Preface: What does the ERROR: Segmentation violation mean?
Traditionally, a “segmentation violation” is a signal sent by the kernel to a process when the system has detected that the process was attempting to access a memory address that does not belong to it. Typically, this results in the offending process being terminated.

Background: A process describes an individual running instance of a program. It has its own memory, which it does not share with other programs. A process can run code in multiple separate threads. These threads can run code independently of each other.
This is how a server might accept multiple clients: we would spin up a separate thread for each client so the server could have an independent conversation with that client. Unlike processes, they share their memory with each other.
All Redis data resides in memory, enabling low-latency and high-throughput data access. Unlike traditional databases, in-memory data stores do not require access to disk.
RedisRaft is a Redis module that implements the Raft Consensus Algorithm, making it possible to create strongly-consistent clusters of Redis servers.

Vulnerability details: redis-7.0.10 was discovered to contain a segmentation violation.

Current status: Reply by developer, Redisraft is still being developed and currently, we only maintain compatibility with redisraft (master) and redis (unstable) branches.

Official announcement: Please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-31655

Preface: Based on limited details provided by CPU vendor. Based on the steps shown in the diagram, try to speculated that where the vulnerability is located.

Background: With the introduction of the Ryzen 5000-series Zen 3, AMD leads in gaming performance (especially in single-threaded performance). Announced on January 4, 2022, the Ryzen 6000 mobile-specific series of processors uses TSMC’s modestly altered Zen3+ cores on the 6nm process, claiming up to 15% (typically 10%) performance gains (supposedly from frequency rather than IPC (instructions per clock cycle)).

Ref: Because the IPC varies depending on workload, it’s not a straightforward number.
The clock frequency, on the other hand, generally only varies when there are thermal or power constraints (thermal throttling, TDP limiting).

The AMD secure processor (ASP), also known as platform security processor (PSP), is an isolated ARM processor that runs independently from the main x86 cores of the platform. ASP executes its own firmware, and hosts security sensitive components that can run without being affected by the main system workload.

Remark: The kernel supports the SuperVisor Call (SVC) instruction, through which the user can trigger an exception. For example: If the kernel is in unprivileged mode, the program needs to access special registers that can only be accessed in privileged mode. This exception is handy when running in privileged mode.

Vulnerability details (see below):
CVE-2021-26365 – Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.
CVE-2021-46753 – Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
CVE-2021-46765 – Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

Official details: For details, please refer to the remedial measures released by AMD – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4001.html

Preface: For very large environments, the XFS file system that was developed by SGI for use on supercomputers is probably the best choice.

Background: XFS consumes roughly twice as much CPU per metadata operation as Ext3 and Ext4 compared to Ext3 and Ext4. XFS is a 64-bit file system. XFS is the default file system for Red Hat Enterprise Linux 7.
XFS is well-known for its ability to handle large amounts of data with ease. By using XFS on your SSD, you can ensure that your files are safe. Solid-state drives (SSDs) are the most common storage drives today.

Vulnerability details: CVE-2023-2124 – An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Official technical details: please refer to the link – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210

Preface: The NFS 4.1 design flaw was released in August 2019 because it only affected the Linux operating system kernel at the time. It was hard to predict, and now it is going to the Windows platform!

Background: Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows operating systems, such as Linux or UNIX.
NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers. Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.

Vulnerability detail: Windows Network File System Remote Code Execution Vulnerability

Since vendor do not disclose the technical details. My speculation is shown as below:

Point 1 – Network File System (NFS) Protocol uses Open Network Computing (RPC) to exchange control messages. The design weakness occurs due to incorrect calculation of the size of response messages.
Point 2 – The server calls a function to calculate the size of each opcode response, though it does not include the size of the opcode itself. Due to this, the response buffer becomes too small and an overflow may happen.

When the source Linux server is invaded by the NFS4.1 vulnerability, the attacker will rely on point 1 and point 2 design weakness to attack the target Windows OS server.

Workaround: This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1.

Official announcement: For details, please refer to the link – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941

Preface: The vulnerability was fixed in Aug 2022. This is not a zero day and therefore published this month.

Background: ext4 is the default file system for many Linux distributions including Debian and Ubuntu. Furthermore, ext4 is the default file system for DigitalOcean Volumes Block Storage. Also, Google has used Ext4 on Android since Android 2.3.

To create files on Ext4, you need to format the partition with the Ext4 file system using the mkfs.ext4 command:

mke4fs -t ext4 blockdevice

Vulnerability details: A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-2513