Preface: The Databricks Platform is the world’s first data intelligence platform powered by generative AI. Infuse AI into every facet of your business.

Generative artificial intelligence, also known as generative AI or gen AI for short, is a type of AI that can create new content and ideas, including conversations, stories, images, videos, and music. It can learn human language, programming languages, art, chemistry, biology, or any complex subject matter.

Background: Databricks JDBC, the first version of the driver, is a Simba driver developed by insightsoftware. It enables you to connect participating apps, tools, clients, SDKs, and APIs to Azure Databricks through Java Database Connectivity (JDBC), an industry-standard specification for accessing database management systems.

Vulnerability details: Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile.

Official announcement: Please refer to the link for details –https://kb.databricks.com/en_US/data-sources/security-bulletin-databricks-jdbc-driver-vulnerability-advisory-cve-2024-49194

Preface: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Background: Hitachi Ops Center analytics and observability software supports VSP arrays whether on-premises, in a colocation facility, or a public cloud environment. Ops Center’s analytics software provides health insights and best practices to monitor key performance and capacity indicators across a heterogeneous data center infrastructure, to easily identify and isolate performance problems. By analyzing the data path from virtual machine (VM) and server to SAN fabric and logical storage resources, Hitachi Ops Center analytics software provides essential IT operations visibility and optimization.

Vulnerability details:  Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2024-10205

Preface: Nvidia acquires Bright Computing, maker of Bright Cluster Manager software that controls the configuration of clustered HPC systems, including Nvidia’s own DGX servers and HGX systems manufactured by OEMs and ODMs, as well as clusters from other manufacturers.

Background: NVIDIA Base Command Manager provides cluster management software for streamlining cluster provisioning, workload management, and infrastructure monitoring. It provides all the tools for deploying and managing an AI data center.

Note: Base Command Manager 10 is licensed on a per-GPU base. This differs from the node-base licensing model of Bright Cluster Manager. Customers with active support subscriptions using Bright Cluster Manager 9.2 and earlier can upgrade to Base Command Manager 10 by exchanging their current licenses for GPU-based Base Command Manager 10 licenses at no cost.

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for large and small Linux clusters. SLURM is a vital component of a parallel computer for executing parallel jobs. It simplifies the job execution by hiding all the complexities.

Vulnerability details: NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service.

Official announcement: Please see the link below for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5600

Preface: Artificial intelligence penetrates into different industries. Perhaps the expansion of some HPC supercomputers is not limited to regions. They can be run on a blockchain network to build a matrix.

Background: In today’s high-performance computing (HPC) landscape, network interconnect technology is essential in linking compute nodes to ensure efficient data transfer. Among the interconnect technologies, NVIDIA’s NVLink and InfiniBand stand offers diverse advantages for specific use cases.

UFM (Unified Fabric Manager) Server is a server on which UFM is installed and has complete visibility over the fabric to manage routing on all devices.

NVIDIA® UFM® Cyber-AI is packaged in a tar le. The tar le consists of several docker images and an installation script. The script will load the docker images and create a UFM Cyber-AI service. UFM Cyber-AI should be installed on UFM Cyber-AI appliance.

In addition to the REST API used for Cyber AI management, Cyber AI software provides several command-line tools (CLI) for managing the Cyber AI system.

Vulnerability details: NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure.

Official announcement: Please see the link below for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5584

Preface: What is the difference between Hugging Face and transformers?

Transformers is a library that contains various state-of-the-art machine learning models, as well as a Trainer API which can be used to train models. Huggingface_hub is a library to programmatically integrate with the hub.

Backgound: Masks are often used in segmentation tasks, where they provide a precise way to isolate the object of interest for further processing or analysis.

MaskFormer is based on the DETR architecture, which uses a transformer decoder to predict masks for each object in an image. MaskFormer has been shown to be effective for both semantic segmentation and panoptic segmentation. However, it has not been as successful for instance segmentation.

Vulnerability details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files.

Official announcement: Please see the link below for details – https://nvd.nist.gov/vuln/detail/CVE-2024-11393

Preface: NVIDIA Delegated License Service (DLS) is a component of NVIDIA License System that serves licenses to licensed clients. A DLS instance is hosted on-premises at a location that is accessible from your private network, such as inside your data center.

Background: For deployment in a virtual machine, the Delegated License Server (DLS) component of the NVIDIA License System is supplied as a virtual appliance. The virtual appliance must be installed on a supported hypervisor software release.

The following hypervisor software releases are supported:

Citrix Hypervisor 8.2

Linux Kernel-based Virtual Machine (KVM) hypervisors with one of the following QEMU releases:

QEMU 4.2.0

QEMU 2.12.0 (qemu-kvm-2.12.0-64.el8.2.27782638)

Microsoft Windows Server with Hyper-V 2019 Datacenter edition

Red Hat Enterprise Linux Kernel-based Virtual Machine (KVM) 9.2, 9.1, 9.0, and 8.8

Red Hat Virtualization 4.3

Ubuntu Hypervisor 22.04

VMware vSphere Hypervisor (ESXi) ) 8.0.3, 8.0.2, 8.0.1, 8.0, 7.0.3, 7.0.2, and 7.0.1

Supported Container Orchestration Platforms

For deployment on a supported container orchestration platform, the Delegated License Server (DLS) component of the NVIDIA License System is supplied as a containerized software image.

The following container orchestration platform releases are supported:

Docker 27.1.1 with Docker Compose 2.29.1

Kubernetes 1.23.8

Red Hat OpenShift Container Platform 4.10.67 with Kubernetes 1.23.17

Podman 4.4.2 with Podman Compose 1.0.7

VMware Tanzu Application Platform 1.1 with Kubernetes 1.23.6

Vulnerability details: CVE-2024-0122 – NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.

Official announcement: Please refer to the link for details

https://nvidia.custhelp.com/app/answers/detail/a_id/5570

(Updated 11/18/2024 04:12 PM)

Preface: Nvidia acquires Bright Computing, maker of Bright Cluster Manager software that controls the configuration of clustered HPC systems, including Nvidia’s own DGX servers and HGX systems manufactured by OEMs and ODMs, as well as clusters from other manufacturers.

Background: NVIDIA Base Command Manager provides cluster management software for streamlining cluster provisioning, workload management, and infrastructure monitoring. It provides all the tools for deploying and managing an AI data center.

Note: Base Command Manager 10 is licensed on a per-GPU base. This differs from the node-base licensing model of Bright Cluster Manager. Customers with active support subscriptions using Bright Cluster Manager 9.2 and earlier can upgrade to Base Command Manager 10 by exchanging their current licenses for GPU-based Base Command Manager 10 licenses at no cost.

Vulnerability details: CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.      

Official announcement: For more details please see link – https://nvidia.custhelp.com/app/answers/detail/a_id/5595

Preface: If you talk to God, what is the difference between human and artificial intelligence? Maybe God will say that humans and A.I are incomparable. And both cannot live together in the same place.

Background: Intel Neural Compressor performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs.

Intel Neural Compressor aims to provide popular model compression techniques such as quantization, pruning (sparsity), distillation, and neural architecture search on mainstream frameworks such as TensorFlow, PyTorch, ONNX Runtime, and MXNet, as well as Intel extensions such as Intel Extension for TensorFlow and Intel Extension for PyTorch.

Vulnerability details:

CVEID: CVE-2024-28028

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Affected Products: Intel® Neural Compressor software before version 3.0.

Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-28028

Preface: A pointer is a variable that stores the memory address of another variable. Unlike typical variables that hold data like numbers or characters, pointers hold the location of where data is stored in your computer’s memory. By knowing the address, pointers can access & manipulate the data at that memory location.

Background:

1.Install NPU Drivers

2.Download the NPU driver installation package NPU Driver

3.Install the NPU drivers by following these steps:

4.Extract the downloaded “NPU_RAI1.2.zip” zip file.

5.Open a terminal in administrator mode and execute the[[.]\npu_sw_installer[.]exe] exe file.

6.Ensure that NPU MCDM driver (Version:32.0.201.204, Date:7/26/2024) is correctly installed by opening Device Manager -> Neural processors -> NPU Compute Accelerator Device.

Vulnerability details:

CVE-2024-21974 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

CVE-2024-21975 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

CVE-2024-21976 Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

Official announcement: Please refer to the official announcement for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html