AI and ML, Application Development

Don’t underestimate the impact of today’s open-source software development! (18th Dec 2023)

Leave a comment

Preface: In ten years ago, if you talk to people that your product software development use opensource products. Most likely cyber security expert will query your decision. But the trend of open-source software products usage seems change. The truth is a lot of open-source products alliances with enterprise computer vendor. So, the patch will deliver quickly when vulnerability found. As a matter of fact, in the world no software can avoid vulnerability occur. Furthermore, since open-source less portion bother by business decision. So it similar a technology booster driven the technology running more faster.

Background: In essence, a neural network accepts inputs , does some processing and produces outputs. This input-process-output mechanism is called neural network feed-forward. Understanding the feed-forward mechanism is required. To create a neural network that solves difficult practical problems such as facial recognition or voice identification.

PyTorch provides the elegantly designed modules and classes, including torch[.]nn, to help you create and train neural networks. An nn[.]Module contains layers, and a method forward(input) that returns the output.

Today’s market trends: According to news article published on Nov 2019. For autopilot, Tesla trains around 48 networks that do 1,000 different predictions and it takes 70,000 GPU hours. Moreover, this training is not a one-time affair but an iterative one and all these workflows should be automated while making sure that these 1,000 different predictions don’t regress over time.

PyTorch, especially has become the go-to framework for machine learning researchers. It is fast and efficient, allowing users to quickly iterate on experiments and build models. PyTorch supports both CUDA and OpenCL, making it easy to take advantage of powerful GPUs for faster training.

There is no doubt about the future development of artificial intelligence, so the demand for GPUs goes hand in hand with autonomous driving.

Potential Risk of CVE

CVE-2023-4622: It should patch by processor vendor or SUSE? (14th Dec 2023)

Leave a comment

Preface: Unix domain sockets and network sockets have different security characteristics. In general, Unix domain sockets are considered to be more secure than network sockets, as they are not exposed to the network and are only accessible to processes on the same machine.

Background: A Unix domain socket aka UDS or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. It is also referred to by its address family AF_UNIX .

DOCA Socket Relay allows Unix Domain Socket (AF_UNIX family) server applications to be offloaded to the DPU while communication between the two sides is proxied by DOCA Comm Channel.

Vulnerability details: A use-after-free vulnerability in the Linux kernel’s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer’s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-4622

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

About CVE-2023-40078: The OPUS a2dp on the Android platform has a design flaw that may lead paired device escalation of privilege (14th Dec 2023)

Leave a comment

Preface: A2DP is a protocol supported on most Bluetooth Audio devices. Opus is open source , OPUS a2dp being introduced in Android 13.

Background: In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Such design weakness published on 30th Oct, 2023. The CVE reference is CVE-2023-21361.

The advantages of using C++ for Android app development is its ability to create cross-platform apps. By writing platform-agnostic code in C++, you can reuse it for developing iOS apps using tools like Apple’s Xcode and Swift. This allows for efficient code sharing between Android and iOS platforms.

Vulnerability details: In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-40078

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2023-42914 – An app may be able to break out of its sandbox (13th Dec 2023)

Leave a comment

Preface: One action Apple has taken over the past few years is to harden the Safari WebContent (or “renderer”) process sandbox attack surface on iOS, most recently by removing the ability for WebContent to be exploited directly to the GPU process.

Background: App Sandbox provides protection to system resources and user data by limiting your app’s access to resources requested through entitlements.

Essentials – App Sandbox Entitlement

A Boolean value that indicates whether the app may use access control technology to contain damage to the system and user data if an app is compromised.

Key: com[.]apple[.]security[.]app-sandbox

Vulnerability details: An app may be able to break out of its sandbox. The issue was addressed with improved memory handling.

Impact: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-42914

Potential Risk of CVE

CVE-2023-6679 – About The Linux kernel dpll subsystem (11th Dec 2023)

Leave a comment

Preface: Null pointer dereference vulnerability can be exploited by hackers to maliciously crash a process to cause a denial of service. Can null pointer cause memory leak? This memory leak is caused by overwriting a pointer to allocated memory with either another valid pointer, or with a NULL pointer.

Background:

PLL – Phase Locked Loop is an electronic circuit which syntonizes clock signal of a device with an external clock signal. Effectively enabling device to run on the same clock signal beat as provided on a PLL input.

DPLL – Digital Phase Locked Loop is an integrated circuit which in addition to plain PLL behavior incorporates a digital phase detector and may have digital divider in the loop. As a result, the frequency on DPLL’s input and output may be configurable.

The main purpose of dpll subsystem is to provide general interface to configure devices that use any kind of Digital PLL and could use different sources of input signal to synchronize to, as well as different types of outputs. The main interface is NETLINK_GENERIC based protocol with an event monitoring multicast group defined.

Vulnerability details: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink[.]c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

Additional: Fix potential msg memleak encounter in drivers/dpll/dpll_netlink[.]c when genlmsg_put_reply failed

Remedy: Progam design should clean the skb resource if genlmsg_put_reply failed.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-6679

Potential Risk of CVE

ABout KubeVirt: Announcement ID – SUSE-SU-2023:4693-1 (Rating: important ) 10th Dec 2023

Leave a comment

Preface: Many enterprises have implemented Kubernetes and containers, and most also run virtual machines. This environment therefore increases operational complexity as well as time and infrastructure costs.

Background: OpenStack, libvirt, Kubernetes, Vagrant, and boot2docker are the most popular alternatives and competitors to KubeVirt. What is the difference between Kubernetes and KubeVirt? Scheduling, networking and storage are all delegated to Kubernetes, while KubeVirt provides the virtualization functionality. KubeVirt allows you to run full virtual machines on Kubernetes alongside regular containers.

WIth KubeVirt, you can declaratively:

-Create a VM

-Schedule a VM on a Kubernetes cluster

-Launch a VM

-Stop a VM

-Delete a VM

Vulnerability details: On Mar 2023 CVE vulnerability details published that versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes.

This time the manufacturer did not mention any technical issues related to this vulnerability. But I firmly believe that this is a remedial action for the vulnerability discovered in March 2023.

Official details: Please refer to the link for details – https://www.suse.com/support/update/announcement/2023/suse-su-20234693-1/

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

About CVE-2023-40088: When similar design flaws arise, perhaps you question the effectiveness of your security architecture? (7th Dec 2023)

Leave a comment

Preface: Bluetooth is now a regular part of your mobile experience. It covers everything from audio to wireless headphones and speakers, pairing game controllers and keyboards, network connections, and even the occasional file transfer over the air.

Background: What is Bluetooth adapter in Android? The BluetoothAdapter lets you perform fundamental Bluetooth tasks, such as initiate device discovery, query a list of bonded (paired) devices, instantiate a BluetoothDevice using a known MAC address, and create a BluetoothServerSocket to listen for connection requests from other devices.

Vulnerability details: In callback_thread_event of com_android_bluetooth_btservice_AdapterService[.]cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: This vulnerability was named CVE-2023-40088 since 9th Aug 2023 and announced to public on 5th Dec 2023. The advisory is available at:

https://source.android.com/docs/security/bulletin/2023-12-01

https://nvd.nist.gov/vuln/detail/CVE-2023-40088

AI and ML

For AI world in future, NVIDIA has developed a Secure Deployment Considerations Guide address to Triton Inference Server (6th Dec 2023)

Leave a comment

Preface: Artificial intelligence (AI) is growing like lightning. As a I.T computer user. Maybe we enjoy the benefits of smartphone apps features empowered by AI. As a matter of fact, we do no care or without knowledge what is AI back-end operations and architecture. For example, when you buy a steamed bun at the store, you certainly don’t worry about whether there are cockroaches in the kitchen. Because you know there are public health regulations in place to prevent that. This concept also applied to AI world. So, NVIDIAs has developed a Secure Deployment Considerations Guide address to Triton Inference Server. I hope this short article has piqued your interest.

Background: AI Inference is achieved through an “inference engine” that applies logical rules to the knowledge base to evaluate and analyze new information. In the process of machine learning, there are two phases. First, is the training phase where intelligence is developed by recording, storing, and labeling information. Second, is the inference phase where the machine uses the intelligence gathered and stored in phase one to understand new data.

General-purpose web servers lack support for AI inference features.

*There is no out-of-box support to take advantage of accelerators like GPUs, or to turn on dynamic batching or multi-node inference.

*Users need to build logic to meet the demands of specific use cases, like audio/video streaming input, stateful processing, or preprocessing the input data to fit the model.

*Metrics on compute and memory utilization or inference latency are not easily accessible to monitor application performance and scale.

Triton Inference Server provides a cloud and edge inferencing solution optimized for both CPUs and GPUs. Triton supports an HTTP/REST and GRPC protocol that allows remote clients to request inferencing for any model being managed by the server.

Secure Deployment Considerations: Artificial Intelligence (AI) and Machine Learning (ML) cannot keep to yourself without the support of programming languages. Developers can deploy Triton as an http server, a grpc server, a server supporting both, or embed a Triton server into their own application. Python is one of the major code languages for AI and ML. PyTriton is a simple interface that enables Python developers to use Triton Inference Server to serve AI models, simple processing functions, or entire inference pipelines within Python code.

For Secure Deployment Considerations – Please refer to the link for details – https://github.com/triton-inference-server/pytriton

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2023-40082 whether caused by a previous vulnerability? (4th Dec 2023)

Leave a comment

Preface: Das U-Boot (subtitled “the Universal Boot Loader” and often shortened to U-Boot. 

Background: Das U-Boot is an open-source boot loader used in embedded devices to perform various low-level hardware initialization tasks and boot the device’s operating system kernel. It is available for a number of computer architectures, including 68k, ARM, Blackfin, MicroBlaze, MIPS, Nios, SuperH, PPC, RISC-V and x86. 

Best practice: A bootloader design on the ARM platform is way different than what we have seen so far on the x86 platform. On the ARM platform, the minimalist bootloader design needs to implement the Trusted Board Boot (TBB) feature. The TBB feature allows the platform to be protected from malicious firmware attack by implementing a chain of trust (CoT) at each firmware level up to the normal world bootloader. Trusted Firmware (TF) implements a subset of the TBB requirements for ARM reference platform. 

Vulnerability details: In modify for next stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto.This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-40082

Potential Risk of CVE

About ARM security advisory: CVE-2023-5427 –  improper GPU memory processing operations to gain access to already freed memory (4th Dec 2023)

Leave a comment

Preface: If you need memory to live beyond the life of the current function, you need to allocate it on the heap with malloc and manage it yourself.

Background: The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Open Source Mali 5th Gen GPU Architecture Kernel Drivers family.

These components are not a complete driver stack. To build a functional OpenGL ES you need access to the full source code of the Mali GPU DDK, which is provided under the standard Arm commercial licence to all Mali GPU customers.

Vulnerability details: A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.

Affects:

Bifrost GPU Kernel Driver: All versions from r44p0 – r45p0

Valhall GPU Kernel Driver: All versions from r44p0 – r45p0

Arm 5th Gen GPU Architecture Kernel Driver: All versions from r44p0 – r45p0

Resolution: This issue is fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r46p0. Users are recommended to upgrade if they are impacted by this issue.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

antihackingonline.com