CERTVU:976132UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script
Overview
Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections.
Description
According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE Corporation:
"During the UEFI S3 Resume p__at__h, a boot script is_ i__nterpreted to re-initialize the platform. The boot script dictates various memory and port read/write operations to facilitate this re-initialization. The boot script is interpreted early enough where important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protects the platform firmware against arbitrary writes, is unlocked. TSEGMB, which protects SMRAM against DMA, is also unlocked._
Given this, the boot script is in a security critical position and maintaining its integrity is important. However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory."
Impact
An authenticated local attacker may be able to bypass Secure Boot and/or perform an arbitrary reflash of the platform firmware despite the presence of signed firmware update enforcement. Additionally, the attacker could arbitrarily read or write to the SMRAM region. Lastly, the attacker could corrupt the platform firmware and cause the system to become inoperable.
Solution
Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.
Vendor Information
976132
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
American Megatrends Incorporated (AMI) __ Affected
Notified: September 15, 2014 Updated: December 10, 2014
Status
Affected
Vendor Statement
AMI has addressed the issue on a generic basis and is working with OEMs to implement fixes for projects in the field and production. End users should contact their board manufacturer for information on when a specific updated BIOS will be available.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Apple Affected
Notified: July 23, 2015 Updated: July 30, 2015
Statement Date: July 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Dell Computer Corporation, Inc. __ Affected
Notified: September 15, 2014 Updated: August 03, 2015
Statement Date: August 03, 2015
Status
Affected
Vendor Statement
Some client systems are affected. Server systems are not affected. Patches for affected client systems tentatively planned for release on support.dell.com by March 2015. List of affected systems forthcoming
Vendor Information
Some Client Solutions (CS) commercial platforms are affected by the vulnerability described in VU#976132. Updated BIOS code has been developed to mitigate the vulnerability by locking down the resume path boot script. A list of BIOS update patches is included below for planning purposes and BIOS revisions are included (subject to change):
**Dell System** |
**BIOS Update** |
**Release Planned** |
|---|---|---|
Latitude 13 (3340) |
A06 |
Available |
Latitude 6430U |
A10 |
August 2015 |
Latitude E5440/E5540 |
A11 |
Available |
Latitude E5530/E5430 |
A16 |
August 2015 |
Latitude E6230/E6330/E6430S |
A15 |
August 2015 |
Latitude E6530 |
A17 |
August 2015 |
Latitude E6430 |
A17 |
August 2015 |
Latitude E6440 |
A10 |
Available |
Latitude E6540 |
A13 |
Available |
Latitude E7240/E7440 |
A14 |
Available |
OptiPlex 3010 |
A14 |
August 2015 |
OptiPlex 3011 AIO |
A07 |
Available |
OptiPlex 3020 |
A06 |
Available |
OptiPlex 7010/9010 |
A20 |
Available |
OptiPlex 7020 |
A03 |
Available |
OptiPlex 9020 |
A10 |
Available |
OptiPlex 9010 AIO |
A17 |
Available |
OptiPlex 9020 AIO |
A10 |
Available |
Precision Mobile Workstation M4700 |
A14 |
August 2015 |
Precision Mobile Workstation M6700 |
A15 |
August 2015 |
Precision Workstation R7610 |
A09 |
Available |
Precision Workstation T1650 |
A19 |
Available |
Precision Workstation T1700 |
A15 |
Available |
Precision Workstation T3610/T5610/T7610 |
A10 |
Available |
Precision Workstation M6800/M4800 |
A13 |
Available |
PowerEdge Server T20 |
A06 |
Available |
Venue 11 Pro (5130-32Bit) |
A10 |
Available |
Venue 11 Pro (5130-64Bit) |
A03 |
Available |
Venue 11 Pro (7130/7139) |
A14 |
Available |
Dell recommends customers update to the latest BIOS by downloading the patched releases from .
Vendor References
Insyde Software Corporation __ Affected
Updated: February 03, 2015
Status
Affected
Vendor Statement
"Insyde has reviewed the Insyde BIOS code and did find some vulnerabilities to some of the items in this report. Insyde used the Native EDK II Lock Box Mechanism for saving the Boot Script in our Insyde H2O 5 codebase thus providing adequate protection. By late 2014 Insyde created a protection mechanism for our Insyde H2O 3.7 codebase to protect the Boot Script. By late 2014 Insyde had protected the AcpiGlobalVariable for both codebases.
The Variable updates were available in Tags 03.74.42 and 05.04.42 which was the 2014 work week 42 release. The internal tracking number was IB02960681.
The Insyde H2O 3.7 Boot Script protection mechanism was made available in various chipset Tags.
OEM and ODM customers are advised to contact their Insyde support representative for documentation and assistance.
End users are advised to contact the manufacturer of their equipment."
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation __ Affected
Notified: September 15, 2014 Updated: July 20, 2015
Statement Date: June 29, 2015
Status
Affected
Vendor Statement
Some Intel-branded products were affected by this issue. An update to the system firmware has recently been released in order to mitigate this and other issues. A list of affected products and updates can be found in our security advisories, INTEL-SA-00041 and INTEL-SA-00043, which can be found on our website <https://security-center.intel.com>.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lenovo __ Affected
Updated: January 21, 2015
Status
Affected
Vendor Statement
<http://support.lenovo.com/us/en/product_security/s3_boot_protect>
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Phoenix Technologies Ltd. __ Affected
Notified: October 06, 2014 Updated: December 19, 2014
Status
Affected
Vendor Statement
We investigated this item and found some of our shipping products to be vulnerable. The vulnerability has been fixed, and we are working with OEMs to provide the updated source code. End users should contact the manufacturer directly for more information and instructions regarding the fix.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6.2 | AV:L/AC:H/Au:N/C:C/I:C/A:C |
| Temporal | 5.6 | E:POC/RL:ND/RC:C |
| Environmental | 5.6 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
- <http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-boot-script-specification-v091.html>
- <http://support.lenovo.com/us/en/product_security/s3_boot_protect>
Acknowledgements
Thanks to Rafal Wojtczuk and Corey Kallenberg for reporting this vulnerability, as well as Intel Advanced Threat Research.
This document was written by Todd Lewellen.
Other Information
| CVE IDs: | CVE-2014-8274 |
|---|---|
| Date Public: | 2014-12-28 Date First Published: |
Related
