본문 바로가기
취약점 정보1

UEFI EDK2 Capsule Update vulnerabilities

Ryansecurity 2014. 8. 8. 02:36
728x90

The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism.

Description

The open source EDK2 project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Researchers at The MITRE Corporation have discovered multiple vulnerabilities in the EDK2 Capsule Update mechanism. Commercial UEFI implementations may incorporate portions of the EDK2 source code, including the vulnerable Capsule Update code.

Buffer overflow in Capsule Processing Phase - CVE-2014-4859
During the Drive Execution Environment (DXE) phase of the UEFI boot process, the contents of the capsule image are parsed during processing. An integer overflow vulnerability exists in the capsule processing phase that can cause the allocation of a buffer to be unexpectedly small. As a result, attacker-controlled data can be written past the bounds of the buffer.

Write-what-where condition in Coalescing Phase - CVE-2014-4860
During the Pre-EFI Initialization (PEI) phase of the UEFI boot process, the capsule update is coalesced into its original form. Multiple integer overflow vulnerabilities exist in the coalescing phase that can be used to trigger a write-what-where condition.

Impact

A local authenticated attacker may be able to execute arbitrary code with the privileges of system firmware, potentially allowing for persistent firmware level rootkits, bypassing of Secure Boot, or permanently DoS'ing the platform.

Solution

Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
American Megatrends Incorporated (AMI)Affected22 Jul 201401 Aug 2014
Hewlett-Packard CompanyAffected09 Jul 201405 Aug 2014
Intel CorporationAffected03 Dec 201305 Aug 2014
Phoenix Technologies Ltd.Affected22 Jul 201405 Aug 2014
Insyde Software CorporationNot Affected22 Jul 201424 Jul 2014
Apple Inc.Unknown22 Jul 201422 Jul 2014
Dell Computer Corporation, Inc.Unknown22 Jul 201422 Jul 2014
IBM CorporationUnknown22 Jul 201422 Jul 2014
LenovoUnknown22 Jul 201422 Jul 2014
NEC CorporationUnknown22 Jul 201422 Jul 2014
Sony CorporationUnknown22 Jul 201422 Jul 2014
ToshibaUnknown22 Jul 201422 Jul 2014

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.0AV:L/AC:H/Au:S/C:C/I:C/A:C
Temporal5.4E:POC/RL:ND/RC:C
Environmental7.3CDP:MH/TD:H/CR:ND/IR:H/AR:ND

References

Credit

Thanks to Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of the MITRE Corporation for reporting this vulnerability. Thanks also goes to Intel's Advanced Threat Research and Security Center of Excellence for assisting with industry notification and coordination.

This document was written by Todd Lewellen.

Other Information

  • CVE IDs: CVE-2014-4859 CVE-2014-4860
  • Date Public: 07 8월 2014
  • Date First Published: 07 8월 2014
  • Date Last Updated: 07 8월 2014
  • Document Revision: 20
728x90
저작자표시 비영리 변경금지

'취약점 정보1' 카테고리의 다른 글

OpenSSL 취약점 보안업데이트 권고  (0) 2014.08.09
Cisco IOS 와 IOS XE Software EnergyWise 서비스 거부 공격 보안업데이트 권고  (0) 2014.08.09
Internet Explorer begins blocking out-of-date ActiveX controls  (0) 2014.08.08
WordPress and Drupal Denial Of Service Vulnerability Full Disclosure - See more at: http://www.breaksec.com/?p=6362#sthash.zVny3nnl.dpuf  (0) 2014.08.08
(CVE-2014-3500/1/2) Cordova for Android Cross-Application Scripting and Data Exfiltration Vulnerabilities  (0) 2014.08.08

'취약점 정보1' Related Articles

티스토리툴바