Category Archives: IoT

CVE-2024-4610: Arm was recently aware of this vulnerability being exploited in the wild (17 June 2024)

Arm has released limited details about the vulnerability. Do you think the following is similar to CVE-2024-4610?

Preface: Arm was recently aware of reports of this vulnerability being exploited in the wild, but this exploit was a local attack. Perhaps, cybercriminals should help via email phishing or SMS functionality. Therefore, it attracted the attention of manufacturers.

Background: The Mali Bifrost architecture – implemented by the Mali-G3x, Mali-G5x, and Mali-G7x family of products, is the successor to the Midgard architecture and the predecessor of the Valhall architecture.

The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Bifrost family.

There are many ways to communicate with IPC, such as: Shared Memory, Message Queue, PIPE, FIFO, Unix Socket, etc. A process cannot access another process’s memory. However, the kernel has control over all processes and therefore can expose an interface that enables IPC. In Binder, this interface is the /dev/binder device, which is implemented by the Binder kernel driver.

Ref: A Mutex is a Mutually exclusive flag. It acts as a gate keeper to a section of code allowing one thread in and blocking access to all others.

Vulnerability details: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-4610

CVE-2023-20597: AGESA™ firmware versions previously provided did not sufficiently mitigate CVE-2023-20594. Release 2nd round of remedy.(13-June-2024)

Preface: June 2024 Update – After additional analysis, AMD believes that the Client AGESA™ firmware versions previously provided did not sufficiently mitigate CVE-2023-20594. This security bulletin has been updated with new Client AGESA™ firmware versions that contain updated mitigations.

Background: The DXE drivers are responsible for initializing the processor, chipset, and platform components as well as providing software abstractions for system services, console devices, and boot devices.

Vulnerability details:

CVE-2023-20594Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CWE-665 Improper Initialization

CVE-2023-20597 Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CWE-665 Improper Initialization

Published Date: Sep 20, 2023
Last updated date: Jun 11, 2024

Official announcement: For detail, please refer to link –
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4007.html

CVE-2024-31335 GPU – PowerVR: Wrong order of operations in DevmemIntUnmapPMR2 may lead to temporarily dangling PTEs.AI accelerators called Neural Network Accelerator (NNA) staying alert! (7 June 2024)

Official Posted: 31st May 2024

Preface: PowerVR not limited 2D and 3D rendering, and for video encoding, decoding, associated image processing. It also develops AI accelerators called Neural Network Accelerator (NNA). The IMG Series4 is a revolutionary neural network accelerator (NNA) for the automotive industry that enables ADAS and autonomous driving.

PowerVR accelerators are not manufactured by PowerVR, but instead their IP blocks of integrated circuit designs and patents are licensed to other companies.

Remark: An IP block is a reusable unit of logic, cell, or chip layout design and can be used as building block for various chip- and logic designs. By making this technology available NXP is opening up the opportunity for chip designers to leverage our building blocks in a wide assortment of on-chip solutions.

Background: What is DDK? To build the Android kernel and other kernel artifacts (modules, boot images, etc.), they provide a framework called “Kleaf”. For Android 14+, Kleaf is strongly recommended. One part of Kleaf is the Driver Development Kit (DDK) which is used to build external modules.

Vulnerability details: CVE-2024-31335 – GPU – PowerVR: Wrong order of operations in DevmemIntUnmapPMR2 may lead to temporarily dangling PTEs.

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Official announcement: For detail, please refer to link –

https://www.imaginationtech.com/gpu-driver-vulnerabilities/#may24

CVE-2024-1086 : A use-after-free vulnerability in the Linux kernel’s netfilter. The IoT world remins vigilant. 4 June 2024

Preface: By default, OpenWrt builds the kernel with a useful set of netfilter capabilities for a robust router. NAT. REJECT. REDIRECT. CONNTRACK. LOG.

OpenWrt is a Linux distribution suitable for embedded devices. Currently, many embedded hardware platforms on the market use OpenWrt as their basis, such as routers, network gateways or industrial use computer

Background: Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network.

Netfilter represents a set of hooks inside the Linux kernel, allowing specific kernel modules to register callback functions with the kernel’s networking stack. Those functions, usually applied to the traffic in the form of filtering and modification rules, are called for every packet that traverses the respective hook within the networking stack.

Vulnerability details: CVE-2024-1086 A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Official announcement: For detail, please refer to link – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086

About CVE-2024-36843: libmodbus v3.1.6 design weakness (3 June 2024)

Preface: Modbus is a communication protocol widely used in the field of industrial automation. It provides a standardized method for devices to communicate with each other over the network, making it an important tool for connecting and controlling various industrial equipment.

Background: libmodbus supports the following functions:

  • Support Modbus-RTU and Modbus-TCP
  • Support common function codes, such as 01/02/03/04/05/06/07/0F/10/11/16/17 Support coil type reading and writing, register reading and writing, discrete quantity reading, etc.
  • Support broadcast address 0, slave address 1-247
  • Support floating point and integer data conversion, big endian and small endian and other modes
  • Parameters are designed according to the official standard document Modbus_Application_Protocol_V1_1b.pdf, such as the maximum number of read and write coils, the maximum number of read and write registers, etc.
  • The source code is written in C, which is convenient for porting on various platforms, with only 11 files.

Vulnerability details: libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.

Official announcement: For detail, please refer to link –https://www.tenable.com/cve/CVE-2024-36843

Android Security Bulletin – May 2024 There’s a lot you can explore (9 May 2024)

Preface: Heard that Long-term support (LTS) for Linux kernels is being reduced from six to two years now.

Background: Greg Kroah-Hartman is a major Linux kernel developer. As of April 2013, he is the Linux kernel maintainer for the -stable branch, the staging subsystem, USB, driver core, debugfs, kref, kobject, and the sysfs kernel subsystems, Userspace I/O, and TTY layer.

What will be the next LTS kernel?

But in any event Greg Kroah-Hartman has decided to go ahead and declare Linux 6.6 as the newest LTS kernel. Kernel.org has been updated to reflect Linux 6.6 LTS. The current plan is for Linux 6.6 to be maintained until going end-of-life in December 2026: the same time Linux 6.1, 5.15, and 5.10 will reach end-of-life.

Android Security Bulletin—May 2024 (Published May 6, 2024)

The diagram above shows that kernel versions have been updated. Kernel version updates are dependent on the version of Android OS at the time of device launch. Please refer to the following link for details:

https://source.android.com/docs/security/bulletin/2024-05-01

CVE-2024-4017 and CVE-2024-4018 on BeyondTrust (19-04-2024)

Preface: CyberArk most likely to be known as a leader in PAM. BeyondTrust more popular among small and medium-sized enterprises.

Background: U-Series is a self-contained physical or virtual appliance that contains the operating system, the database, the BeyondTrust BeyondInsight platform, and the BeyondTrust Password Safe solution.

For a BeyondInsight deployment with a local SQL Server instance, the minimum requirement is 32GB. It is based on Microsoft Windows Server 2022 Standard operating system. The license included with the U-Series v20 and U-Series v20 SQL Free for Microsoft Windows Server 2022 covers up to 16 cores on the physical virtualization (host) server.

Vulnerability details:

CVE-2024-4018: Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-4018

CVE-2024-4017: Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-4017

CVE-2024-1633: Do not contempt! (19th Feb 2024)

Preface: A two-stage bootloader actually consists of two bootloaders after each other. The first being small with the sole purpose of loading the second one. The second one can then contain all the code needed for loading the kernel.

Background: Secure boot is a security standard developed to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). When the device starts, the firmware checks the signature of each piece of boot software. If the signatures are valid, the device boots, and the firmware gives control to the operating system.

Vulnerability details: During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.

Reference:

An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold.

A 32-bit unsigned integer. It has a minimum value of 0 and a maximum value of 4,294,967,295 (inclusive).

Official details: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-1633

About CVE-2023-3220 An issue was discovered in the Linux kernel through 6.1-rc8 (20th June 2023)

Preface: AI Engines are built from the ground up to be software programmable and hardware adaptable. There are two distinct design flows for any developer to unleash the performance of these compute engines with the ability to compile in minutes and rapidly explore different microarchitectures.
As of today, current technology are capable On-device intelligence powered by the AI Engine. Our dreams come true, the 3rd generation AI Engine enables on-device intelligence and simplifies how pictures and videos are taken.

Background: The Qualcomm Robotics RB3 development kit includes the purpose-built robotics-focused DragonBoard™ 845c development board, based on the Qualcomm® SDA845 processor and compliant with the 96Boards open hardware specification to support a broad range of mezzanine-board expansions.
The development board supports Linux and Robotics Operating System (ROS), while also including support for the Qualcomm® Neural Processing software development kit (SDK) for advanced on-device AI, the Qualcomm ® Computer Vision Suite, the Qualcomm ® Hexagon DSP SDK, and AWS RoboMaker.

Vulnerability details: An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc[.]c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.

Ref: The kzalloc() function is the same as kmalloc().
Difference: Cleared to zero after memory allocation is successful. After each use of kzalloc(), there must be a corresponding memory release function kfree().

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-3220

CVE-2023-34868 – JerryScript Design weakness (15th June 2023)

Preface: Samsung said that Open Source is not only the development method also a culture and various things. Samsung always keep in mind to give back to Open Source through their activities. They are partake in the culture of sharing and collaboration with the list of projects they have released and contributed to.

Background: The IoT.js platform uses JerryScript to run JavaScript code and libuv for asynchronous I/O, and enables developers to create IoT services that communicate with each other and the outside world.
JerryScript is a very lightweight JavaScript engine with capability to run on microcontrollers with less than 8KB of RAM.

Vulnerability details:
CVE-2023-34868 – Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core[/]parser[/]js[/]js-parser-statm[.]c.
My Predcit Consequence: The possibility of triggering an assertion failure, which could cause the BIND process to terminate.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-34868

In addition there is another one.
CVE-2023-34867 – Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core[/]ecma[/]base[/]ecma-property-hashmap[.]c.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-34867