Category Archives: AI and ML

CVE-2024-2193: Specter v1 variant inheriting the Specter v1 vulnerability. So called GhostRace. AMD believes the previous guidance remains applicable to mitigate this vulnerability (15-03-2024)

AMD made this announcement on March 12, 2024.

Preface: Spectre variant 1 attacks take advantage of speculative execution of conditional branches, while Spectre variant 2 attacks use speculative execution of indirect branches to leak privileged memory.

Background: Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. Speculative execution includes instruction or data pre-fetch, branch prediction, or any operation performed speculatively based on the prediction of program/system behavior.

Vulnerability details: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace”, for ease of communication.

Official announcement: Please refer to the following link for details –

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditionshttps://www.kb.cert.org/vuls/id/488902

AMD official article https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

About CVE-2023-39368: The machine learning process requires CPUs and GPUs. Does bus lock regulator mechanism impact this area? Glad to tell, the problem fixed. (14-03-2024)

CVE-2023-39368 was published on 13th March 2024. In fact, Intel solve this problem since the end of 2020. Maybe hesitant about this design weakness. So it wasn’t announced until this month.

Preface: What is Intel E core? While P cores are focused on delivering peak performance for intensive workloads, E cores ensure that the system runs efficiently during regular use.

Background: What is the lock prefix in Intel? The LOCK prefix is typically used with the BTS instruction to perform a read-modify-write operation on a memory location in shared memory environment. The integrity of the LOCK prefix is not affected by the alignment of the memory field. Memory locking is observed for arbitrarily misaligned fields.

Vulnerability details: CVE-2023-39368 – A potential security vulnerability in the bus lock regulator mechanism for some Intel Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.

Official announcement: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html

CVE-2024-27307: Not only machine learning, other system should staying alert because zOS Connect Designer uses JSONata, an open source expression language that is used for querying and transforming JSON data. (7thMar 2024)

Preface: What is declarative machine learning? Declarative machine learning enables users to specify what they want, and let the software figure out how to do it. Declarative ML is similar to AutoML tools that also make default selections and automate part or all of the ML lifecycle.

Background: JSONata is a JSON query and transformation language that is inspired by the location path semantics of XPath 3.1. XPath 3.1 is an expression language that allows the processing of values conforming to the data model defined in [XQuery and XPath Data Model (XDM) 3.1].

The JSONata reference is implemented in JavaScript and ships via NPM. There are also implementations available in Rust, Go, Java, Python, and .NET, some of which use JavaScript interpreters to ensure compatibility.

Vulnerability details: JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions.

Remedy: This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.

Official announcement: Please refer to the link for details https://nvd.nist.gov/vuln/detail/CVE-2024-27307

About NVIDIA Security Bulletin – CVE-2023-31031 (12th Feb 2024)

This NIVIDIA security bulletin was originally published on 8th Feb 2024.

CVE-2023-31031 was released by NIST on January 12, 2024. But what were the design flaws found in SBIOS? Officials stated that the flaw will lead to a stack-based buffer overflow in local access.

Preface: NVIDIA did not describe the details of this vulnerability. Do you think whether the description on attached diagram (step 4) may be related to this design flaw?

Background: Because the SBIOS update is accomplished in two phases (main SBIOS update first, followed by the Intel ME update), you will need to power cycle the server a couple of times to update all the components.

Updating the SBIOS Certificate

1.Obtain the CA certificate from the signing authority that was used to sign the SSL certificate.

2.Copy the CA certificate onto a USB thumb drive or to /boot/efi on the A100 OS.

3.Access the DGX A100 console from a locally connected keyboard and mouse or through the BMC remote console.

4.Reboot the server

Ref: Memory on the heap is dynamically allocated at runtime and typically contains program data.

Vulnerability details: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Official details: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5513

CVE-2023-33072: Buffer copy without checking size of Input in Core (6th Feb 2024)

Preface: The title states that Buffer does not check the size of the input in Core when copying. But I believe it is more important to avoid unauthorized copying.

Background: An OpenCL Buffer is a 1D or 2D or 3D array in global memory. Its an abstract object that can be addressed thru a pointer. Buffers are Read-Only or Write_only or Read-Write. An Image buffer represents GPU Texture memory. It represents an array of pixels that can be access via functions specifying pixel x,y,z coordinates. There is no pointer access to Image Pixels on the GPU.

OpenCL supports buffer and image objects (and pipe objects from OpenCL 2.0). The one-dimensional buffer objects are a natural choice for many developers due to their simplicity and flexibility, such as the support of pointers, byte-addressable access, etc. For instance, using images allows hardware to handle out-of-boundaries read automatically.

Ref: An OpenCL Buffer is a 1D or 2D or 3D array in global memory. Its an abstract object that can be addressed thru a pointer. Buffers are Read-Only or Write_only or Read-Write. An Image buffer represents GPU Texture memory. It represents an array of pixels that can be access via functions specifying pixel x,y,z coordinates. There is no pointer access to Image Pixels on the GPU.

Vulnerability details: The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Date Reported        2022/12/20

Customer Notified Date   2023/08/07

Official details: Please refer to the link for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2024-bulletin.html

About CVE-2018-1311: Security update for xerces-c provided by SUSE on Feb 2024. Why do design weakness can tolerance by HPC Operating system for long year? (02-02-2024)

Preface: Different HPC compilers allow the coder to make use of these tools for better performance and capability. For example, using HPC compilers allow for easier coding to run a parallel job. Compilation is the process of converting C language source code into executable program code. Running is the process of executing executable code. Compilation only needs to be completed once to produce executable code. The resulting executable code can be run multiple times.

Background: XML parser for C++ determines whether an XML document is well-formed and optionally validates it against a DTD. A DTD is a Document Type Definition. A DTD defines the structure and the legal elements and attributes of an XML document. The parser constructs an object tree that can be accessed through a DOM interface or operates serially through a SAX interface.  SAX defines an abstract programmatic interface that models the XML information set (infoset) through a linear sequence of familiar method calls.

Validating an XML document determines whether the structure and content of the document conform to a set of rules.  Xerces-C++ is a validating XML parser written in a portable subset of C++.

Remark: SAX-type parsing performance of Fast Infoset is also much faster than parsing performance of XML 1.0.

Vulnerability details: A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition (DTD) may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or potentially lead to arbitrary code execution.

Ref: To understand the twists and turns of this story, please refer to the pictures attached to this article.

Official details: Please refer to the link for details – https://www.suse.com/support/update/announcement/2024/suse-su-20240299-1/

VE-2023-6780: Do not contempt his power! (1st Feb 2024)

Preface: The GNU C Library – The project provides the core libraries for the GNU system and GNU/Linux systems. GLib is a platform library which is used by many hundreds of projects outside of GNOME.

Background: R is a language and environment for statistical programming which includes statistical computing and graphics. Python is a general-purpose programming language for data analysis and scientific computing. It is essential to know programming languages like R and Python in order to implement the whole Machine Learning process. Python and R both provide in-built libraries that make it very easy to implement Machine Learning algorithms.

What is glibc in Python? glibc provides a complete implementation of the ISO C standard library, which includes functions for file I/O, string manipulation, memory allocation, and more. This makes it easy for us to write portable and efficient code that can run on different systems.

Vulnerability details: An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Official details: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-6780

CVE-2024-23212: Apple Neural Engine design has weakness in memory handling. (25th January 2024)

This announcement was originally published on January 22nd 2024

Preface: Neural networks, also known as artificial neural networks (ANNs) or simulated neural networks (SNNs), are a subset of machine learning and are at the heart of deep learning algorithms.

Recent advances in artificial intelligence systems, such as voice or facial recognition programs, have benefited from neural networks, densely interconnected meshes of simple information processors that learn to perform tasks by analyzing large amounts of training data.

Background: The Apple Neural Engine (or ANE) is a type of NPU, which stands for Neural Processing Unit. It’s like a GPU, but instead of accelerating graphics an NPU accelerates neural network operations such as convolutions and matrix multiplies.

Beyond image generation from text prompts, developers are also discovering other creative uses for Stable Diffusion, such as image editing, in-painting, out-painting, super-resolution, style transfer and even color palette generation.  Getting to a compelling result with Stable Diffusion can require a lot of time and iteration, so a core challenge with on-device deployment of the model is making sure it can generate results fast enough on device. As a result, we require the Apple Neural Engine.

Vulnerability details: Apple security advisory shown that the vulnerability belongs to Apple Neural Engine.

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

Official announcement: Please refer to the link for details – https://support.apple.com/en-us/HT214059

LiDAR assists archaeologist discovered ruins found in upper Amazon rainforest (15th Jan 2024)

Preface: In ancient time of South America Tribal leaders would cover their bodies with gold powder and wash themselves in a holy lake in the mountains. For example, the famous place for ancient civilization execute this ceremony is Lake Titicaca. Priests and nobles would throw precious gold and emeralds into the lake dedicated to God.

El Dorado, so called the Golden Kingdom is an ancient legend that first began with a South American ritual. Spanish Conquistadors, upon hearing these tales from the natives, believed there was a place abundant in gold and precious stones and began referring to it as El Dorado. Many explorers believe that Ciudad Blanca is the legendary El Dorado. Legend has it that somewhere beneath the forest canopy lies the ancient city of Ciudad Blanca and now archaeologists think they may have found it.

A group of scientists from fields including archaeology, anthropology and geology  using new technology known as airborne light detection and ranging (LiDAR). They found what appears to be a network of plazas and pyramids, hidden for hundreds of years in the underneath of the forest.

Background: What is LiDAR? LiDAR (light detection and ranging) is a remote sensing method that uses a laser to measure distances. Pulses of light are emitted from a laser scanner, and when the pulse hits a target, a portion of its photons are reflected back to the scanner. Because the location of the scanner, the directionality of the pulse, and the time between pulse emission and return are known, the 3D location (XYZ coordinates) from which the pulse reflected is calculable.

Which software is used for LiDAR data processing?

While LiDAR is a technology for making point clouds, not all point clouds are created using LiDAR. For example, point clouds can be made from images obtained from digital cameras, a technique known as photogrammetry. The one difference to remember that distinguishes photogrammetry from LiDAR is RGB. Unlike the RGB image, the LIDAR projection image does not have obvious texture, and it is difficult to find patterns in the projected image.

The programs to process LiDAR are numerous and increasing rapidly in accordance with the evolving field and user needs. ArcGIS has LiDAR processing functionality. ArcGIS accepts LAS or ASCII file types and has both 2D and 3D visualization options. Additionally, there are other options on the market. For example: NVIDIA DeepStream Software Development Kit (SDK). This SDK is an accelerated AI framework to build pipelines. DeepStream pipelines enable real-time analytics on video, image, and sensor data.

The architecture diagram on the right is for reference.

Headline News: https://www.sciencenews.org/article/ancient-urban-complex-ecuador-amazon-laser

About NVIDIA Security Bulletin – CVE-2023-31029 and CVE-2023-31030 (14th Jan 2024)

Preface: Artificial intelligence performs better when humans are involved in data collection, annotation, and validation. But why is artificial intelligence ubiquitous in the human world? Can we limit the use of AI?

Background: The NVIDIA DGX A100 system comes with a baseboard management controller (BMC) for monitoring and controlling various hardware devices on the system. It monitors system sensors and other parameters. Kernel-based Virtual Machine (KVM) is an open source virtualization technology built into Linux. KVM lets you turn Linux into a hypervisor that allows a host machine to run multiple, isolated virtual environments called guests or virtual machines (VMs).

What is Virtio-net device? Virtio-net device emulation enables users to create VirtIO-net emulated PCIe devices in the system where the NVIDIA® BlueField® DPU is connected.

Vulnerability details:

CVE-2023-31029 – NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE-2023-31030 – NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5510

My comment: The vendor published this vulnerability but did not provide full details. Do you think whether the details in attached diagram is the actual reason?