New UEFI vulnerabilities send firmware devs industry wide scrambling

UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level.

The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network—say a paying customer, a low-level employee, or an attacker who has already gained limited entry—can exploit the vulnerabilities to infect connected devices with a malicious UEFI.

Short for Unified Extensible Firmware Interface, UEFI is the low-level and complex chain of firmware responsible for booting up virtually every modern computer. By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can’t be detected or removed using standard endpoint protections. They also give unusually broad control of the infected device.

Five vendors, and many a customer, affected

The nine vulnerabilities that comprise PixieFail reside in TianoCore EDK II, an open source implementation of the UEFI specification. The implementation is incorporated into offerings from Arm Ltd., Insyde, AMI, Phoenix Technologies, and Microsoft. The flaws reside in functions related to IPv6, the successor to the IPv4 Internet Protocol network address system. They can be exploited in what’s known as the PXE, or Preboot Execution Environment, when it’s configured to use IPv6.

PXE, sometimes colloquially referred to as Pixieboot or netboot, is a mechanism enterprises use to boot up large numbers of devices, which more often than not are servers inside of large data centers. Rather than the OS being stored on the device booting up, PXE stores the image on a central server, known as a boot server. Devices booting up locate the boot server using the Dynamic Host Configuration Protocol and then send a request for the OS image.

PXE is designed for ease of use, uniformity, and quality assurance inside data centers and cloud environments. When updating or reconfiguring the OS, admins need to do so only once and then ensure that hundreds or thousands of connected servers run it each time they boot up.

By exploiting the PixieFail vulnerabilities, an attacker can cause servers to download a malicious firmware image rather than the intended one. The malicious image in this scenario will establish a permanent beachhead on the device that’s installed prior to the loading of the OS and any security software that would normally flag infections.

The vulnerabilities and proof-of-concept code demonstrating the presence of the vulnerabilities were developed by researchers from security firm Quarkslab, which published the findings Tuesday.

The network presence required to exploit most of the vulnerabilities is relatively minor. Attackers need not establish their own malicious server or gain high-level privileges. Instead, the attacker only needs the ability to view and capture traffic as it traverses the local network. This kind of access may be possible when someone has a legitimate account with a cloud service or after first exploiting a separate vulnerability that gives limited system rights. With that, the attacker can then exploit PixieFail to plant a UEFI-controlled backdoor in huge fleets of servers.

Quarkslab Chief Research Officer Iván Arce said in an interview:

An attacker doesn't need to have physical access neither to the client nor the boot server. The attacker just needs to have access to the network where all these systems are running and it needs to have the ability to capture packets and to inject packets or transmit packets. When the client-{based server] boots, the attacker just needs to send the client a malicious packet in the [request] response that will trigger some of these vulns. The only access that the attacker needs is access to the network, not physical access to any of the clients, nor to the boot server or DHCP server. Just capture packets or send packets in the network, where all these servers are running.

For PixieFail to be exploited, PXE must be turned on. For the overwhelming number of UEFIs in use, PXE isn’t turned on. PXE is generally used only in data centers and cloud environments for rebooting thousands or tens of thousands of servers. Additionally, PXE must be configured to be used in combination with IPv6 routing.

A motley bunch

PixieFail is a motley mix of different vulnerability types, ranging from buffer overflows and integer underflows, both of which allow for remote code execution, to the lack of standard but crucial security practices, such as a properly functioning pseudorandom number generator. There was also a TCP implementation that didn’t follow a basic IETF RFC that has been recommended since 2012. The nine vulnerabilities are:

• https://nvd.nist.gov/vuln/detail/CVE-2023-45229: an integer underflow when processing configurations contained in a DHCPv6 advertise message. The underflows from the failure of EDK II—and all the affected UEFIs that rely on it—perform basic “sanity checking” that is designed to flag when memory contents are too small. The base score severity rating is 6.5 out of a possible 10.
• https://nvd.nist.gov/vuln/detail/CVE-2023-45230: A buffer overflow in the DHCPv6client. This vulnerability also stems from a sanity-checking failure. It can be exploited by choosing an overly long Server ID option during what’s known in PXE as the Solicit/Advertise exchange. Base score 8.3.
• https://nvd.nist.gov/vuln/detail/CVE-2023-45231: An out-of-bounds read that can occur during the Network Discovery phase. Base score 6.5
• https://nvd.nist.gov/vuln/detail/CVE-2023-45232: An infinite loop when parsing unknown options in the Destination Options header. Base score 7.5
• https://nvd.nist.gov/vuln/detail/CVE-2023-45233: An infinite loop when parsing a PadN option in the Destination Options header. Base score 7.5
• https://nvd.nist.gov/vuln/detail/CVE-2023-45234 A buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message. Base score 8.3
• https://nvd.nist.gov/vuln/detail/CVE-2023-45235: A buffer overflow when handling a Server ID option from a DHCPv6 proxy Advertise message. Base score 8.3
• https://nvd.nist.gov/vuln/detail/CVE-2023-45236: Predictable TCP Initial Sequence Numbers. Base score 5.7
• https://nvd.nist.gov/vuln/detail/CVE-2023-45237: Use of a weak pseudorandom number generator. Base score 5.3

The makers of the affected UEFIs are in the process of getting updates pushed out to customers. And from there, those customers are making patches available to their customers, who usually are end users. AMI confirmed the vulnerability affects its Optio V line of firmware and said it has made patches available to its customers. AMI provided a public advisory here and customer-only ones here and here.

Microsoft, meanwhile, issued a statement that said the company was taking “appropriate action” without saying what that was. Microsoft also claimed—in error, Arce said—that exploiting the vulnerability required the attacker to first establish a malicious server on the affected network. Arce says no such requirement exists.

"An attack only needs to be able to send packets on that network," he said. "Also, the proof of concept code which we provided to all vendors, including Microsoft, does not set up any server."

Microsoft didn’t have a response to Arce’s analysis. Microsoft also noted the requirement of using PXE over an IPv6 network.

“As a security best practice, we recommend disabling unused boot capabilities, only using PXE or other protocols on trusted networks, and using TLS over the internet,” Microsoft officials added.

Officials with Arm Insyde and Phoenix didn’t respond or didn't have a comment.

As noted, PixieFail isn’t something most people need to worry about. The vulnerabilities, however, are most definitely something that cloud environments and data centers should greatly care about. After all, exploits allow someone with limited network access to suddenly backdoor any server in a network the next time it reboots. Over the course of a matter of weeks, that could lead to an entire fleet of infected machines.

Out of an abundance of caution and in keeping with security in-depth principles, all end users should patch the vulnerabilities as well, but the urgency in this case is fairly relaxed. Users generally should look to their device or motherboard maker for an update.

Update: A little more than 13 hours after this post went live, Microsoft officials updated their statement to add: "If an attacker is able to capture and transmit packets on the network (this is, the ability “to serve” packets), they can pretend to be a 'server.'"