin-telescope-d37ba1808ed2

Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

CVE-2025-27053: Incorrect Calculation of Buffer Size in HLOS (17th Oct 2025)

Leave a comment

Official Published: 10/06/2025

Preface: Microsoft partners with the Android ecosystem by enabling its PlayReady DRM technology for content protection on Android devices, both in apps and web browsers. This integration allows developers to protect premium content like live TV and video-on-demand (VOD) using Android’s Java DrmManagerClient API, while web browsers use the Encrypted Media Extensions (EME) standard to access PlayReady via a Content Decryption Module (CDM). Leading Android device manufacturers often embed a PlayReady client into their devices, and Microsoft provides a Porting Kit to help them do so.

Background: The core of the Android OS operating system is the Android Open Source Project (AOSP), which is free open source software (FOSS) licensed primarily under the Apache License. However, most devices run a proprietary version of Android developed by Google, which comes pre-installed with additional proprietary, closed-source software, most popular Google Mobile Services (GMS), which includes core applications such as Google Chrome, the digital distribution platform Google Play, and the related Google Play Services development platform.

Qualcomm Android source code is divided into development source code and proprietary source code. Proprietary source code is further divided into proprietary non-HLOS software and proprietary HLOS software. HLOS is the High-level Operating System, and non-HLOS software refers to software below the HLOS layer.

Vulnerability details: Memory corruption during PlayReady APP use case while processing TA commands.

CVE-2025-27053 : If the BUFFER_SIZE is incorrectly calculated (e.g., too small for the actual data exchanged), the TA might read or write beyond the allocated memory, leading to memory corruption. The vulnerability CVE-2025-27053 is a memory corruption issue caused by incorrect buffer size calculation in HLOS when processing TA commands in the PlayReady APP usecase. Here’s why it affects Qualcomm Snapdragon chips.

Official announcement: Please refer to the url for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html

AI and ML, Potential Risk of CVE

CVE-2025-23356: about Isaac Lab component of NVIDIA Isaac Sim (16-10-2025)

Leave a comment

Preface: The goal of generating synthetic data for robot models is to create a diverse and realistic dataset for training and validating AI systems in a cost-effective and scalable way, helping to overcome the limitations of real-world data collection. This includes creating data for training models, improving their performance, testing for edge cases, and refining them after initial training without needing extensive, time-consuming, or dangerous physical data collection.  

Background: Isaac Sim facilitates three essential workflows: generating synthetic data for training or post-training robot models used for perception, mobility, and manipulation. It also enables validating robot stacks through software and hardware-in-loop testing and enabling robot learning through Isaac™ Lab.

NVIDIA Isaac Lab is an open-source, unified framework for robot learning that helps developers train robot policies using high-fidelity simulation. Built on NVIDIA Isaac Sim and the Omniverse platform, it leverages the power of GPUs for parallel physics simulation and photorealistic rendering to bridge the gap between simulation and real-world training. The framework simplifies common workflows for robot learning, such as reinforcement learning and imitation learning, by providing modular design patterns and a unified set of tools.

Configuring Stable-Baselines3 (SB3) within Isaac Sim, particularly with Isaac Lab, involves setting up the training environment and specifying hyperparameters for your chosen reinforcement learning algorithm.

Vulnerability details: NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Official announcement: Please see the link for details

https://nvidia.custhelp.com/app/answers/detail/a_id/5708

Potential Risk of CVE

About CVE-2025-0033 : AMD recommends updating to the SEV Firmware or Platform Initialization (PI) firmware (15-10-2025)

Leave a comment

Preface: Web hosting companies can use AMD EPYC 9004 Series processors for demanding and high-traffic websites, but they are more suitable for large-scale or specialized workloads due to their high cost and performance focus on areas like AI, HPC, and cloud-native computing.

Background: During Secure Nested Paging (SNP) initialization, the Reverse Map Table (RMP) is set up by software (firmware) to map system physical addresses to guest memory and enforce page ownership and write permissions. The RMP is a system-wide table, indexed by the System Physical Address (SPA), with each entry corresponding to a 4KB chunk of memory, indicating which owner has access to it and how it can be written to. This is crucial for preventing the hypervisor from maliciously accessing a guest’s private, encrypted memory.

Ref: For AMD SEV-SNP systems, the best hypervisor depends on your specific needs, but Proxmox is a strong contender for a feature-rich, open-source option, while VMware vSphere is an excellent choice for enterprise environments already invested in the VMware ecosystem. For users who prefer Linux, adding a confidential computing kernel to a distribution like Ubuntu enables robust SEV-SNP support through open-source tools like libvir

Vulnerability details: Researchers from ETHz reported that a malicious hypervisor could corrupt the Reverse Map Table (RMP) during Secure Nested Paging (SNP) initialization.

AMD reproduced the issue and determined it is due to a race condition that can occur while the AMD Secure Processor (ASP) is initializing the RMP. This attack could allow a malicious hypervisor to manipulate the initial RMP content, potentially resulting in loss of SEV-SNP guest memory integrity. AMD has released mitigations for this vulnerability.

Official announcement: Please see the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html

IoT, Potential Risk of CVE

CVE-2025-47347: Stack-based Buffer Overflow in Automotive Software platform based on QNX  (14-10-2025)

Leave a comment

Preface: QNX uses a 4KB page size by default for memory translation, where memory is organized into fixed-sized chunks called pages, which are the units the memory manager works with. However, newer versions of the QNX OS have introduced variable page sizes for improved performance, allowing for larger blocks of memory to be mapped with a single translation table entry instead of multiple 4KB entries, according to QNX. 

Background: Qualcomm embedded chips can run the QNX Hypervisor to securely virtualize multiple operating environments on a single System-on-Chip (SoC). This allows developers to consolidate different OSs, such as a functional safety OS for critical systems like driving and a less critical OS for infotainment, onto one processor. The QNX Hypervisor works by creating virtual machines (VMs) that execute directly on the physical CPU.

Vulnerability details: Memory corruption while processing control commands in the virtual memory management interface.

Ref: In QNX, if a thread is created without explicitly setting a stack size, it uses a default size (e.g., 256 KB on x86_64 and AArch64) with a guard page to detect overflows. But if the thread’s actual usage exceeds this size, and the guard page is bypassed or misconfigured (e.g., due to a bug in the memory management interface), it could lead to stack corruption.

Recommendations

  • Always explicitly set stack sizes for threads using pthread_attr_setstacksize() or pthread_attr_setstack() to ensure they are large enough for the thread’s workload.
  • Apply vendor patches addressing CVE-2025-47347 as soon as available.

Official announcement: Please see the link for details

https://nvd.nist.gov/vuln/detail/CVE-2025-47347

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html

Potential Risk of CVE

The other side of CVE-2025-23309 (13th Oct 2025)

Leave a comment

Preface: When running Windows containers on a Windows host, here’s what happens –

Containers share the host kernel — unlike Linux containers on Linux, Windows containers rely on the Windows kernel and some host services.

Isolation is limited — Windows containers are isolated at the process level, but they can access some host resources, especially if configured with elevated privileges.

Background: DLL Search Order

When an application dynamically loads a DLL using functions like LoadLibrary or LoadLibraryEx without providing a complete path, Windows follows a predefined search order to locate the required DLL. This order typically includes:

  • The directory from which the application loaded.
  • The system directory (%SystemRoot%\system32).
  • The 16-bit system directory.
  • The Windows directory (%SystemRoot%).
  • The current working directory (CWD).
  • The directories listed in the PATH environment variable.

Vulnerability details: NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.

Supplement:

If a Windows container is configured to use the GPU and the vulnerable NVIDIA driver is present on the host:

DLL Hijacking Risk: If the container or its processes can influence the DLL search path (e.g., by setting the current working directory or placing files in directories searched first), it might be able to exploit the vulnerability.

Container Escape Potential: If the malicious DLL is loaded by a privileged process (e.g., one running as SYSTEM or with elevated rights), it could lead to privilege escalation or container escape.

Remark: Limited by Container Isolation: If the container is running with strict isolation and without elevated privileges or GPU access, the risk is significantly lower, but not zero — especially if the container can manipulate the environment in which the vulnerable driver operates.

To reduce risk (remedy):

Update the NVIDIA driver — Ensure the host is running a patched version that addresses CVE-2025-23309.

Restrict container privileges — Avoid running containers with elevated privileges or access to host directories.

Use absolute paths in DLL loading — If developing software inside containers, always use secure DLL loading practices.

Monitor container file systems — Prevent unauthorized DLLs from being placed in sensitive directories.

Official announcement: Please see the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5703

Network (Protocol, Topology & Standard), Potential Risk of CVE

CVE-2025-61910: about BPv7 protocol (9 Oct 2025)

Leave a comment

Preface: What is D3TN? In 2015, our company was founded under the name “FUSE” to offer dedicated software products for distributed systems. Due to our native interest in networking for challenged environments with an emphasis on space and underwater networks, we started focusing intensively on this field. In July 2018, we renamed the company D3TN, referring to our competences in so-called Delay- and Disruption-tolerant Networking (DTN) technologies. These technologies may be employed to render possible communication in the most challenging environments. We are experts in developing software and hardware solutions for this domain.

Background: The main purpose of NASA’s involvement in Bundle Protocol version 7 (BPv7) is to create a more robust, standard, and interoperable networking protocol for space exploration, enabling the Solar System Internet, lunar networks like LunaNet, and improving data return and communication reliability for all types of space missions. BPv7 builds upon BPv6 by adding essential features for network-layer functionality and standardized interfaces, addressing gaps in the previous standard and paving the way for future, complex space communication architectures.

BPv7 is used in Delay-Tolerant Networking (DTN), as it is the latest version of the Bundle Protocol (BP) and is being implemented in operational systems like the Interplanetary Overlay Network (ION). BPv7 is a more robust and standardized version of the Bundle Protocol (BP) that improves upon its predecessor, BPv6, and enables advanced functionalities like Bundle-in-Bundle Encapsulation (BIBE) to handle both versions concurrently.

Vulnerability details: CVE-2025-61910 state the following: The vulnerability seems to be due to processing the fifth element of the array (i.e., the byte string) as replacing it with a number makes the vulnerability no longer be triggered. While parsing this extension block, ION obtains a very large block length, which in the code in `bei.c`:764) seems to be passed from `blockLength` which is an unsigned int, to a 32 bit signed integer `blkSize`.

The unsigned to signed conversion causes `blkSize` to hold the value of -369092043, which is then converted into a 64-bit unsigned value inside `MTAKE(blkSize)`, resulting in an attempt to allocate an unrealistic amount of memory, causing the error.

Summary:

The CVE description is outdated in practice but accurate in terms of formal release status.

The fix exists in GitHub, but no patched release version has been tagged or published yet.

Users should manually apply the fix or monitor the repository for an official release.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-61910

https://www.tenable.com/cve/CVE-2025-61910

Potential Risk of CVE

CVE-2025-61778 – About Akka.Remote from v1.2.0 to v1.5.51 (9th Oct 2025)

Leave a comment

Preface: Businesses that deploy Akka with .NET span industries like investment banking, retail, healthcare, and social media, and are often found in sectors requiring high-throughput, low-latency systems such as finance, e-commerce, and online gaming. Companies have used Akka.NET to build microservices, power AI solutions, and create resilient, scalable distributed systems that benefit from its actor-based model for fault tolerance and real-time responsiveness.

Background: Akka.NET is a .NET port of the original Akka project, which originated in the Scala/Java community. It provides an idiomatic .NET implementation of the Actor Model, enabling developers to build highly concurrent, distributed, and fault-tolerant systems using C# and F#.

In C# and F#, “System” typically refers to the System namespace, which is a fundamental part of the .NET Framework and .NET Core. This namespace provides access to core functionality that is essential for almost any .NET application, regardless of whether it’s written in C# or F#.

What Happens Due to the Flaw?

1-Malicious Client connects to the cluster over TLS.

2-Because client certificate validation is not enforced, the cluster accepts the connection.

3-The malicious client can:

Send spoofed messages to actors (e.g., fake orders).

Intercept or manipulate actor responses.

Disrupt trading logic or inject latency.

    Official announcement: Please see the link for details –

    https://www.tenable.com/cve/CVE-2025-61778

    https://getakka.net/articles/remoting/security.html

    Potential Risk of CVE

    CVE-2023-53616 – Published: 04-10-2025. Don’t despise design weaknesses from two years ago! (8th Oct 2025)

    Leave a comment

    Preface: Computing technology is advancing rapidly, and software development cycles are shrinking. Furthermore, these shorter-than-expected software development cycles are impacting vulnerability management cycles. Vulnerabilities discovered over a year ago might not be taken seriously. However, nothing in the digital world is completely secure. Therefore, it’s recommended not to ignore outdated CVE records. This topic focuses on a vulnerability discovered in December 2022. The submitter announced this vulnerability in September 2023. CVE-2023-53616 was finally published on October 4, 2025.

    This article also contains other perspectives. Please enjoy!

    Background: Journaled File System (JFS) is a 64-bit journaling file system created by IBM. There are versions for AIX, OS/2, eComStation, ArcaOS and Linux operating systems.

    If diUnmount() writes out the inode map and the filesystem is unmounted, shouldn’t that memory be safe from reuse by attackers? Especially since it’s in kernel space and requires root privileges?

    Here’s the key point:

    Yes, kernel memory is protected and not directly accessible from user space. However, vulnerabilities like this are dangerous even in kernel space, because:

    -Kernel code can be triggered indirectly by user actions (e.g., mounting/unmounting filesystems, accessing files).

    -If a stale inode structure remains in memory and is reused without proper reinitialization, it can lead to privilege escalation or data corruption.

    -Attackers with some level of access (e.g., via a compromised process or container) might exploit such bugs to gain full root access.

    Can ioctl Misuse Lead to Exploitation of This Vulnerability?

    Yes, absolutely. Misuse of ioctl (Input/Output Control) calls in kernel modules or drivers can be a vector for exploitation, especially when combined with vulnerabilities like the one in JFS_IP. Please see attached diagram for details.

    Official announcement: Please see the link for details –  

    https://www.tenable.com/cve/CVE-2023-53616