Preface: Infrastructure as code (IaC) is the process of dynamically managing and provisioning infrastructure through code instead of through a manual process to simplify app development, configuration, and runtime. IaC uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure. For example: Cloud comupting platform structure components includes networks, virtual machines, load balancers, and connection topologies.

Infrastructure as code (IaC) uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure. For example: Cloud comupting platform structure components includes networks, virtual machines, load balancers, and connection topologies.

Remark: A general example of descriptive modeling is business reporting in the form of graphs, charts, and dashboards.

Background: Ansible is an tool for simple automation tasks. Python tool provides more flexibility and control over automation and is an excellent tool for complex automation tasks. Based on Python and Django, it can develop an automated task execution and asset management (CMDB) system with DevOps concept.

Ansible architecture is client-server architecture model. It has three main components: control nodes, managed nodes and communication channels.

Ansible automates Linux and Windows by connecting to managed nodes and pushing out small programs called Ansible modules. Ansible executes these modules, which are the resource models of the desired system state, over Secure Socket Shell (SSH) by default and removes them when finished.

Vulnerability details:

CVE-2023-5115 – ansible-core: malicious role archive can cause ansible-galaxy to overwrite arbitrary files

CVE-2023-41164 – automation-controller: Django: Potential denial of service vulnerability in  django.utils.encoding.uri_to_iri()

Official announcement: Please refer to the link for details –

https://access.redhat.com/errata/RHSA-2023:5701

Security Focus: CVE-2020-36558 appears in this patch. Do you have interest to know the details?

Preface: A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Background: RHEL 8.6 includes a wide range of new features and enhancements . Primary features and benefits:

i.Mitigate potential risks across the hybrid cloud – Web console support for Smart Card Authentication with Sudo and SSH to use smart card authentication credentials when performing administrative functions and accessing remote hosts through the RHEL web console.

ii.Support for SAP HANA in production with Red Hat and SAP, a jointly-tested RHEL configuration with SELinux enabled. SELinux’s security technology allows process isolation, offering great privilege escalation attack mitigation to SAP users.

Vulnerability details: CVE-2020-36558 – kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference

Synopsis: The reason for this vulnerability is that the statement “if” judgment is bypassed through conditional competition, so that after obtaining the lock, vc_cons[i].d is still NULL, which means that vc_cons[i].d has a value at the beginning. When the statement “if” After the judgment is made, or before the lock is obtained, set vc_cons[i].d to NULL through another thread. Then, statement “if” you can allocate page 0, you can carefully construct the data and realize reading and writing at any address.

Due to design limitation, before linux 2.6.31, it is possible to allocate 0 pages of memory. Combined with specify vulnerability in 2019, attacker be able to bypass the 0 page allocation limit. So, CVE-2020-36558 should be exploitable.

Ref: The ‘if’ Statement: The basic syntax of the if statement looks like this: if (condition) { // code to be executed if the condition is true; }.

Official announcement: Please refer to the link for details – https://access.redhat.com/errata/RHSA-2023:5627

Preface: Xen is an open-source hypervisor that allows the simultaneous development, execution, and management of multiple virtual machines on one physical computer. Xen offers two types of virtualization: paravirtualization and full virtualization.

Background: The Xen Project hypervisor is an open-source type-1 or bare-metal hypervisor. It allows many instances of an operating system or different operating systems to run in parallel on a single machine (or host). Xen hypervisor is used as the basis for many different commercial and open-source applications, such as: server virtualization, Infrastructure as a Service (IaaS), desktop virtualization, security applications, embedded, and hardware appliances.

Citrix Hypervisor is based on the Xen Project hypervisor, with extra features and supports provided by Citrix. Citrix Hypervisor 8.2 uses version 4.13.4 of the Xen hypervisor.

Vulnerability details: Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest.

Official announcement: Please refer to the link for details –

https://support.citrix.com/article/CTX575089/citrix-hypervisor-multiple-security-updates

Preface: The Resource Reservation Protocol (RSVP) is a transport layer protocol designed to reserve resources across a network using the integrated services model.

Background: The Resource Reservation Protocol (RSVP) is a transport layer protocol designed to reserve resources across a network using the integrated services model. RSVP operates over an IPv4 or IPv6 and provides receiver-initiated setup of resource reservations for multicast or unicast data flows.

The multicasting prevents unwanted message transmission and avoids clogging of the network.

Vulnerability details: A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

Ref: The total number of bytes in the packet is ‘len’. SKBs are composed of a linear data buffer, and optionally a set of 1 or more page buffers. If there are page buffers, the total number of bytes in the page buffer area is ‘data_len’. Therefore the number of bytes in the linear buffer is ‘skb->len – skb->data_len’.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2023-42755

Preface: Smartphone is a digital world microcosm. We know that our digital world includes web services, repositories, virtual machines, high-speed networks, multi-core CPUs, and GPUs. But the average smartphone already includes the infrastructure components just mentioned. Therefore, the security level of smartphones is no less than that of enterprise servers, because this micro world is more strict than you think.

Background: Android 13 builds on the tablet optimizations introduced in Android 12 and the 12L feature drop—including optimizations for the system UI, better multitasking, and improved compatibility modes. AndroidManagerService is the most important service of Android. It is mainly responsible for the startup, switching, scheduling and management of application processes of four components. It plays the role of management process and scheduling module of the operating system.

ActivityManagerService is the process manage and dispatch center in java platform. Furthermore system_server is a system process, it will be included in ActivityManagerService manage scope.

What exactly did ActivityManagerService do when it was constructed? Established execution threads: ServiceThread, mUiHandler, sKillThread, CpuTracker.

Vulnerability details: CVE-2023-21266 could lead to local escalation of privilege with no additional execution privileges needed.

Affected Android versions: 11, 12, 12L, 13

Vulnerability Type: Elevation of privilege

Official announcement: Please refer to the link for details – https://source.android.com/docs/security/bulletin/2023-10-01

Preface: There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 may be under limited, targeted exploitation. Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible. Please contact your device manufacturer for more information on the patch status about specific devices.

Background: Qualcomm cDSP is a hardware acceleration unit on the Qualcomm platform specifically used for general computing. Compared with the host CPU, the DSP usually runs at a lower clock speed and provides more parallel instruction levels. This makes DSPs a better alternative to CPUs in terms of power consumption. Therefore, porting as many large computing-intensive tasks as possible to the DSP can reduce the overall power consumption of the device.

The Qualcomm Adreno 640 is a smartphone and tablet GPU that is integrated within the Qualcomm Snapdragon 855 SoC. The chip will be available from early 2019 and will be used mainly in high-end Android devices.

Vulnerability details:

Per announcement by vendor, the details of design weakness on those CVE items not published yet. But OEMs have been notified with a strong recommendation to deploy security updates as soon as possible. An limited information told that vulnerabilities affecting Adreno GPU and Compute DSP drivers have been made available.

Official announcement: Please refer to the link for details – https://docs.qualcomm.com/product/publicresources/securitybulletin

Preface: Rather than processing tasks serially (sequentially) like a CPU, a GPU breaks up tasks and runs them in parallel. GPUs have many more cores than CPUs.

Background: The Roofline model is an intuitive visual performance model used to provide performance estimates of a given compute kernel or application running on multi-core, many-core, or accelerator processor architectures, by showing inherent hardware limitations, and potential benefit and priority of optimizations.

The kernel is memory bound, and the corresponding dot it close to L2 Bandwidth roof.

Ref: Suppose we have a mapping φ:Rn→Rm that brings our vectors in Rn to some feature space Rm. Then the dot product of x and y in this space is φ(x)Tφ(y). A kernel is a function k that corresponds to this dot product, i.e. k(x,y)=φ(x)Tφ(y)

Mali Offline Compiler is a command-line tool that you can use to compile all shaders and kernels from OpenGL ES, Vulkan and OpenCL.

Even though data is not organized in blocks in the source code, the compiler recognizes the pattern and optimizes access to matrix arrays.

Vulnerability details: A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-34970

Preface: Double Free and Use After Free are Common IoT Security Weaknesses.

For example: Calling free() twice on the same value causes a memory leak. So, it is easy to encounter this design weakness.

Background: Arm Mali-G720, is designed on the Arm 5th Gen architecture to deliver improved performance while reducing memory bandwidth usage, power consumption, and CPU load. Even more powerful than its predecessor, the Mali-G715 GPU, Mali-G720 takes full advantage of advanced GPU technologies that can power immersive games and intelligent AI applications across a broad range of devices.

Vulnerability details: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Impact will occur on these specific products:

Midgard GPU Kernel  Driver: All versions from r12p0 – r32p0

Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0

Valhall GPU Kernel Driver: All versions from r19p0 – r42p0

Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-4211

Preface: A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Background: A video codec is software or hardware that compresses and decompresses digital video. The libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia).

Vulnerability details: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remedy: Upgrading to version 117.0.5938.132

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-5217