Potential Risk of CVE, System

About CVE-2025-37889 – ASoC framework Consistently treat platform_max as control value (12th May 2025)

Leave a comment

Preface: The overall project goal of the ALSA System on Chip (ASoC) layer is to provide better ALSA support for embedded system-on-chip processors.

Advanced Linux Sound Architecture (ALSA) is a software framework and part of the Linux kernel that provides an application programming interface (API) for sound card device drivers.

Background: The snd_soc_put_volsw() function is part of the ALSA System on Chip (ASoC) layer in the Linux kernel. It is included in the kernel source, but whether it is available by default depends on the specific kernel configuration and the presence of ASoC support. Here’s a brief overview of its features:

Purpose: It sets the volume control values for the sound subsystem.

Arguments: It takes two arguments: kcontrol, which represents the mixer control, and ucontrol, which contains the control element information.

Return Value: It returns 0 on success.

Vulnerability details: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 (“ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min”), and makes some additional related updates.

Speculated this is an enhancement and remediation for CVE-2022-48917

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero. To correctly validate $val/$val2 against platform_max, add the $min offset to val first. (CVE-2022-48917)

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-37889

AI and ML, Potential Risk of CVE

CVE-2025-37834: About Linux vmscan[.]c (8th May 2025)

Leave a comment

Preface: All systems based on the Linux kernel utilize the vmscan[.]c file for memory management. This file is integral to the kernel’s memory reclamation process, ensuring efficient use of system memory across various Linux distributions.

Background: The vmscan[.]c file in the Linux kernel is responsible for managing memory reclamation. It contains functions that help the system reclaim memory by scanning and freeing up pages that are no longer in use. This process is crucial for maintaining system performance and preventing memory shortages.

Some key functions within vmscan.c include:

kswapd: A kernel thread that periodically scans and frees up memory pages.

shrink_node: This function attempts to reclaim memory from a specific node.

shrink_zone: It works on reclaiming memory from a specific zone within a node.

These functions work together to ensure that the system has enough free memory to operate efficiently.

Vulnerability details: mm/vmscan: don’t try to reclaim hwpoison folio. The vulnerability has been resolved.

The enhancement in the vmscan[.]c file, specifically the handling of hardware-poisoned pages, is indeed part of the broader memory management improvements. This enhancement is not limited to the shrink_node function alone. It applies to various parts of the memory reclamation process, including functions like shrink_zone and shrink_folio_list.

Official announcement: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-37834

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-49835 – Out-of-bounds Write in SPS Applications (8th May 2025)

Leave a comment

Preface: Semi-Persistent Scheduling (SPS) is used in LTE and 5G networks to reduce control channel overhead for applications requiring persistent radio resource allocations, such as VoIP and VoLTE . The memory usage for SPS on Android devices can vary based on several factors, including the specific implementation and the network conditions.

A method and apparatus for determining validity of a semi-persistent scheduling (SPS) resource across multiple cells in a wireless communication system is provided. A user equipment (UE) receives a SPS resource configuration including time information related to validity of the SPS resource configuration from a network, and determines whether the SPS resource configuration is valid or not according to the time information.

Background: Semi-Persistent Scheduling (SPS) Workflow

  1. The RF module in the Snapdragon chip receives the SPS resource configuration from the network. This configuration includes time information related to the validity of the SPS resource.
  2. The Physical Layer (PHY) processes the received configuration to determine its validity based on the time information provided.
  3. If the configuration is valid, the Medium Access Control (MAC) layer handles the allocation of radio resources for multiple consecutive Transmission Time Intervals (TTIs). This reduces the need for frequent scheduling decisions and signaling overhead.
  4. The MAC layer coordinates with the Radio Link Control (RLC) layer to manage data transmission using the allocated resources. The RLC layer ensures data integrity and proper sequencing.
  5. The Digital Signal Processor (DSP) and Application Processor within the Snapdragon chip are responsible for executing the scheduling algorithms and managing the data flow.The configuration and scheduling information are stored in the shared memory accessible by both the DSP and the application processor.

Vulnerability details: Out-of-bounds Write in SPS Applications. Memory corruption while reading secure file. This is a type of memory access error that occurs when a program writes data from a memory address outside of the bounds of a buffer. This can result in the program writing data that does not belong to it, which can cause crashes, incorrect behavior, or even security vulnerabilities.

Official announcement: For details, please refer to the link –https://nvd.nist.gov/vuln/detail/cve-2024-49835

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

Mali GPU Driver Security Bulletin: CVE-2025-0427

Leave a comment

(7th May 2025)

Last updated: 2 May 2025 (official)

Preface: An ioctl interface is a single system call by which userspace may communicate with device drivers. Requests on a device driver are vectored with respect to this ioctl system call, typically by a handle to the device and a request number.

Background: The Arm Mali GPU, when installed on an Android phone, works alongside the CPU rather than replacing it. The Mali GPU is specifically designed for handling graphics processing tasks, such as rendering images, animations, and videos, which helps to offload these tasks from the CPU. This allows the CPU to focus on other computational tasks, improving overall device performance and efficiency.

The Mali GPU itself does not have an embedded CPU; it is a separate component that works in conjunction with the device’s main CPU. This collaboration between the GPU and CPU ensures that graphics-intensive applications, like games and videos, run smoothly while maintaining efficient power usage.

Vulnerability details: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.

Impact: This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-0427

https://developer.arm.com/documentation/110465/latest

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-49739 – GPU DDK misuse ptrace system call (6th May 2025)

Leave a comment

Official release posted: 2nd May 2025

Since the manufacturer did not provide a detailed description, is the situation discovered by the manufacturer similar to this article details?

Preface:

Nvidia is a major player in the GPU market, known for its high-performance graphics cards used in gaming, professional visualization, data centers, and AI applications.

Imagination Technologies specializes in providing GPU processor solutions for graphics and AI vision applications. They focus on mobile devices, automotive, and embedded systems.

Background: All PowerVR GPUs are based on unique Tile Based Deferred Rendering (TBDR) architecture; the only true deferred rendering GPU architecture in the world.  True deferred rendering GPU architecture, specifically Tile-Based Deferred Rendering (TBDR), is a unique approach used by PowerVR GPUs.

Tile-Based Deferred Rendering (TBDR)

– Tile-Based Rendering: The screen is divided into small tiles, and each tile is processed individually. This allows the GPU to store data like color and depth buffers in internal memory, reducing the need for frequent access to system memory. This results in lower energy consumption and higher performance.

– Deferred Rendering: This technique defers texturing and shading operations until the visibility of each pixel in the tile is determined. Only the pixels that will be visible to the user consume processing resources, which enhances efficiency.

Vulnerability details: Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.

Resolution: The DDK Kernel module has been updated to address this  improper use of ptrace system call to prevent write requests to read-only memory.

Official announcement: Please see the link for details –

https://www.imaginationtech.com/gpu-driver-vulnerabilities

Potential Risk of CVE

CVE-2025-21756: Does the vsock design flaw affect Hyper-V? (4th May 2025)

Leave a comment

Preface: Hyper-V is still available as a role in Windows Server 2022 and will be supported as long as that operating system is, currently scheduled for end of extended support on October 14, 2031.

Background: The vsock can also be used in QEMU/KVM as well as HyperV but the code is close source. H2G (host to guest) transports: they run in the host and usually they provide the device emulation; currently we have vhost and vmci transports. G2H (guest to host) transports: they run in the guest and usually they are device drivers; currently we have virtio, vmci, and hyperv transports.

– virtio-vsock provides a way for applications running on a guest VM and the host system to communicate with each other using the standard socket interface ( socket , connect , bind , listen , accept ).

– VMCI sockets communicate between the host and a guest on VMware platform products. You could also use VMCI sockets for interprocess communications on a guest. You cannot use VMCI sockets between the host and a virtual machine running on a different host.

– Starting with the Windows 10 Anniversary Update, anyone can create applications that communicate between a Hyper-V host and its virtual machines over Hyper-V sockets. Hyper-V Sockets is a Windows Sockets that uses a new address family and specialized endpoints for virtualizers. All communications run over Hyper-V sockets without using the network, and all data remains in the same physical memory. Applications that use Hyper-V sockets are similar to Hyper-V Integration Services.

Vulnerability details: Design weakness on vsock.

Remedy: Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().

Prevents socket unbinding during a transport reassignment, which fixes a use-after-free:

Ref: Based on the latest information, CVE-2025-21756 does not appear to impact Microsoft Hyper-V. The recent vulnerabilities affecting Hyper-V are CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, which involve privilege escalation and are already being exploited in the wild.

Official announcement: Please see the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-21756

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3f43540166128951cc1be7ab1ce6b7f05c670d8b

Science

Power outage in Spain and Portugal on caused by rare atmospheric phenomenon. So called Induced atmospheric vibration. (1st May 2025)

Leave a comment

Preface: MADRID/LISBON, April 28 (Reuters) – Power started returning to parts of the Iberian peninsula late on Monday after a huge outage brought most of Spain and Portugal to a standstill, grounding planes, halting public transport, and forcing hospitals to suspend routine operations.

Background: The recent widespread power outage in Spain, Portugal, and parts of southern France was indeed attributed to a rare atmospheric phenomenon. The initial reports suggested that “induced atmospheric vibration” might have been the cause. This term refers to oscillations in the power lines caused by extreme changes in temperature or air pressure, leading to synchronization failures in the electrical grid.

Technical focus: The term “induced atmospheric vibration” refers to oscillations in power lines caused by extreme atmospheric conditions, such as significant temperature changes or strong winds . These oscillations can affect the stability of the electrical grid.To simplify, imagine the power lines as giant coils. When the atmosphere changes rapidly, it can cause these coils to vibrate or oscillate. This vibration can lead to synchronization issues in the power grid, making it unstable and potentially causing outages.

Synchronization issues in the power grid often refer to the phase angle differences between the voltage waveforms of different parts of the grid. When the phase angles are not in sync, it means that the peaks and troughs of the voltage waveforms are not aligned, which can lead to instability in the grid.

In simpler terms, think of the power grid as a large orchestra. For the music (electricity) to flow smoothly, all the instruments (generators) need to play in harmony (synchronization). If one instrument is out of sync, it disrupts the harmony, causing issues.

The term “cos phi” (cosine of the phase angle) refers to the power factor, which is a measure of how effectively the electrical power is being used. When the phase angles are not aligned, the power factor deviates from its optimal value, leading to inefficiencies and potential disruptions

Headline News: Please refer to the link – https://www.reuters.com/world/europe/large-parts-spain-portugal-hit-by-power-outage-2025-04-28/

AI and ML, Potential Risk of CVE

CVE-2025-23245: NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor (30-4-2025)

Leave a comment

Preface: DeepSpeed MII, an open-source Python library developed by Microsoft, aims to make powerful model inference accessible, emphasizing high throughput, low latency, and cost efficiency. TensorRT LLM, an open-source framework from NVIDIA, is designed for optimizing and deploying large language models on NVIDIA GPUs.

Background: TensorRT-LLM is a library developed by NVIDIA to optimize and run large language models (LLMs) efficiently on NVIDIA GPUs. It provides a Python API to define and manage these models, ensuring high performance during inference.

The Python Executor within TensorRT-LLM is a component that orchestrates the execution of inference tasks. It manages the scheduling and execution of requests, ensuring that the GPU resources are utilized efficiently. The Python Executor handles various tasks such as batching requests, managing model states, and coordinating with other components like the model engine and the scheduler.

Vulnerability details: NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.

CWE-502: The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5648

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-45552 – Buffer Over-read in Data Network Stack & Connectivity  (30-04-2025)

Leave a comment

NVD Published Date: 04/07/2025

NVD Last Modified: 04/07/2025

Preface: Real-time Transport Protocol (RTP) is a network protocol used for delivering audio and video data over the internet in real time. It is designed to provide reliable and efficient transmission of multimedia content, even in the presence of network congestion or packet loss.

Background: The Snapdragon 865 5G Mobile Platform is designed to handle various networking tasks, including RTCP (Real-Time Transport Control Protocol) packets. The rtcp_sender[.]cc driver, which is responsible for sending RTCP packets, is typically part of the software stack that runs on the device’s operating system rather than being embedded directly within the Snapdragon chipset itself

The Snapdragon 865 provides the necessary hardware support and interfaces for the operating system to manage network communications efficiently . The actual implementation of RTCP handling, including the rtcp_sender[.]cc driver, would be part of the software layer that interacts with the hardware.

Vulnerability details: Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn’t adhere to RFC standards.

Official announcement: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-45552

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2025-31201: about RPAC – Reconfigurable Processing Architecture Core – iPhone XS and later (28-4-2025)

Leave a comment

Official Released April 16, 2025

Preface: The Reconfigurable Processing Architecture Core (RPAC) in Apple iOS is a component found in newer Apple Silicon chips. Its major function is to enhance the security and performance of the system by providing a flexible and efficient processing architecture. RPAC is designed to support various computational tasks and can be dynamically reconfigured to optimize performance for different applications.

Background: Arbitrary read and write refer to the ability of an attacker to read from or write to any memory location within a system.

Buffer overflows are a common cause of arbitrary read and write vulnerabilities, but in this CVE, the issue is related to how the RPAC component handles memory and security checks.

RPAC uses PAC to protect against memory corruption attacks. PAC works by cryptographically signing pointers, such as return addresses, to ensure they haven’t been tampered with. This helps prevent unauthorized modifications and ensures the integrity of memory operations.

RPAC performs various security checks to validate memory access and operations. These checks help detect and guard against unexpected changes to pointers and other critical data structures

Vulnerability details: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Official announcement: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-31201

antihackingonline.com