Header bannerHeader banner
Advisory ID:
BRLY-2022-099

[BRLY-2022-099] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

June 22, 2023
Severity:
Medium
CVSS Score
4.9
Public Disclosure Date:
June 21, 2023

Summary

Binarly REsearch Team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Vendors Affected Icon

Vendors Affected

Dell
Intel
Affected Products icon

Affected Products

Edge Gateway 5200

Potential Impact

An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with exploitation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services.

Summary

Binarly REsearch Team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Vulnerability Information

  • BINARLY internal vulnerability identifier: BRLY-2022-099
  • Dell PSIRT assigned CVE identifier: CVE-2023-32471
  • DSA identifier: DSA-2023-225/DSA-2023-225
  • CVSS v3.1: 4.9 Medium AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Dell firmware with confirmed impact by Binarly REsearch Team

Product Firmware version CPU Module name Module GUID Module SHA256
Edge Gateway 5200 105 Intel AmiTcgPlatformDxe a29a63e3-e4e7-495f-8a6a-07738300cbb3 224640325a6bd17bfdffec43c6f676fa4ddc6d0bd74147b906e7f98a3a641175
Precision 3930 Rack 0.2.22.0 Intel A29A63E3-E4E7-495F-8A6A-07738300CBB3 a29a63e3-e4e7-495f-8a6a-07738300cbb3 39e4cd1a38db09667e83a60fe816ff46911f928b4872f98ac376b35b24db8bee
G5 5587/G7 7588/Vostro 7580 0.1.21.0 Intel A29A63E3-E4E7-495F-8A6A-07738300CBB3 a29a63e3-e4e7-495f-8a6a-07738300cbb3 4b1edc5a2d31870ef6a1470182d6664fad092cb52b3b5e09ade97cb638f8dba7
OptiPlex 7080 0.1.16.0 Intel A29A63E3-E4E7-495F-8A6A-07738300CBB3 a29a63e3-e4e7-495f-8a6a-07738300cbb3 92c0b7760b18d03c2fae6903f1909da0c5fd0521e90533756097d07d2f095c52
Precision 5520 0.1.30.0 Intel A29A63E3-E4E7-495F-8A6A-07738300CBB3 a29a63e3-e4e7-495f-8a6a-07738300cbb3 b31b7ef6f29492d889c583deedb8a9526793a0e6539c809e65dcb432af3bb0b5
Edge Gateway 3200 103 Intel AmiTcgPlatformDxe a29a63e3-e4e7-495f-8a6a-07738300cbb3 cb269580d49795867e032ba2ff2631758d3aca4fb506aa908b7af5e84b8786cf
Inspiron 7460 0.1.15.0 Intel A29A63E3-E4E7-495F-8A6A-07738300CBB3 a29a63e3-e4e7-495f-8a6a-07738300cbb3 d1f8f638cf5c127c78837d677a4369e49f0e0357613103438f1e7a642b2e12d6
Precision 5820 Tower X-Series 0.2.22.0 Intel AmiTcgPlatformDxe a29a63e3-e4e7-495f-8a6a-07738300cbb3 d77132e746e48a914a8a49e193a33478e29ff1c1670d60fcaf8e09c4716624eb

Potential impact

An attacker with high local access can exploit this vulnerability to read the contents of stack memory or global memory. This information could help with explotation of other vulnerabilities in DXE to elevate privileges from ring 3 or ring 0 (depends on the operating system) to a DXE driver and execute arbitrary code. Malicious code installed as a result of this exploitation could survive operating system (OS) boot process and runtime, or modify NVRAM area on the SPI flash storage (to gain persistence). Additionally, threat actors could use this vulnerability to bypass OS security mechanisms (modify privileged memory or runtime variables), influence OS boot process, and in some cases allow an attacker to hook or modify EFI Runtime services.

Vulnerability description

Let's take Edge Gateway 5200's firmware (version: 105, module sha256: 224640325a6bd17bfdffec43c6f676fa4ddc6d0bd74147b906e7f98a3a641175) as an example.

The following code in the module actually allows leaking memory:

  • a call to a gRT->GetVariable() offset: 0x2aa4
  • a call to a gRT->SetVariable() offset: 0x2ae5
__int64 sub_2890()
{
  __int64 result; // rax
  char v1; // al
  __int64 v2; // rax
  char v3; // bl
  char v4; // di
  char v5; // si
  signed __int64 v6; // rbx
  int v7; // eax
  __int64 v8; // rdx
  __int16 v9; // [rsp+30h] [rbp-98h] BYREF
  int v10; // [rsp+32h] [rbp-96h]
  int v11; // [rsp+36h] [rbp-92h]
  int v12; // [rsp+3Ah] [rbp-8Eh]
  int v13; // [rsp+3Eh] [rbp-8Ah]
  int v14; // [rsp+42h] [rbp-86h]
  char Destination; // [rsp+48h] [rbp-80h] BYREF
  char v16; // [rsp+49h] [rbp-7Fh]
  unsigned __int8 v17; // [rsp+4Bh] [rbp-7Dh]
  char v18; // [rsp+50h] [rbp-78h]
  char v19; // [rsp+51h] [rbp-77h]
  char v20; // [rsp+52h] [rbp-76h]
  char v21; // [rsp+55h] [rbp-73h]
  char v22; // [rsp+56h] [rbp-72h]
  char v23; // [rsp+58h] [rbp-70h]
  char v24; // [rsp+5Ah] [rbp-6Eh]
  void *v25; // [rsp+70h] [rbp-58h] BYREF
  __int64 v26; // [rsp+78h] [rbp-50h] BYREF
  __int64 (**v27)(void); // [rsp+80h] [rbp-48h] BYREF
  void *Interface; // [rsp+88h] [rbp-40h] BYREF
  EFI_EVENT Event; // [rsp+90h] [rbp-38h] BYREF
  char Data; // [rsp+D0h] [rbp+8h] BYREF
  UINT32 Attributes; // [rsp+D8h] [rbp+10h] BYREF
  void *v32; // [rsp+E0h] [rbp+18h] BYREF
  UINTN DataSize; // [rsp+E8h] [rbp+20h] BYREF

  Attributes = 3;
  DataSize = 1i64;
  v26 = 0i64;
  Data = 0;
  if ( (gBS->LocateProtocol(&SETUP_GUID, 0i64, &v27) & 0x8000000000000000ui64) == 0i64 )
    return (*v27)();
  result = gBS->LocateProtocol(&EFI_TPM_MP_DRIVER_PROTOCOL_GUID, 0i64, &Interface);
  if ( result >= 0 )
  {
    result = gBS->LocateProtocol(&EFI_TCG_PROTOCOL_GUID, 0i64, &v25);
    if ( result >= 0 )
    {
      result = gBS->LocateProtocol(&TCG_PLATFORM_SETUP_POLICY_GUID, 0i64, &v32);
      if ( result >= 0 )
      {
        v10 = 369098752;
        v9 = -16128;
        v12 = 0x4000000;
        v11 = 1702887424;
        if ( !sub_52F4() )
          v11 = 1694498816;
        v13 = 0x4000000;
        v14 = 134283264;
        (*(v25 + 3))(v25, 22i64, &v9, 256i64, &unk_6BD0);
        v9 = -16128;
        v10 = 369098752;
        v1 = sub_52F4();
        v12 = 83886080;
        v13 = 0x4000000;
        v11 = v1 != 0 ? 1702887424 : 1694498816;
        v14 = 285278208;
        v2 = (*(v25 + 3))(v25, 22i64, &v9, 512i64, &unk_70F0);
        v3 = byte_70FE;
        if ( v2 < 0 )
          v3 = 0;
        gBS->CopyMem(&Destination, v32 + 1, 0x1Bui64);
        v4 = v23;
        v5 = v24;
        v20 = v3;
        v18 = v23;
        v19 = v24;
        v21 = 0;
        if ( (gRT->GetVariable(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, &Attributes, &DataSize, &Data) & 0x8000000000000000ui64) == 0i64 )
        {
          if ( Data == v16 )
          {
            if ( v16 != (((v4 | v5) & 1) == 0) )
              v22 = 1;
          }
          else
          {
            Data = v16;
            sub_55F0(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
          }
        }
        else
        {
          Data = v16;
          gRT->SetVariable(                     // <= second call
            L"TpmOldvar",
            &TC_EFI_GLOBAL_VARIABLE_GUID,
            Attributes,
            DataSize,
            &Data);
        }
        if ( v22 )
        {
          v17 = 0;
          v22 = 0;
          v16 = ((v4 | v5) & 1) == 0;
          Data = v16;
          sub_55F0(L"TpmOldvar", &TC_EFI_GLOBAL_VARIABLE_GUID, Attributes, DataSize, &Data);
        }
        byte_7342 = Destination;
        v6 = sub_593C(&v26);
        if ( v6 < 0 )
          v6 = gBS->CreateEventEx(0x200u, 8ui64, sub_260C, 0i64, &EFI_ACPI_20_TABLE_GUID, &Event);
        else
          sub_260C(0i64, 0i64);
        (*(v32 + 4))(&Destination, 0i64);
        if ( v16 == (((v4 | v5) & 1) == 0) )
        {
          if ( !v17 )
            return v6;
          v7 = sub_1D24(v17);
          v17 = 0;
        }
        else
        {
          v7 = sub_1D24(7 - (v16 != 0));
        }
        if ( v7 )
        {
          v21 = 1;
          (*(v32 + 4))(&Destination, 0i64);
          return 0i64;
        }
        LOBYTE(v8) = 1;
        (*(v32 + 4))(&Destination, v8);
        sub_E64(0);
        return v6;
      }
    }
  }
  return result;
}

The gRT->SetVariable() service is called with the DataSize as an argument, which will be overwritten inside the gRT->GetVariable() service if the length of TpmOldvar NVRAM variable is greater than 1.

Thus, a potential attacker can dump X - 1 bytes from the stack (or global memory) into TpmOldvar NVRAM variable by setting TpmOldvar NVRAM variable's size to X > 1.

To fix this vulnerability the DataSize must be re-initialized with the size of TpmOldvar before calling gRT->SetVariable().

Disclosure timeline

This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.

Disclosure Activity Date (YYYY-mm-dd)
Dell PSIRT is notified 2022-12-29
Dell PSIRT confirmed reported issue 2023-03-16
Dell PSIRT assigned CVE number 2023-06-15
Dell PSIRT provide patch release 2023-06-15
BINARLY public disclosure date 2023-06-21

Acknowledgements

Binarly REsearch Team

Tags
Dell
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner