Headline
Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers “PixieFail” Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
The vulnerabilities, collectively called PixieFAIL, were discovered in the network stack of EDK II, during a cursory inspection of NetworkPkg and could be exploited during the network boot process.
Quarkslab bug hunters discovered nine serious vulnerabilities in EDK II, the de-facto open-source reference implementation of the UEFI specification, which could lead to remote code execution (RCE) attacks before booting the device.
These flaws, discovered in August 2023, led to DNS and DHCP poisoning attacks, information leakage, denial of service, and data insertion attacks at the IPv4 and IPv6 layers.
The vulnerabilities, collectively called PixieFAIL, were discovered in the network stack of EDK II, during a cursory inspection of NetworkPkg and could be exploited during the network boot process.
Network boot is a common feature on enterprise computers/servers, used to load an OS image from the network at boot time. This is popular in data centers and high-performance computing environments. Given that server farms and clusters often have hundreds or thousands of compute nodes, it simplifies management by downloading and running the OS from a central set of servers.
For your information, the Preboot Execution Environment (PXE), netboot, or Pixie boot, specifies a standardized client-server solution for network computers’ booting. It was introduced by Intel in 1998 and later got incorporated into the UEFI specification. With the release of UEFI version 2.2 in 2010, IPv6-based PXE became a part of the specification. The code to PXE is included in the UEFI firmware on the motherboard or within the NIC firmware read-only memory.
EDK II is UEFI’s open-source implementation developed and maintained by Tianocore, a community of developers leveraging the project for their own UEFI implementations. It incorporates NetworkPkg, a TCP/IP stack, to enable network functionalities during the initial PXE stage, allowing remote configuration and booting of networked computers.
According to Quarkslab’s blog post, all nine issues were discovered in the TianoCore EFI Development Kit II (EDK II) and affect UEFI firmware from AMI, Intel, Insyde, and Phoenix Technologies. Threat actors can exploit them for remote code execution, denial-of-service, DNS cache poisoning, and leakage of sensitive information. The vulnerabilities’ details are as follows:
CVE-2023-45229 (CVSS rating 6.5) and CVE-2023-45230 (CVSS rating 8.3) are vulnerabilities in DHCPv6 that cause integer underflow and buffer overflow in the DHCPv6 client.
CVE-2023-45231 (CVSS rating 6.5) and CVE-2023-45232 (CVSS rating 7.5) are vulnerabilities in a DHCPv6 Advertise message, causing out-of-bounds reads and infinite loops when parsing unknown or PadN options.
CVE-2023-45233 (CVSS rating 7.5) and CVE-2023-45234 (CVSS rating 8.3) are vulnerabilities in a DHCPv6 Advertise message causing an infinite loop when parsing a PadN option in the Destination Options header and the other affecting the processing of DNS Servers and Server ID options.
CVE-2023-45235 and CVE-2023-45236 are vulnerabilities affecting DHCPv6 proxy Advertise messages, with CVSS scores of 8.3 and 5.8, respectively, causing buffer overflow and predictable TCP initial sequence numbers. The ninth flaw is CVE-2023-45237 with a CVSS score of 5.3 and is related to a weakness in the pseudorandom number generator.
The list of vulnerabilities in EDK II devices is extensive, with the most severe being buffer overflow vulnerabilities for encouraging arbitrary code execution, potentially allowing attackers initial access and lateral movement.
Quarkslab contacted impacted software vendors to address the issue. Over half a year, they worked together to develop a patch without leaking any information. On January 16, 2024, a patch for fixing PixieFAIL at once was released with a firmware update.
The company has released proof-of-concept code for the first seven vulnerabilities, enabling defenders to detect infection attempts. The CERT Coordination Center has identified Insyde, AMI, Intel, and Phoenix Technologies as affected and published guidelines to deploy the fixes.
- Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
- Hackers can hijack your Bosch Thermostat and Install Malware
- Malware Turns Docker Servers into Traffic Boosted Crypto Miners
- CISA Warns of Exploited Flaws in Chrome and Excel Parsing Library
- Windows Defender SmartScreen Flaw Exploited with Phemedrone Stealer
Related news
Red Hat Security Advisory 2024-6849-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4419-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Red Hat Security Advisory 2024-3497-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1077-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1076-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1075-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1013-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1004-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 6638-1 - Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to