CERT Warns of UEFI Hardware Vulnerabilities

The CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University issued three advisories today warning of serious UEFI vulnerabilities.

The CERT/CC at Carnegie Mellon University today released three advisories warning of vulnerabilities that affect some unified extensible firmware interface (UEFI) systems and the BIOS of some Intel chipsets.

Hardware and firmware vulnerabilities, such as these reported by Corey Kallenberg of MITRE Corp., and Rafal Wojtczuk of Bromium, give attackers not only root access to servers and clients, but also gives them unrelenting persistence on a system even after mitigations.

The UEFI flaws allow an attacker the ability to bypass Secure Boot and re-flash firmware present on a machine, even if a signed firmware enforcement mechanism is present. Secure Boot was introduced upon the release of Windows 8 and is supposed to ensure that only software trusted by the manufacturer runs at boot by verifying signature of everything running during boot-up. The Intel BIOS vulnerability, meanwhile, could allow an attacker to write code to the firmware.

The most severe of the vulnerabilities affects Intel, Phoenix Technologies and American Megatrends Inc., UEFI systems; Dell systems are not vulnerable. Those vulnerable systems, the advisory said, fail to restrict access to boot script used by the EFI S3 Resume Boot Path. An attacker with local access could bypass firmware write protections and reflash the firmware or write to the SMRAM region.

Boot script, Wojtczuk and Kallenberg explain in the advisory, dictates a number of operations to enable initialization of the platform.

“The boot script is interpreted early enough where important platform security mechanisms have not yet been configured,” the researchers said, noting as an example that BIOS-CNTL and TSEGMB, protections against arbitrary writes, are unlocked.

“Given this, the boot script is in a security critical position and maintaining its integrity is important,” they said. “However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory.”

Kallenberg and Wojtczuk also reported a buffer overflow vulnerability in the EDK1 UEFI reference implementation, an open source implementation also used by some commercial UEFI implementations, they said.

The vulnerability is in the Edk1/source/Sample/Universal/Variable/RuntimeDxe/FS/FSVariable.c source file, the advisory said. Specifically, the buffer overflow is in a reclaim operation used to preserve large variables in memory constrained instances.

“In the reclaim operation, there is assumption that by following the chain of variables (by NextVariable = GetNextVariablePtr (Variable), that essentially adds Variable’s size to it), we do not jump out of the variable store bounds,” the advisory quotes Kallenberg and Wojtczuk. “In particular, in line 352, the CurrPtr can extend beyond the legitimate boundaries of the variable region. Ultimately in line 350, we can end up with a memory corruption via buffer overflow.”

Depending on when the vulnerable code is instantiated, such as before important operations are locked down, an attacker can re-flash firmware with their own, or bypass Secure Boot and launch their own boot loader.

“The consequences and exploitablity of this bug will vary based on the OEM’s firmware implementation,” the advisory said, adding that to date, only Insyde Software Corp., systems are affected with a handful of others possibly, including Dell, HP, Lenovo, Sony and Toshiba. The advisory said Apple, IBM, Intel and Phoenix are not affected.

The final vulnerability is a race condition in Intel chipsets. Only those relying on the BIOS_CNTL.BIOSWE and BIOS_CNTL.BLE bits as a BIOS lockdown are vulnerable. Specifically, an attacker can write to the BIOS between the time a System Management Interrupt (SMI) determines whether a write to BIOS is permissible and locks it down.

“A local, authenticated attacker could write malicious code to the platform firmware. Additionally, if the “UEFI Variable” region of the SPI Flash relies on BIOS_CNTL.BIOSLE for write protection, as many implementations do, this vulnerability could be used to bypass UEFI Secure Boot,” the advisory said. “Lastly, the attacker could corrupt the platform firmware and cause the system to become inoperable.”

American Megatrends Inc., and Phoenix Technologies systems are affected, while Apple and IBM are not affected, according to the advisory.

Suggested articles