Preface: The Serial Presence Detect function is implemented using a 2048 bit EEPROM component. This nonvolatile storage device contains data programmed by the DIMM manufacturer that identifies the module type and various SDRAM organization and timing parameters.

EEPROM stands for Electrically Erasable Programmable Read-Only Memory. It’s a type of non-volatile memory used in computers and other electronic devices to store critical data that remains intact even when power is off.

Background: AMD SEV-SNP is a confidential computing hardware technology present in AMD EPYC processors from generation 3 and newer. It is based on hardware virtualization extensions and achieves isolation by adding these measures: Full memory encryption.

SEV-SNP is supported on AMD EYPC processors starting with the AMD EPYC 7003 series processors. AMD SEV-SNP offers powerful and flexible support for the isolation of a guest virtual machine from an untrusted host operating system. It is very useful in public cloud and any untrusted host scenario.

Vulnerability details: Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Remark: AMD recommends utilizing memory modules that lock Serial Presence Detect (SPD), as well as following physical system security best practices.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Preface: SIMATIC WinCC is a supervisory control and data acquisition (SCADA) and human-machine interface (HMI) system from Siemens. SCADA systems are used to monitor and control physical processes involved in industry and infrastructure on a large scale and over long distances. SIMATIC WinCC can be used in combination with Siemens controllers. WinCC is written for the Microsoft Windows operating system.[1][2] It uses Microsoft SQL Server for logging and comes with a VBScript and ANSI C application programming interface.

Background: The User Management Component (UMC) enables the system-wide, central maintenance of users with an optional connection to Microsoft Active Directories.

The User Management Component (UMC) enables the system-wide, central maintenance of users with an optional connection to Microsoft Active Directories. UMC allows the establishment of central user management. This means that you can define and manage users and user groups across software and devices. Users and user groups can also be transferred from a Microsoft Active Directory (AD).

The following applications are connected to UMC: SINEMA RC, SINEC NMS, WinCC Unified, TIA Portal & WinCC Runtime Advanced

Vulnerability details: A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.

Official announcement: Please refer to the link for details –

https://cert-portal.siemens.com/productcert/html/ssa-928984.html?ste_sid=ee8ee88d412b10e86a45542d24a25db6

Preface: In computing, an oops is a serious but non-fatal error in the Linux kernel. An oops may precede a kernel panic, but it may also allow continued operation with compromised reliability.

Background: The Internet Communication Manager ensures that communication between the SAP System (SAP NetWeaver Application Server) and the outside world via HTTP, HTTPS and SMTP protocols works properly. In its role as a server, the ICM can process requests from the Internet that arrive as URLs with the server/port combination that the ICM can listen to. The ICM then calls the relevant local handler for the URL in question.

Vulnerability details:

SAP NetWeaver Application Server for ABAP is affected by NULL pointer dereference vulnerability:
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. (CVE-2024-47586)

Official announcement: SAP Security Patch Day – December 2024.

Please refer to the link for details – https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html

Preface: The Go language is also developed on fsnotify, but the file extension is fsnotify[.]go. fsnotify is a Go library to provide cross-platform filesystem notifications on Windows, Linux, macOS, BSD, and illumos. Go 1.17 or newer is .

Background: In Linux, fsnotify is actually implemented based on the inotify system call. inotify is a subsystem of Linux VFS, which can monitor changes in the file system. When the file system changes, the kernel will notify the user space of these changes, and the user space can do something based on these changes.

Vulnerability details: Fix ordering of iput() and watched_objects decrement. Ensure the superblock is kept alive until we’re done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watched_objects count elevated, so iput() must happen before the watched_objects decrement. This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super(). Also, ensure that fsnotify_put_sb_watched_objects() doesn’t call fsnotify_sb_watched_objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s_fsnotify_info.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-53143

Preface: Yes, it is possible to develop an Android app using C++. While Java and Kotlin are the recommended languages for Android development. Many memory manipulation functions in C and C++ do not perform bounds checking and can easily overwrite the allocated bounds of the buffers they operate upon.

Background: Skia Graphics Library (SGL) is an open source graphics library written in C++. It was originally developed by Skia Company and was open sourced under the New BSD License after being acquired by Google. The first product developed by Skia is the Skia Graphics Library, which can render high-quality 2D graphics on low-end devices such as mobile phones. As of 2017, it is used in Android, Google Chrome, Chrome OS, Chromium OS, Mozilla Firefox, Firefox OS, and Sublime Text.

Vulnerability details: This vulnerability lead to remote code execution with no additional execution privileges needed. It is related to size overflow when allocating SkMask data.

Official announcement: Please see the link below for details –

https://source.android.com/docs/security/bulletin/2024-12-01