search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Vulnerability Note VU#976132

Original Release Date: 2015-01-05 | Last Revised: 2015-08-03

Overview

Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections.

Description

According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE Corporation:

"During the UEFI S3 Resume path, a boot script is interpreted to re-initialize the platform. The boot script dictates various memory and port read/write operations to facilitate this re-initialization. The boot script is interpreted early enough where important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protects the platform firmware against arbitrary writes, is unlocked. TSEGMB, which protects SMRAM against DMA, is also unlocked.

Given this, the boot script is in a security critical position and maintaining its integrity is important. However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory."

Impact

An authenticated local attacker may be able to bypass Secure Boot and/or perform an arbitrary reflash of the platform firmware despite the presence of signed firmware update enforcement. Additionally, the attacker could arbitrarily read or write to the SMRAM region. Lastly, the attacker could corrupt the platform firmware and cause the system to become inoperable.

Solution

Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.

Vendor Information

976132
 
Expand all

American Megatrends Incorporated (AMI) Affected

Notified:  September 15, 2014 Updated: December 10, 2014

Status

Affected

Vendor Statement

AMI has addressed the issue on a generic basis and is working with OEMs to implement fixes for projects in the field and production. End users should contact their board manufacturer for information on when a specific updated BIOS will be available.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple Affected

Notified:  July 23, 2015 Updated: July 30, 2015

Statement Date:   July 30, 2015

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Dell Computer Corporation, Inc. Affected

Notified:  September 15, 2014 Updated: August 03, 2015

Statement Date:   August 03, 2015

Status

Affected

Vendor Statement

Some client systems are affected. Server systems are not affected. Patches for affected client systems tentatively planned for release on support.dell.com by March 2015. List of affected systems forthcoming

Vendor Information

Some Client Solutions (CS) commercial platforms are affected by the vulnerability described in VU#976132. Updated BIOS code has been developed to mitigate the vulnerability by locking down the resume path boot script. A list of BIOS update patches is included below for planning purposes and BIOS revisions are included (subject to change):

Dell SystemBIOS UpdateRelease Planned
Latitude 13 (3340)A06Available
Latitude 6430UA10August 2015
Latitude E5440/E5540A11Available
Latitude E5530/E5430A16August 2015
Latitude E6230/E6330/E6430SA15August 2015
Latitude E6530A17August 2015
Latitude E6430A17August 2015
Latitude E6440A10Available
Latitude E6540A13Available
Latitude E7240/E7440A14Available
OptiPlex 3010A14August 2015
OptiPlex 3011 AIOA07Available
OptiPlex 3020A06Available
OptiPlex 7010/9010A20Available
OptiPlex 7020A03Available
OptiPlex 9020A10Available
OptiPlex 9010 AIOA17Available
OptiPlex 9020 AIOA10Available
Precision Mobile Workstation M4700A14August 2015
Precision Mobile Workstation M6700A15August 2015
Precision Workstation R7610A09Available
Precision Workstation T1650A19Available
Precision Workstation T1700A15Available
Precision Workstation T3610/T5610/T7610A10Available
Precision Workstation M6800/M4800A13Available
PowerEdge Server T20A06Available
Venue 11 Pro (5130-32Bit)A10Available
Venue 11 Pro (5130-64Bit)A03Available
Venue 11 Pro (7130/7139)A14Available

Dell recommends customers update to the latest BIOS by downloading the patched releases from .

Vendor References

Insyde Software Corporation Affected

Updated:  February 03, 2015

Status

Affected

Vendor Statement

"Insyde has reviewed the Insyde BIOS code and did find some vulnerabilities to some of the items in this report. Insyde used the Native EDK II Lock Box Mechanism for saving the Boot Script in our Insyde H2O 5 codebase thus providing adequate protection. By late 2014 Insyde created a protection mechanism for our Insyde H2O 3.7 codebase to protect the Boot Script. By late 2014 Insyde had protected the AcpiGlobalVariable for both codebases.

The Variable updates were available in Tags 03.74.42 and 05.04.42 which was the 2014 work week 42 release. The internal tracking number was IB02960681.

The Insyde H2O 3.7 Boot Script protection mechanism was made available in various chipset Tags.

OEM and ODM customers are advised to contact their Insyde support representative for documentation and assistance.

End users are advised to contact the manufacturer of their equipment."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Affected

Notified:  September 15, 2014 Updated: July 20, 2015

Statement Date:   June 29, 2015

Status

Affected

Vendor Statement

Some Intel-branded products were affected by this issue. An update to the system firmware has recently been released in order to mitigate this and other issues. A list of affected products and updates can be found in our security advisories, INTEL-SA-00041 and INTEL-SA-00043, which can be found on our website https://security-center.intel.com.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo Affected

Updated:  January 21, 2015

Status

Affected

Vendor Statement

http://support.lenovo.com/us/en/product_security/s3_boot_protect

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Phoenix Technologies Ltd. Affected

Notified:  October 06, 2014 Updated: December 19, 2014

Status

Affected

Vendor Statement

We investigated this item and found some of our shipping products to be vulnerable. The vulnerability has been fixed, and we are working with OEMs to provide the updated source code. End users should contact the manufacturer directly for more information and instructions regarding the fix.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C
Temporal 5.6 E:POC/RL:ND/RC:C
Environmental 5.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Rafal Wojtczuk and Corey Kallenberg for reporting this vulnerability, as well as Intel Advanced Threat Research.

This document was written by Todd Lewellen.

Other Information

CVE IDs: CVE-2014-8274
Date Public: 2014-12-28
Date First Published: 2015-01-05
Date Last Updated: 2015-08-03 14:39 UTC
Document Revision: 32

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis