Overview
Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI). Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote code execution, DoS attacks, DNS cache poisoning, and/or potential leakage of sensitive information. Quarkslab have labeled these set of related vulnerabilities as PixieFail.
Description
UEFI represents a contemporary firmware standard pivotal in initiating the operating system on modern computers and in facilitating communication between the hardware and OS. TianoCore's EDKII stands as an open-source implementation adhering to UEFI and UEFI Platform Initialization (PI) specifications, offering an essential firmware development environment across platforms. Within EDKII, the NetworkPkg software encompasses a TCP/IP stack, enabling crucial network functionalities available during the initial Preboot eXecution Environment (PXE) stages. The PXE environment, when enabled, allows machines to boot via network connectivity, eliminating the need for physical interaction or keyboard access. Typically employed in larger data centers, PXE is vital for automating early boot phases, particularly in high-performance computing (HPC) environments.
Quarkslab researchers have discovered several vulnerabilities within the EDKII's NetworkPkg IP stack, introduce due to classic issues like buffer overflow, predictable randomization, and improper parsing. These vulnerabilities pose risks, allowing unauthenticated local attackers (and in certain scenarios, remotely) to execute various attacks. Successful exploits can result in denial of service, leakage of sensitive data, remote code execution, DNS cache poisoning, and network session hijacking. To successfully exploit this vulnerable NetworkPkg implementation, the attacker requires the PXE boot option to be enabled.
Tianocore's EDKII is used as a reference code or adopted as-is by many vendors for ..
Support the originator by clicking the read the rest link below.
