.webp)
An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform). Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services.
Binarly REsearch Team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
An attacker with local privileged access can exploit this vulnerability to read the contents of the stack and use this information to exploit other vulnerabilities in DXE. A malicious code installed as a result of the vulnerability exploitation in a DXE driver could survive across an operating system (OS) boot process and runtime or modify NVRAM area on SPI flash storage (to gain persistence on target platform).Additionally, this vulnerability potentially could be used by threat actors to bypass OS security mechanisms (modify privileged memory or runtime variables), influence on the OS boot process, and in some cases would allow an attacker to hook or modify EFI Runtime services.
The vulnerability exists in the function located at offset 0x2450.This function is part of AMI_TCG_PLATFORM_PROTOCOL protocol interface (potencial function name: ProcessTcgSetup).
The pseudocode for the vulnerable function is shown below:
__int64 ProcessTcgSetup()
{
//
// local variables initialization
//
Attributes = 3;
v28 = 0;
DataSize = 1;
Data = 0;
if ( (gBS->LocateProtocol(&SETUP_GUID, 0, &Interface) & 0x8000000000000000) == 0 )
return (*Interface)();
result = gBS->LocateProtocol(&EFI_TPM_MP_DRIVER_PROTOCOL_GUID, 0, &v32);
if ( result >= 0 )
{
result = gBS->LocateProtocol(&EFI_TCG_PROTOCOL_GUID, 0, &EfiTcgProtocol);
if ( result >= 0 )
{
result = gBS->LocateProtocol(&TCG_PLATFORM_SETUP_POLICY_GUID, 0, &TcgPlatformSetupPolicy);
if ( result >= 0 )
{
...
if ( (gRT->GetVariable(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, &Attributes, &DataSize, &Data) & 0x8000000000000000) == 0 )
{
LOBYTE(v7) = v13;
if ( Data == v13 )
{
if ( v13 != (((v30 | v31) & 1) == 0) )
v19 = 1;
}
else
{
Data = v13;
sub_4D60(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
}
}
else
{
Data = v13;
gRT->SetVariable(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
}
if ( v19 )
{
v13 = ((v30 | v31) & 1) == 0;
Data = v13;
v14 = 0;
v19 = 0;
sub_4D60(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
}
...
}
}
}
return result;
}Consider the following code snippet:
DataSize = 1;
if ( gRT->GetVariable(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, &Attributes, &DataSize, &Data) == EFI_SUCCESS )
{
...
}
else
{
Data = v13;
gRT->SetVariable(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
}As we can see from the pseudocode, for the TpmOldvar variable gRT->SetVariable() service is called with the DataSize value, which can be overwritten inside the gRT->GetVariable() service.
Thus, a potential attacker can write X - 1 bytes from the stack to NVRAM if writes any buffer of length X > 1 to the TpmOldvar NVRAM variable before next system boot.
In order to fix this vulnerability, the DataSize variable must be initialized before gRT->SetVariable().
This vulnerability is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the vulnerability report will become visible to the public.
Binarly REsearch Team
.svg)
