Buffer overflow vulnerability with the unified extensible firmware interface
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
January 7, 2015
Two security researchers have discovered a new buffer overflow security vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK-1 project used in today's firmware development.
Internet security researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the security issue in the FSVariable.c source file was directly linked to another variable used to reclaim empty space on SPI flash chips.
Potential exploitation could be really severe if some code is instantiated earlier on when booting was less secure and the SPI Flash with its firmware is accessible.
An attacker exploiting early could gain a persistent foothold in systems, Kallenberg said.
"We have discovered a buffer overflow associated with this reclaim operation in FSVariable.c," Kallenberg said in a CERT security advisory.
"In an ideal attacker scenario, the vulnerable code can be instantiated before the SPI flash is locked down, resulting in an arbitrary reflash of the platform firmware.
"Another possibility is for the attacker to leverage this security vulnerability to get into SMM (if SMM is not sufficiently locked down yet) or to defeat Secure Boot and launch an authorized boot loader, or to simply achieve a runtime SMM break-in," he added.
Damage varied quite a bit between OEM firmware implementations, and depending on their various configurations.
To be sure, Insyde Software Corp issued a security patch for its affected firmware while other unnamed OEMs are still working on various fixes.
Source: Insyde Software Corp.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!