Category Archives: Potential Risk of CVE

CVE-2024-45184: Design weakness found in Exynos, a system-on-chip based on Samsung’s ARM development (October 14, 2024)

Preface: USAT (USIM Application Toolkit) technology is based on the original passive operation mode of the SIM card and adds the new active operation capability of the SIM card, which allows applications and services in the SIM card to actively interact with mobile terminals.

Background: The USAT (USIM Application Toolkit) is a standardized set of commands and protocols that allow mobile applications to interact with the USIM card in 3G and 4G/LTE mobile networks.

USAT use case example:

Mobile Banking: Displays a secure PIN entry screen for transaction verification.

Mobile Payments: Interact with USIM cards for secure payment transactions, authorization and token generation.

Mobile messaging: Receive event notifications for incoming SMS messages or delivery reports.

Vulnerability details: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service.

Official announcement: Please refer to the link for details – https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-45184/

CVE-2024-47670: ocfs2 – add bounds checking (10-10-2024)

Preface: OCFS2 is a file system. It allows users to store and retrieve data. The data is stored in files that are organized in a hierarchical directory tree. It is a POSIX compliant file system that supports the standard interfaces and the behavioral semantics as spelled out by that specification.

Background: OCFS2 is a useful clustered file system that has many general purpose uses beyond Oracle workloads. Utilizing shared storage, it can be used for many general computing tasks where shared clustered storage is required.

OCFS2 supports 512-4K block size. In addition, there is support 4K-1M range for the Cluster size, which we can also call the allocation unit.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn’t stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images.

Official announcement: Please refer to the link for details –

https://www.tenable.com/cve/CVE-2024-47670

Is Qualcomm CVE-2024-23369 the same as CVE-2022-33278? (9th Oct 2024)

Preface: Security patches can be divided into 2 categories — HLOS (High Level Operating System) and NON-HLOS. The first category is for patches concerning the Android system itself and the Linux kernel, and the other is about code running at much lower levels.

Background: The software image running on the main processor is termed as HLOS. The Snapdragon 8 Gen 1 Chipset, that powered the new Samsung Galaxy S22 series, is one of the quickest and most energy-efficient processors available. Qualcomm is known for making some of the greatest chipsets for Android devices, and their current flagship SoC is the Snapdragon 8 Gen 1. Despite the fact that the chip was unveiled in November 2021, few devices have taken advantage of its capabilities. The MotorolaEdge X30, which was released in December 2021, was the first smartphone to include a Snapdragon 8 Gen 1 processor.

Vulnerability details: Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Official announcement: Please refer to the link for details –

https://docs.qualcomm.com/bundle/publicresource/topics/80-41102-2/page_c_tafDiagUpdate.html

About CVE-2024-33066: Memory corruption while redirecting log file to any file location with any file name, said Qualcomm (8th Oct 2024)

Preface: To redirect the standard error output of a command to a file in the Linux shell, you can use the “2>” operator followed by the name of the file where you want to redirect the stderr. Additionally, you can combine the stderr and stdout streams using the “2>&1” operator if you want to redirect both to the same file.

Background: Qualcomm Snapdragon X65 5G Modem-RF System is the world’s first 10 Gigabit 5G and first 3GPP Release 16 modem-to-antenna solution. It is designed with an upgradable architecture to rapidly commercialize 5G Release 16 and extend 5G in mobile broadband, fixed wireless, industrial IoT and 5G private network applications.

Vulnerability details: Memory corruption while redirecting log file to any file location with any file name.

Official announcement: Please refer to the link for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

CVE-2024-38812: Is it a known design weakness in past or it is a new findings? (7th Oct 2024)

Preface: System-Dependent IDL Preprocessor Variables The following system-dependent preprocessor variables are used in building the IDL compiler. They are all defined in:

dce-root-dir/dce/src/rpc/idl/idl_compiler/sysdep[.]h

AUTO_HEAP_STACK_THRESHOLD defines an estimate for the maximum size of a stack in a server stub. If the IDL compiler estimates that this amount will be exceeded, objects will be allocated via malloc instead of on the stack.

Background: What is dcerpc protocol VMware? DCERPC (Distributed Computing Environment/Remote Procedure Call) with Microsoft extensions (MSRPC) is used to transparently execute functions on remote servers. To facilitate this process, interfaces are defined using an interface definition language (IDL).

Vulnerability details: The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-38812

CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Preface: Kafka understands only byte arrays. Kafka acts as a Broker to convert and transmit data over the network between producers and consumers. But it need a mechanism to convert data into a format that Kafka, producers and consumers can understand.

Background: Apache Avro is a powerful data serialization framework that provides many useful features. It uses the AVRO file format, which is a compact binary format suitable for evolving data schemas. For example, it supports schema enforcement and schema transformations, which are essential for data integrity and compatibility.

Vulnerability details: Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Official announcement: Please refer to the link for details – https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

CVE‑2024-0103, CVE-2024-0104 & CVE-2024-0105 Interference from the development of supercomputers and artificial intelligence (3rd Oct 2024)

Preface: OpenAI revealed that the project cost $100 million, took 100 days, and used 25,000 NVIDIA A100 GPUs. Each server equipped with these GPUs uses approximately 6.5 kW, so an estimated 50 GWh of energy is consumed during training.

Background: Parallel processing is a method in computing of running two or more processors (CPUs) to handle separate parts of an overall task. Breaking up different parts of a task among multiple processors will help reduce the amount of time to run a program. GPUs render images more quickly than a CPU because of its parallel processing architecture, which allows it to perform multiple calculations across streams of data simultaneously. The CPU is the brain of the operation, responsible for giving instructions to the rest of the system, including the GPU(s).

NVIDIA CUDA provides a simple C/C++ based interface. The CUDA compiler leverages parallelism built into the CUDA programming model as it compiles your program into code.
CUDA is a parallel computing platform and programming interface model created by Nvidia for the development of software which is used by parallel processors. It serves as an alternative to running simulations on traditional CPUs.

Vulnerability details:

CVE-2024-0123 – NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. (CWE‑1285 – Improper Validation of Specified Index, Position, or Offset in Input)

CVE-2024-0124 – NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. (CWE-416 – Use After Free)

CVE-2024-0125 – NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. (CWE-476 – NULL Pointer Dereference)

Official announcement: Please refer to the vendor announcement for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5577

CVE-2024-0116: NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds.(2nd Oct 2024)

Preface: Some systems which implement malloc() may not release memory back to the operating system right away causing a false memory leak.

Background: Triton Inference Server provides a cloud and edge inferencing solution optimized for both CPUs and GPUs. Triton supports an HTTP/REST and GRPC protocol that allows remote clients to request inferencing for any model being managed by the server.

Vulnerability details: NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.

Official announcement: Please refer to the vendor announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5565

CVE-2024-23935: Car owners should be vigilant! (30th Sep 2024)

Preface: ISO/SAE 21434 describes Threat Analysis and Risk Assessment (TARA) to assess the cybersecurity risks in the product. ISO/SAE 21434 stresses the importance of executive management’s commitment to cybersecurity by providing specific guidelines for those responsibilities.

Background: The iLX-F905D Alpine Halo9 is the second generation of the Halo product line, featuring a 9-inch high-resolution WXGA touchscreen that is compatible with virtually any vehicle with a 1DIN or 2DIN mounting base. Halo9 capable wireless Apple CarPlay and Android Auto (wired) compatibility, DAB+ digital radio, USB video playback, Hi-Res Audio playback, Bluetooth hands-free and audio streaming.

Vehicle Data-bus Connection – If your car is equipped with parking sensors and, you can continue to use these convenient functions with your iLX-F905D. Alpine offers many vehicle data-bus interfaces to connect your Alpine Halo9 to your vehicle’s data-bus system. This enables compatibility with your vehicle’s steering wheel control buttons, display of air conditioning settings as well parking sensor display.

Vulnerability details: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.

The specific flaw exists within the DecodeUTF7 function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

Official announcement: Please refer to the vendor announcement for details – https://www.zerodayinitiative.com/advisories/ZDI-24-848/

CVE-2024-0132: About NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability (25th Sep 2024)

Preface: In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

Background: The NVIDIA container stack is architected so that it can be targeted to support any container runtime in the ecosystem. The components of the stack include:

-The NVIDIA Container Runtime (nvidia-container-runtime)

-The NVIDIA Container Runtime Hook (nvidia-container-toolkit / nvidia-container-runtime-hook)

-The NVIDIA Container Library and CLI (libnvidia-container1, nvidia-container-cli)

The components of the NVIDIA container stack are packaged as the NVIDIA Container Toolkit.

The NVIDIA Container Toolkit is a key component in enabling Docker containers to leverage the raw power of NVIDIA GPUs. This toolkit allows for the integration of GPU resources into your Docker containers.

Vulnerability details: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Official announcement: Please refer to the vendor announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5582