AI and ML, Potential Risk of CVE, System

Red Hat security advisory: Important – glibc security update (29-05-2024)

Leave a comment

Preface: You can clear the cache of nscd by performing the following actions:

Execute the following command: sudo /etc/init[.]d/nscd restart.

Background:

Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd. conf, determines the behavior of the cache daemon.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

The iconv() function shall convert the sequence of characters from one codeset, in the array specified by inbuf, into a sequence of corresponding characters in another codeset, in the array specified by outbuf. The codesets are those specified in the iconv_open() call that returned the conversion descriptor, cd.

Vulnerability details:

glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)

glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)

 glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600)

 glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601)

 glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602)

Official announcement: For detail, please refer to link – https://access.redhat.com/errata/RHSA-2024:3464

AI and ML, Potential Risk of CVE

CVE-2024-5274: Google Chrome fixed remote code execution vulnerability (28-05-2024)

Leave a comment

Preface: Every time I start learning CVE. It helps me enrich my knowledge.  Even though it was released months ago.

Background: V8 is a JavaScript and WebAssembly engine developed by Google for its Chrome browser. Each WebAssembly module executes within a sandboxed environment separated from the host runtime using fault isolation techniques.

Ref: wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

Vulnerability details: This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20

Google is aware that an exploit for CVE-2024-5274 exists in the wild.

Official announcement: For detail, please refer to link – https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html?m=1

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

Apple security updates on 20th May 2024, But it has not published CVE entries. Observe how Apple handled in the past, maybe you can find it in a CVE few months from now. (27-05-2024)

Leave a comment

Preface: Apple released iOS 17.5 and iPadOS 17.5 on May 20, 2024, which fixed multiple security vulnerabilities.  I heard that some users found that photos they had deleted years ago suddenly appeared in recent albums as new photos.

Background: The attached pictures document some rare occurrences. For example, which IOS version still support 32 bit applications last year. Perhaps there is a difference regarding to offical announcement. And suspected that may be is the reason to unsupport 32 bits apps.

Official announcement: Why does deleting pictures return?

According to Apple, the photos that did not fully delete from a user’s device were not synced to iCloud Photos. Those files were only on the device itself. However, the files could have persisted from one device to another when restoring from a backup, performing a device-to-device transfer, or when restoring from an iCloud Backup but not using iCloud Photos.

As for vulnerabilities details in security updates, I will pay close attention to see if they can be found.

There are no published CVE entries for this update.  Please refer to the link for details – https://support.apple.com/en-hk/HT201222

AI and ML, Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-23354 Memory corruption when the IOCTL call is interrupted by a signal. (24May 2024)

Leave a comment

Originally published on May 6, 2024

Preface: The Snapdragon 8 Gen 2 Mobile Platform defines a new premium standard for connected computing. Intelligently engineered with groundbreaking AI across the board, this AI marvel enables truly extraordinary experiences.

Background: A vertex buffer object (VBO) is an OpenGL feature that provides methods for uploading vertex data (position, normal vector, color, etc.) to the video device for non-immediate-mode rendering.

KGSL allocates GPU-shared memory from its own page pool. A VBO is a buffer of memory which the gpu can access. That’s all it is. A VAO is an object that stores vertex bindings. This means that when you call glVertexAttribPointer and friends to describe your vertex format that format information gets stored into the currently bound VAO.

Vulnerability details: Memory corruption when the IOCTL call is interrupted by a signal.

Remedy: The VBO bind operation is often synchronous, and needs to be waited on by the ioctl thread. Allocate the completion struct used to synchronize between the ioctl and bind operation on the heap for simplicity.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-23354

Potential Risk of CVE

CVE-2024-22274: vCenter design weakness. Does it similar to this way? (23 May 2024)

Leave a comment

Preface: In computer security, arbitrary code execution (ACE) is an attacker’s ability to run any commands or code of the attacker’s choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution.

Background: vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.

Vulnerability details: The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

The vendor did not disclose details. Are there any design flaws similar to the following:

Ref: The HTTP header offers two distinct ways of specifying where the request ends: the Transfer-Encoding header and the Content-Length header. An HTTP request smuggling vulnerability occurs when an attacker sends both headers in a single request. This can cause either the front-end or the back-end server to incorrectly interpret the request, passing through a malicious HTTP query.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-22274

AI and ML, Network (Protocol, Topology & Standard), Potential Risk of CVE

CVE-2024-36008: The impact may be widespread but has been resolved. Linux, you did a great job. (21May 2024)

Leave a comment

Preface: Syzbot has begun to report kernel findings to LKML in 2017. Syzbot is a continuous kernel build / fuzz / report aggregation system.

Background: Linux has two mechanisms for setting routes, one is fib, and the other is routing generated by dynamic. fib uses route (man 8 route) to specify a static route table. What net/ipv4/route[.]c does is dynamic generate routing hash to speed up route decision.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() . syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree .

It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-36008

AI and ML, Potential Risk of CVE

Is AMD Instinct™ MI300X affected by CVE-2023-4969 (GPU memory leak). AMD has the answer. Official announcement on May 7, 2024.

Leave a comment

This article was published on May 21, 2024.

Preface: When I see the vulnerability it shows the date far away from now. Sometimes I lose interest. Maybe I’m missing a major technical detail. AMD officially released CVE-2023-4869 on March 7, 2024.

It happened to wake me up! Although today is May 21, 2024, it seems that my study is not late!

Background: Is MI300X better than H100? While both GPUs are capable, the MI300X has the edge in memory-intensive tasks like rendering large scenes and simulations. In comparison, the H100 excels in its AI-enhanced workflow and ray-traced rendering performance. AMD InstinctMI300X accelerators are designed to deliver leadership performance for Generative AI workloads and HPC applications.

Vulnerability details: Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality.

Official announcement: Please refer to the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6010.html

Potential Risk of CVE

CVE-2024-23664: CW:601 was fixed by Fortinet (20th May 2024)

Leave a comment

Initial publication: 14th May 2024

Preface: What happens if a website uses a user-supplied URL in a URL fragment to redirect the logged-in user to the requested page?

Background: CWE 601 – An open redirect vulnerability occurs when an application allows the user to control redirects or forward to another URL. If the application does not validate untrusted user input, an attacker could provide a URL that redirects an unsuspecting victim from a legitimate domain to the attacker’s phishing site.

Vulnerability details: CVE-2024-23664: A URL redirection to untrusted site (‘Open Redirect’) (CWE-601) vulnerability in FortiAuthenticator may allow an attacker to redirect users to an arbitrary website via a crafted URL.

Ref: You should validate the workspace ID first. If the workspace ID is valid, you can proceed with the HTTP request and return the response. However, if the workspace ID is invalid, you should handle the error appropriately.

Official details: Please refer to the link for details – https://fortiguard.fortinet.com/psirt/FG-IR-23-465

AI and ML, Potential Risk of CVE

CVE-2024-21792: Time-of-check Time-of-use race conditionin Intel® Neural Compressor software. Intel fixes exploited bugs. (16th May 2024)

Leave a comment

Preface: In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

Background: Intel Neural Compressor is an open source Python* library that performs model compression techniques such as quantization, pruning, and knowledge distillation across multiple deep learning frameworks including TensorFlow*, PyTorch*, and ONNX* (Open Neural Network Exchange) Runtime. The model compression techniques reduce the model size and increase the speed of deep learning inference for more efficient deployment on CPUs or GPUs.

Vulnerability details: Time-of-check Time-of-use race condition in Intel® Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.

Ref: When calling a series of methods which require a consistent view of an object, make sure to synchronize on a monitor that will prevent any other access to the object during your operations.

If the class that you are using has a well-designed interface, then synchronizing on the object itself will prevent its state being changed inappropriately.

Official details: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html

AI and ML, Potential Risk of CVE

CVE-2024-22476: Improper input validation in some Intel® Neural Compressor software. Intel fixes exploited bugs. (16th May 2024)

Leave a comment

Preface: Intel Neural Compressor performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs.

Background: Intel Neural Compressor is an open source Python* library that performs model compression techniques such as quantization, pruning, and knowledge distillation across multiple deep learning frameworks including TensorFlow*, PyTorch*, and ONNX* (Open Neural Network Exchange) Runtime. The model compression techniques reduce the model size and increase the speed of deep learning inference for more efficient deployment on CPUs or GPUs.

Vulnerability details: Improper input validation in some Intel® Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

Ref: GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.

Official details: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html

antihackingonline.com