Preface: I believed that similar type of design weakness known last year by Arm (Feb 2023). May be it fixed it already.
Background: Linux kernel on Intel systems is susceptible to Spectre v2 attacks. CVE-2022-0001 explained Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. On 9th April, 2024 Dr. Elke Drennan published an article focus an attacker with access to CPU resources may be able to read arbitrary privileged data or system registry values by speculatively jumping to a chosen gadget. When you read the details, you will find that AMD and ARM are not affected. Why?
Vulnerability details: An attacker with access to CPU resources may be able to read arbitrary privileged data or system registry values by speculatively jumping to a chosen gadget.
Solution: Please update your software according to the recommendations from respective vendors with the latest mitigations available to address this vulnerability and its variants.
Background: Intel CPU’s inbuilt TDX Module provides an interface for the hypervisor to manage VMs indirectly and offers new instructions, VMLAUNCH-VMX and VMRESUME, for starting and resuming a VM. Instead of keeping track of the owner for each memory page on a system wide basis, TDX relies on keeping one shared extended page table for the hypervisor and multiple private extended page tables for each virtual machine (called TD by Intel).
Reference: int means interrupt, and the number 0x80 is the interrupt number. An interrupt transfers the program flow to whomever is handling that interrupt, which is interrupt 0x80 in this case. In Linux, 0x80 interrupt handler is the kernel, and is used to make system calls to the kernel by other programs.
The kernel is notified about which system call the program wants to make, by examining the value in the register %eax (AT&T syntax, and EAX in Intel syntax). Each system call have different requirements about the use of the other registers. For example, a value of 1 in %eax means a system call of exit(), and the value in %ebx holds the value of the status code for exit().
Vulnerability details: The test implement a kernel module in 150 LoC to inject interrupts into the TDX VM. Our host module uses kernel hooks to call a function in KVM that is used to deliver int 0x80 interrupts to TDX VMs. Unlike SEV-SNP, TDX does not expose the Virtual Machine Control Structure (VMCS) or the virtual APIC pages to the untrusted hypervisor. Instead, it expects the hypervisor to write into a Posted Interrupt Request (PIR) buffer. This buffer is used by hardware to inject interrupts into TDX VMs through the virtual APIC [34]. We inject two interrupts into two different cores of the CVM with this mechanism, one to gain login into the TDX VM with OpenSSH and another to get root access with sudo. During these two injects, the guest kernel does not acknowledge the interrupts. While this does not stop our attacks, it does leave the APIC with an elevated Task-Priority-Register (TPR), blocking all lower-priority interrupts on the affected vCPU. This may break CVM functionality that is noticeable by the user. To evade such detection, we implement a guest kernel module (kern_ack) that resets the APIC state. We inject this kernel module into the TDX VM as the last part of our attack after gaining root access.
Preface: AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) is a feature of AMD EPYC processors that adds strong memory integrity protection to help prevent malicious hypervisor-based attacks in order to create an isolated execution environment.
Background: Fundamentally, int means interrupt, and the number 0x80is the interrupt number. An interrupt transfers the program flow to whomever is handling that interrupt, which is interrupt 0x80 in this case. In Linux, 0x80 interrupt handler is the kernel, and is used to make system calls to the kernel by other programs.
In current Linux, 32-bit syscalls (including int 0x80 from 64-bit) eventually end up indo_syscall_32_irqs_on(struct pt_regs *regs). It dispatches to a function pointer ia32_sys_call_table, with 6 zero-extended args. This maybe avoids needing a wrapper around the 64-bit native syscall function in more cases to preserve that behaviour, so more of the ia32 table entries can be the native system call implementation directly.
Vulnerability details: Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.”
In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity of Linux® SEV-SNP guests by injecting interrupts.
Preface: This vulnerability was posted on April 1 2024. For details, please refer to the Qualcomm April 2024 Security Bulletin.
Background: EL1 can access most system registers, EL2 has additional privileges, and EL3 has all privileges. The only way that the processor can change from one exception level to a higher level is when an exception occurs.
In computing, an input–output memory management unit is a memory management unit connecting a direct-memory-access–capable I/O bus to the main memory. Like a traditional MMU, which translates CPU-visible virtual addresses to physical addresses, the IOMMU maps device-visible virtual addresses to physical addresses.
Qualcomm “B” family devices which are not compatible with arm-smmu have a similar looking IOMMU but without access to the global register space, and optionally requiring additional configuration to route context irqs to non-secure vs secure interrupt line.
Vulnerability details: Use After Free in Kernel. UAF scenario may occur in clients with EL1 privileges for iova mappings when we miss to check the return value of arm_lpae_init_pte which may lead to an PTE be counted as it was set even if it was already existing. This can cause a dangling IOMMU PTE to be left mapped pointing to a freed object and cause UAF in the client if the dangling PTE is accessed after a failed unmap operation.
Preface: A CUDA binary (also referred to as cubin) file is an ELF-formatted file which consists of CUDA executable code sections as well as other sections containing symbols, relocators, debug info, etc. By default, the CUDA compiler driver nvcc embeds cubin files into the host executable file.
Background: To dump cuda elf sections in human readable format from a cubin file, use the following command: cuobjdump -elf <cubin file>
nvdisasm extracts information from standalone cubin files and presents them in human readable format. The output of nvdisasm includes CUDA assembly code for each kernel, listing of ELF data sections and other CUDA specific sections.
–base-address <value>
–base
Desc: Specify the logical base address of the image to disassemble. This option is only valid when disassembling a raw instruction binary (see option –binary), and is ignored when disassembling an Elf file. Default value: 0.
Vulnerability details: CVE‑2024‑0072 and CVE-2024-0076: NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.
Preface: SD-WAN (Software-Defined WAN) is a service that overlays the hybrid network infrastructure, including SD-WAN routing. An intelligent software layer manages both MPLS WAN and other connections.
Both 5G and SD-WANs are independent technologies, but together they allow businesses to access their vital applications with the reliability, coverage, and speed that 5G provides.
Background: SD-WAN Edges perform deep application recognition, application and packet steering, performance metrics and end to end quality of service in addition to hosting virtual network function (VNF) services.
Vulnerability details: Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246)
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4.
Known Attack Vectors -A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.
Preface: Imagine that you are training your application to differentiate between two types of cars (Ferrari and Porsche). You show the app numerous images of both cars, from appearance to features to engine design. Over time, apps begin to recognize the unique features that distinguish each other. At this point, the application can tell the difference between the two without help, which is basically what your Machine Learning model is used for. We call this phase training.
Background: LocalAI is a drop-in replacement REST API compatible with OpenAI API specifications for local inferencing. It allows to run models locally or on-prem with consumer grade hardware (No need for expensive cloud services or GPUs), supporting multiple models families compatible with the ggml format.
Vulnerability details: The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits.
Ref: Why missing CSRF looks common? This can be caused by ad- or script-blocking plugins or extensions and the browser itself if it’s not allowed to set cookies.
Preface: Unlike OpenAI’s ChatGPT, Chat with RTX doesn’t remember the context of prompts. Asking Chat with RTX to give examples of fishes in one prompt and then asking for a description of “the fishes” in the next prompt will result in a blank – users will need to spell out everything explicitly.
Background: Chat with RTX defaults to AI startup Mistral’s open-source model but supports other text-based models, including Meta’s Llama 2, which is also open-source.
Chat with RTX is a demo app that lets you personalize a GPT large language model (LLM) connected to your own content—docs, notes, videos, or other data. Leveraging retrieval-augmented generation (RAG), TensorRT-LLM, and RTX acceleration, you can query a custom chatbot to quickly get contextually relevant answers. And because it all runs locally on your Windows RTX PC or workstation.
Vulnerability details: NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering.
Preface: WebGPU is a JavaScript API provided by a web browser that enables webpage scripts to efficiently utilize a device’s graphics processing unit (GPU). Google has enabled WebGPU support by default in Chrome 121, the latest version of its Chrome browser.
Background: WebGPU sees physical GPU hardware as GPUAdapters. It provides a connection to an adapter via GPUDevice, which manages resources, and the device’s GPUQueues, which execute commands.
Vulnerability details: Use after free in Dawn in Google Chrome prior to 123[.]0[.]6312[.]86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Preface: It is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations, said researchers at ETH Zurich.
Background: When high-energy charged particles pass through the crystal lattice of a silicon wafer, their charges can interfere with the electrons within the lattice itself and provide energy. If the lattice is moved closer together within the wafer, this disturbed electron trajectory can create a temporary highly conductive path that did not exist before. The effect of this trace is similar to running a very thin wire across the wafer in random directions. If the particle’s path crosses a feature within the die, such as a floating MOSFET gate or an NMOS DRAM cell, the result may be a flipped bit.
Vulnerability details: On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD “Zen” platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.
