Preface: In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

Background: The NVIDIA container stack is architected so that it can be targeted to support any container runtime in the ecosystem. The components of the stack include:

-The NVIDIA Container Runtime (nvidia-container-runtime)

-The NVIDIA Container Runtime Hook (nvidia-container-toolkit / nvidia-container-runtime-hook)

-The NVIDIA Container Library and CLI (libnvidia-container1, nvidia-container-cli)

The components of the NVIDIA container stack are packaged as the NVIDIA Container Toolkit.

The NVIDIA Container Toolkit is a key component in enabling Docker containers to leverage the raw power of NVIDIA GPUs. This toolkit allows for the integration of GPU resources into your Docker containers.

Remark: The Podman command can be used with remote services using the –remote flag. Connections can be made using local unix domain sockets, ssh

Vulnerability details: NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

Official announcement: Please refer to the vendor announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5585

Preface: Sandia’s Astra is the world’s fastest Arm-based supercomputer according to the technical article, the supercomputer industry’s standard. With a speed of 1.529 petaflops, Astra placed 203rd on a ranking of top computers announced at SC18, the International Conference for High Performance Computing, Networking, Storage, and Analysis, in Dallas.

Background: A crossbar network is a switching network that allows multiple processors to connect and communicate simultaneously without contention. It enables one-to-one interconnections between processors and memory units, and is commonly used in the design of high-performance multiprocessors and network routers.

The AXI Interconnect core allows any mixture of AXI master and slave devices to be connected to it, which can vary from one another in terms of data width, clock domain and AXI sub-protocol (AXI4, AXI3, or AXI4-Lite). When the interface characteristics of any connected master or slave device differ from those of the crossbar switch inside the interconnect, the appropriate infrastructure cores are automatically inferred and connected within the interconnect to perform the necessary conversions.

Vulnerability details: Researchers from ETH Zurich, UC San Diego and RPTU Kaiserslautern-Landau shared a paper with AMD titled “EXPECT: On the Security Implications of Violations in AXI Implementations” which explores methods for exposing vulnerabilities related to the AXI interface when utilizing the AMD AXI Crossbar IP in Vivado™ designs. 

Official announcement: Please refer to the link for details –https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8005.html

Preface: Nvidia BlueField is a line of data processing units (DPUs) designed and produced by Nvidia. Initially developed by Mellanox Technologies. DOCA is a consistent and essential resource across all existing and future generations of BlueField DPU and SuperNIC products.

Background: The NVIDIA cloud-native supercomputing platform leverages the NVIDIA BlueField DPU architecture with high-speed, low-latency. The DPU enables native cloud services that let multiple users securely share resources without loss in application performance. HPC and AI communication frameworks and libraries play a critical role in determining application performance. Due to their latency and bandwidth-sensitive nature, offloading the libraries from the host CPU or GPU to the BlueField DPU creates the highest degree of overlap for parallel progression of communication and computation.

Vulnerability details:

CVE-2024-0105 – NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

CVE-2024-0106 – NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5562

Preface: A hardware prefetcher is a data prefetching technique implemented as a hardware component in a processor, aimed at improving performance by fetching data before it is actually needed. Let’s take a closer look at prefetching. And speculate what kind of prefetching will approach this discussion.

Background: A research paper titled ‘ShadowLoad: Injecting State into Hardware Prefetchers’ was provided to AMD in February 2024. 

The paper discusses the possibility for prefetchers to be used to inject cache loads using a technique referred to as ”ShadowLoad”. The technique can potentially  expand the attack surface of existing attacks. 

Using a framework referred to as ”StrideRE” the researchers  automatically reverse engineer parameters required for hardware stride-prefetch attacks. The paper describes how this stride prefetcher can be used to leak offsets for stride patterns across contexts, possibly creating a covert channel. 

Official announcement: AMD has evaluated the paper and has determined that the researchers did not identify any AMD prefetchers that have not already been publicly disclosed in the referenced Software Optimization Guide and did not identify any new security implications with AMD prefetchers.

Official details: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7023.html

Preface: When artificial intelligence gains enough intelligence, do you know what it will say if it knows that software or applications developed by humans have vulnerabilities? He would say “Fxxx”!

Background: Docker Engine is the fundamental containerization engine that runs on servers and manages containers, while Docker Desktop is a developer-focused tool that includes Docker Engine along with additional features to simplify the development and testing of containerized applications on local machines.

Can a Docker container have a desktop?
Overview of Docker Desktop – It provides a straightforward GUI (Graphical User Interface) that lets you manage your containers, applications, and images directly from your machine. Docker Desktop reduces the time spent on complex setups so you can focus on writing code.

Vulnerability details: Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

Official announcement: Please refer to the vendor announcement for details – https://www.tenable.com/cve/CVE-2024-9348

Preface: If successful, a path traversal attack may result in the following risks: Unauthorized data access: An attacker can gain access to sensitive files, such as configuration files, system files, or source code, which may include Credentials, application code and data, and sensitive operating system files.

Background: NVIDIA NeMo™ is an end-to-end platform for developing custom generative AI—including large language models (LLMs), multimodal, vision, and speech AI —anywhere. Deliver enterprise-ready models with precise data curation, cutting-edge customization, retrieval-augmented generation (RAG), and accelerated performance.

Standardized method to save a tarfile containing the checkpoint, config, and any additional artifacts. Implemented via nemo[.]core[.]connectors.

Vulnerability details: NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5580

Preface: Examples of side channel attacks include timing attacks, cache-based attacks, and network traffic analysis. Mitigating side channel attacks involves implementing secure coding practices, employing cryptographic algorithms resistant to side channels, and minimizing timing differences.

Background: Cache side channel attacks can infer the secret information processed by the victim by measuring the victim’s cache usage patterns. While the L1 and L2 caches are core-private, the LLC is shared between cores, so LLC-based attacks can be performed when the victim and attacker are not executing on the same core.

Security Focus:

AMD-SB-7025 – Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs” in which they outline a method for potentially mitigating cache side-channel attacks.

Ref: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7025.html

AMD-SB-3013 – Researchers from Graz University of Technology, Austria, have reported a way for a malicious hypervisor to monitor performance counters and potentially recover data from a guest VM.

Ref: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3013.html

Preface: OCFS2 is a file system. It allows users to store and retrieve data. The data is stored in files that are organized in a hierarchical directory tree. It is a POSIX compliant file system that supports the standard interfaces and the behavioral semantics as spelled out by that specification.

Background: OCFS2 is a useful clustered file system that has many general purpose uses beyond Oracle workloads. Utilizing shared storage, it can be used for many general computing tasks where shared clustered storage is required.

OCFS2 supports 512-4K block size. In addition, there is support 4K-1M range for the Cluster size, which we can also call the allocation unit.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn’t stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images.

Official announcement: Please refer to the link for details –

https://www.tenable.com/cve/CVE-2024-47670