CVE-2023-31127: DMTF-2023-0001: SPDM mutual authentication bypass

Impact

A vulnerability has been identified in SPDM session establishment.
If a device supports both DHE session and PSK session with mutual
authentication, the attacker may be able to establish the session with
KEY_EXCHANGE and PSK_FINISH to bypass the mutual authentication. This
is most likely to happen when the Requester begins a session using
one method (DHE, for example) and then uses the other method’s finish
(PSK_FINISH in this example) to establish the session. The session
hashes would be expected to fail in this case, but the condition was
not detected.

Impacted Function:

This issue only impacts the SPDM responder, which supports KEY_EX_CAP=1 and
PSK_CAP=10b at same time with mutual authentication requirement.
The SPDM requester is not impacted.
The SPDM responder is not impacted if KEY_EX_CAP=0 or PSK_CAP=0 or PSK_CAP=01b.
The SPDM responder is not impacted if mutual authentication is not required.

Impacted Branch:

libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted.

Other Important Notes:

The SPDM specification (DSP0274) does not contain this vulnerability.

Patches

libspdm main: #2006
libspdm 2.3: #2007

Because libspdm 1.0, 2.0, 2.1, and 2.2 have known function detect, they are not maintained.
libspdm 2.3 branch users should upgrade to release 2.3.2.

References

libspdm issue: #2005

Acknowledgement:

This issue was reported on 20 March 2023 by Cas Cremers [email protected],
together with Naska, Aurora [email protected];
Dax, Alexander [email protected].