Cell Phone (iPhone, Android, windows mobile), IoT, Potential Risk of CVE

Android Security Bulletin – May 2024 There’s a lot you can explore (9 May 2024)

Leave a comment

Preface: Heard that Long-term support (LTS) for Linux kernels is being reduced from six to two years now.

Background: Greg Kroah-Hartman is a major Linux kernel developer. As of April 2013, he is the Linux kernel maintainer for the -stable branch, the staging subsystem, USB, driver core, debugfs, kref, kobject, and the sysfs kernel subsystems, Userspace I/O, and TTY layer.

What will be the next LTS kernel?

But in any event Greg Kroah-Hartman has decided to go ahead and declare Linux 6.6 as the newest LTS kernel. Kernel.org has been updated to reflect Linux 6.6 LTS. The current plan is for Linux 6.6 to be maintained until going end-of-life in December 2026: the same time Linux 6.1, 5.15, and 5.10 will reach end-of-life.

Android Security Bulletin—May 2024 (Published May 6, 2024)

The diagram above shows that kernel versions have been updated. Kernel version updates are dependent on the version of Android OS at the time of device launch. Please refer to the following link for details:

https://source.android.com/docs/security/bulletin/2024-05-01

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-1067: Mali GPU Kernel Driver allows improper GPU memory processing operations (8 May 2024)

Leave a comment

Date of issue: 3rd May 2024

Preface: The Mali-G720 and Mali-G620 GPUs complete the world-class GPU portfolio for a wide range of consumer devices. After four generations of GPUs on the fourth-generation Valhall architecture, the latest Arm GPUs are built on a new fifth-generation GPU architecture (called Gen 5).

Background: The New 5th Gen Arm GPU Architecture

The 5th Gen GPU architecture introduces a key feature called Deferred Vertex Shading (DVS), which revolutionizes data flow within the GPU and expands the number of GPU cores, reaching up to 16 cores for enhanced performance.

The Arm 5th Gen GPU architecture is the most efficient GPU architecture Arm has ever created, designed with CPU and system architecture in mind. It redefines parts of the graphics pipeline to significantly reduce memory bandwidth, thus improving total system efficiency and power.

Technical reference: It solves the bandwidth problem of the traditional model because the fragment shader reads a small block each time and puts it on the chip. It does not need to read the memory frequently until the final operation is completed and then writes it to the memory. You can even further reduce memory reads and writes by compressing tiles. In addition, when some areas of the image are fixed, the function can be called to determine whether the tiles are the same to reduce repeated rendering.

Vulnerability details: A local non-privileged user can make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.

Ref: Arm did not provide details. Is the senario on attached diagram similar to this CVE?

Resolution: This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r48p0. Users are recommended to upgrade if they are impacted by this issue.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-1067

Potential Risk of CVE

CVE-2024-33602: Name Service Cache Daemon’s (nscd) design limitation (6 May 2024)

Leave a comment

Preface: Kubernetes creates DNS records for Services and Pods. You can contact Services with consistent DNS names instead of IP addresses. Kubernetes publishes information about Pods and Services which is used to program DNS. Kubelet configures Pods’ DNS so that running containers can lookup Services by name rather than IP.

Background: When nscd enabled, this function allows your Linux computer to retrieve DNS messages locally. Since the Linux operating system have additional function collects the browser cache and DNS cache (instead of waiting for a public DNS resolver). Therefore, your frequently visited sites will load much faster than other sites.

Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd[.] conf, determines the behavior of the cache daemon.

DNS domain name resolution in Kubernetes cluster often has problems for various reasons, including kernel problems and load problems. You can use nscd in Kubernetes cluster to improve the lookup efficiency.

Vulnerability details: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon’s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-33602

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

Starting from CVE-2024-34476, other design flaws have also been found, please use non-vulnerable Open5GS versions for development. (4-May-2024)

Leave a comment

Preface: The two prerequisites for running Open5GS are the Open5GS core and MongoDB. The MongoDB, a document-based database, for user equipment registration. MongoDB uses some weird special processor instruction, which is not provided in intel Celeron processor.

Background: The Access and Mobility Management Function (AMF) is one of the control plane network functions (NF) of the 5G core network (5GC). The control plane in 5G Network Architecture contains the AMF which is the first node in the control plane that connects to the gNB. And it is responsible for the access and mobility management. The SMF, that is responsible for session management.

Authentication messages are a set of NAS message involved in Athenticating UE to 5G RAN and Core Network. Mainly three NAS messages are involved : AuthenticationRequest, AuthenticationResponse. Important Information of RegistrationRequest are : Authentication Key Information.

Vulnerability details: Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security[.]c for pkbuf->len.

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2024-34476

AI and ML, Potential Risk of CVE

Will such scenario be similar to the CVE-2024-0087 mentioned? (3May 2024)

Leave a comment

Preface: NVIDIA Triton Inference Server, part of the NVIDIA AI platform and available with NVIDIA AI Enterprise, is open-source software that standardizes AI model deployment and execution across every workload.

Background: The Triton Inference Server is available as a pre-built Docker container or you can build it from source.The Triton Docker container is available on the NVIDIA GPU Cloud (NGC). For best performance the Triton Inference Server should be run on a system that contains Docker, nvidia-docker, CUDA and one or more supported GPUs.

Vulnerability details: NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Ref: . LFI (Local File Inclusion) is a web vulnerability that allows an attacker to access server files by manipulating paths in HTTP requests.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5535

Potential Risk of CVE

Regarding CVE-2024-4058: Closer Look and Speculation at Google Chrome Design Flaw (01-May-2024)

Leave a comment

Preface: Type confusion vulnerability can be powerful. According to Common Weakness Enumeration (CWE) The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.

Background: Chrome uses ANGLE not only for WebGL, but also for its implementation of the 2D HTML5 canvas and for the graphics layer of the Google Native Client(which is OpenGL ES 2.0 compatible). Safari web browser uses ANGLE as basis for its WebGL implementation. Firefox uses ANGLE as the default WebGL backend on Windows.

ANGLE provides OpenGL ES 2.0 and EGL 1.4 libraries and dlls. You can use these to build and run OpenGL ES 2.0 applications on Windows, Linux, Mac and Android.

Vulnerability details: Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Official announcement: Please refer to the link for details – https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html

AI and ML, Potential Risk of CVE

CVE-2024-31621: The flowise version <= 1.6.5 is vulnerable to authentication bypass (29-04-2024)

Leave a comment

Preface: What are LLM Apps? LLM apps, or Large Language Model applications, are applications that leverage the capabilities of Large Language Models (LLMs) to perform a variety of tasks. LLMs are a type of artificial intelligence (AI) that uses deep learning techniques and large datasets to understand, generate, and predict new content.


Background: Flowise uses low-code approach that enable developers to manage the whole lifecycle of building LLMs apps in production. From protoyping, evaluation, to iterations.


Ref: Middleware functions are functions that have access to the request object (req), the response object (res), and the next function in the application’s request-response cycle. The next function is a function in the Express router which, when invoked, executes the middleware succeeding the current middleware.


Vulnerability details: An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.


Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-31621

AI and ML, System, Under our observation

AMD urged software developers to implement best practices to avoid secret-dependent data accesses or control flows. (28-04-2024)

Leave a comment

Originally published on April 26, 2024.

Preface: (Level 3 cache) A memory bank built onto the motherboard or within the CPU module. The L3 cache feeds the L2 cache, and its memory is typically slower than the L2 memory, but faster than main memory.

Background: The last-level cache (LLC) is the last chance for memory accesses from the processor to avoid the costly latency of going to main memory. Level 3 (L3) represents the Last Level Cache (LLC) in the example above, and is the last (and slowest) stop within the cache hierarchy before the system must endure the long trek out to Main Memory.

The last-level cache (LLC) is one of the most dangerous shared resources since it is shared by all of the cores in a processor package, yet it allows fine-grained, high-bandwidth, low-noise cross-core attacks.

The cache memory divides into three levels:

L1 cache – fastest, but smallest, data and instructions

L2 cache – slower, but bigger, data-only

L3 cache – slowest, but biggest, data-only

Vulnerability detail: Cache side channel attacks work by monitoring security-critical operations such as AES T table entries or modular exponentiation or multiplication or memory accesses. The attacker is then able to derive the encryption key by recovering the key based on the accesses made (or not made) by the victim.

Official announcement: Please refer to the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7019.html

AI and ML, Potential Risk of CVE

About CVE-2024-4173 – Storm in a teacup in big data world. Brocade did remedy, undocumented user “satnav” no longer present. (26th Apr 2024)

Leave a comment

Preface: Apache Kafka was originally developed by Linkedin to solve data pipeline problems, and was later donated to the Apache Foundation as an open source project.

Background: Avro facilitates the exchange of big data between programs written in any language. With the serialization service, programs can efficiently serialize data into files or into messages. The data storage is compact and efficient. Avro stores both the data definition and the data together in one message or file. SANnav uses Kafka technology to push data out to a consumer that is configured to receive it. Clients receive a secure binary stream of telemetry data pushed periodically.

The Schema Registry is an external process that runs on a server outside of your Kafka cluster. It is essentially a database for the schemas used in your Kafka environment and handles the distribution and synchronization of schemas to the producer and consumer by storing a copy of the schema in its local cache.

Vulnerability details: A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

Remark: There is no official explanation as to why this user “sat nav” was created in the Linux operating system. But now it no longer exists. But the possible reason for this vulnerability is that the service user ID and password are hard-coded!

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-4173

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23285

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-23271: A logic issue was addressed with improved checks, said Apple. (24-04-2024)

Leave a comment

Preface: How to use iframes? To use iframes, you need to create an <iframe> element and place it inside the <body> element of your web page. You can use the src attribute to specify the web page you want to load into the iframe. For example, <iframe src=”page2.html”> loads page2.html into the iframe. You can also use the width and height attributes to specify the size of the iframe.

Background: Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.

Vulnerability details: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-23271

antihackingonline.com