January 18, 2024 at 05:03AM
Multiple security vulnerabilities in the TCP/IP network protocol stack of an open-source UEFI firmware are collectively dubbed PixieFail. These issues could be exploited to achieve remote code execution, denial-of-service, DNS cache poisoning, and leakage of sensitive information. Various firms’ UEFI firmware are impacted, and the CERT Coordination Center provided advisory on the exploitability.
Based on the meeting notes, the main takeaways include:
1. Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification.
2. These vulnerabilities, collectively dubbed PixieFail by Quarkslab, reside in the TianoCore EFI Development Kit II (EDK II) and could lead to remote code execution, denial-of-service (DoS), DNS cache poisoning, and leakage of sensitive information.
3. UEFI firmware from AMI, Intel, Insyde, and Phoenix Technologies are impacted by these vulnerabilities.
4. The EDK II incorporates its own TCP/IP stack called NetworkPkg to enable network functionalities during the initial Preboot eXecution Environment (PXE) stage.
5. The identified flaws include overflow bugs, out-of-bounds read, infinite loops, and the use of weak pseudorandom number generator that result in DNS and DHCP poisoning attacks, information leakage, denial of service, and data insertion attacks at the IPv4 and IPv6 layer.
6. The list of specific vulnerabilities, along with their CVE numbers and CVSS scores, has been provided.
7. The impact and exploitability of these vulnerabilities depend on the specific firmware build and the default PXE boot configuration, according to the CERT Coordination Center (CERT/CC).
8. These weaknesses could be exploited by an attacker within the local network (and, in certain scenarios remotely) to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information.
If you need further details or a summary of specific sections, please let me know!