Preface: As of January 2025, Android holds a global market share of 72.15%, which is a big jump from just 12% back in 2010.

Background: The AccountTypePreferenceLoader is a class within the Android Settings app. It is responsible for loading and displaying account preferences, which include settings related to authenticator apps. This class plays a crucial role in managing user accounts and preferences on Android devices.

For example, when you add a new email account or a social media account to your Android device, the AccountTypePreferenceLoader ensures that the specific settings for that account type are properly loaded and displayed in the Settings app. This makes it easier for users to manage their accounts and customize their preferences.

Vulnerability details: AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: For more details, please refer to the following link – https://source.android.com/docs/security/bulletin/2025-02-01

Preface: NVIDIA® offers a wide range of Network Operating Systems (NOS), from the homegrown Ethernet Operating System, NVIDIA Mellanox Onyx™, to native Linux operating systems, NVIDIA Cumulus Linux, and a variety of vendor specific options.

Background: NVIDIA® MLNX-OS® operating system, enables the management and configuration of NVIDIA’s InfiniBand switch system platforms.

NVIDIA MLNX-OS®, an InfiniBand switch operating system for high-performance data centers, enables you to build networks that scale to thousands of compute and storage nodes, while also providing monitoring and provisioning capabilities.

Vulnerability details: CVE-2024-0101 – NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.

Ref: A design flaw emerged about twenty-three years ago. , could it be related to this design weakness?

IPFilter caches the decision to forward or drop a fragment and applies this decision to other IP fragments with the same IP id. Even if the fragment is an “initial” fragment (a fragment with fragment offset 0) that may contain a TCP or UDP header, it will be evaluated against the decision cache.Therefore, an attacker could create a cache of “allow” decisions in IPFilter rules and then successfully bypass the rule set and pass fragments with arbitrary UDP or TCP headers through the device where IPFilter is installed.

Official announcement: Please refer to the official announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5559

Preface: The use of previously freed memory can have any number of adverse consequences – ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system’s reuse of the freed memory. They are common coding problems that can lead to vulnerabilities and affect stability.

Background: Why MTE? Memory safety bugs, which are errors in handling memory in native programming languages, are common code issues. They lead to security vulnerabilities as well as stability problems.Armv9 introduced the Arm Memory Tagging Extension (MTE), a hardware extension that allows you to catch use-after-free and buffer-overflow bugs in your native code.

Technical details: In December 2023, a research paper called ‘Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags’ was published by academics from VUSec Group, Vrije Universiteit Amsterdam. The paper demonstrates how speculative probing can potentially be used to determine Arm Memory Tagging Extension (MTE) allocation tags and explores alternative solutions to Arm MTE.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Arm%20Memory%20Tagging%20Extension

Preface: Node[.]js has a built-in WebSocket module, but this module doesn’t provide the functionalities required to build complex real-time applications; this is why Socket[.]io exists.
Socket[.]IO is quite popular and companies like Amazon, Zendesk,……and several others use it to develop robust real-time applications. It one of the most powerful JavaScript frameworks on GitHub, and most depended-upon NPM (Node Package Manager) module.

Background: Socket[.]io is a JavaScript library. It is a way to communicate between a client and a server. It allows real-time data flow. It is bi-directional communication, means we can flow data in both directions:

• Client to Server
• Server to Client
  engine.io is a lower level library than socket.io. Engine is to Socket[.]IO what Connect is to Express. If you want the lower level abstraction, use engine[.]io. If you want a websocket abstraction, keep using socket[.]io.

Remark: engine[.]io is of more interest to you if you’re building a library/framework on top of socket[.]io.

Vulnerability details: A specially crafted HTTP request can trigger an uncaught exception on the Engine[.]IO server, thus killing the Node[.]js process. This impacts all the users of the engine[.]io package, including those who uses depending packages like socket[.]io.
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node[.]js process:

Solution: There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.

Official announcement: Please refer to the link for details – https://github.com/advisories/GHSA-r7qp-cfhv-p84w

Preface: A system on a chip (SoC), is an integrated circuit that integrates all or most components of a computer or other electronic system. A SoC chip may have several GPIO components. Linux doesn’t usually run on Cortex-M, 8051, AVR, or other popular microcontroller architectures. Instead, we use application processors — popular ones are the Arm Cortex-A, ARM926EJ-S, and several MIPS iterations.

Background: How can mobile device download firmware directly from vendor if it don’t have windows, Linux or Mac workstation? Mobile device can use firmware downloader to check for the latest update for your device, download that firmware as long as you know the correct model, region, and firmware string.

The file which responsible for Firmware downloader function is (./drivers/nfc/nfcmrvl/fw_dnld.h). Furthermore, the file name (./drivers/nfc/nfcmrvl/main.c) is responsible for major function.

Vulnerability details: A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.

Official announcement: See the link for details on this vulnerability – https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098