{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/434994#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nMultiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing attacks that can lead to code execution. These threats are collectively referred to as RingHopper attacks.\r\n\r\n\r\n### Description\r\nThe UEFI standard provides an open specification that defines a software interface between an operating system (OS) and the device hardware on the system.  UEFI can interface directly with hardware below the OS using SMM, a high-privilege CPU mode.  [SMM operations](https://edk2-docs.gitbook.io/edk-ii-secure-coding-guide/secure_coding_guidelines_intel_platforms/smm) are closely managed by the CPU using a dedicated portion of memory called the SMRAM.  The SMM can only be entered through System Management Interrupt (SMI) Handlers using a communication buffer.  SMI Handlers are essentially a system-call to access the CPU's SMRAM from its current operating mode, typically Protected Mode.\r\n\r\nA race condition involving the access and validation of the SMRAM can be achieved using DMA timing attacks that rely on time-of-use ([TOCTOU](https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use)) conditions. An attacker can use well-timed probing to try and overwrite the contents of SMRAM with arbitrary data, leading to attacker code being executed with the same elevated-privileges available to the CPU (i.e., [Ring -2 mode](https://en.wikipedia.org/wiki/System_Management_Mode)).  The asynchronous nature of SMRAM access via DMA controllers enables the attacker to perform such unauthorized access and bypass the verifications normally provided by the SMI Handler API.  \r\n\r\nThe Intel-VT and Intel VT-d technologies provide some protection against DMA attacks using Input-Output Memory Management Unit (IOMMU) to address DMA threats.  Although IOMMU can protect from DMA hardware attacks, SMI Handlers vulnerable to RingHopper may still be abused.  SMRAM verification involving [validation of nested pointers](https://www.sentinelone.com/labs/another-brick-in-the-wall-uncovering-smm-vulnerabilities-in-hp-firmware/ ) adds even more complexity when analyzing how various SMI Handlers are used in UEFI. \r\n\r\n### Impact\r\nAn attacker with either local or remote administrative privileges can exploit DMA timing attacks to elevate privileges beyond the operating system and execute arbitrary code in SMM mode (Ring -2). These attacks can be invoked from the OS using vulnerable SMI Handlers.  In some cases, the vulnerabilities can be triggered in the UEFI early boot phases (as well as sleep and recovery) before the operating system is fully initialized.\r\n\r\nA successful attack enables any of the following impacts:\r\n\r\n*     Invalidation or bypass of UEFI security features (SecureBoot, Intel BootGuard).\r\n*     Installation of persistent software that cannot be easily detected or erased.\r\n*     Creation of backdoors and back communications channels to exfiltrate sensitive data\r\n*     Interruption of system execution leading to permanent shutdown.\r\n\r\nBecause these attacks are against UEFI supported firmware, OS and EDR solutions may have diminished visibility into unauthorized access.\r\n\r\n\r\n### Solution\r\nInstall the latest stable version of UEFI firmware provided by your PC vendor or by the reseller of your computing environments. See the links below for resources and updates provided by specific vendors to address these issues.  \r\n\r\nIf your operating system supports automatic or managed updates for firmware, such as Linux Vendor Firmware Service ([LVFS](https://fwupd.org/lvfs/docs/users)), check (`fwupdmgr get-updates`) and apply the firmware updates provided by LVFS using `fwupdmgr update` as appropriate. \r\n\r\n### Acknowledgements\r\nThanks to the Intel iStare researchers Jonathan Lusky  and Benny Zeltser who discovered and reported this vulnerability. \r\n\r\nThis document was written by Vijay Sarvepalli and Jeffrey S. Havrilla.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Intel is releasing a public security advisory pertaining to this issue - INTEL-SA-00752 on November 8, 2022\r\nThis advisory will be available here on that date - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\r\nThis issue has been assigned CVE-2021-33164","title":"Vendor statment from Intel"},{"category":"other","text":"Fujitsu is aware of the vulnerabilities in Insyde firmware (InsydeH2O UEFI-BIOS) known as \"RingHopper\".\r\n\r\nFujitsu CCD (Client Computing Device) mobile devices are affected.\r\n\r\nThe Fujitsu PSIRT released FCCL-IS-2022-110801 on https://security.ts.fujitsu.com (Security Notices) accordingly.\r\n\r\nIn case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT (Fujitsu-PSIRT@ts.fujitsu.com).","title":"Vendor statment from Fujitsu Europe"},{"category":"other","text":"Some versions of Insyde's InsydeH2O product are affected by this vulnerabililty. Insyde has released mitigations for these. Public information and further details can be found on Insyde security page https://www.insyde.com/security-pledge.","title":"Vendor statment from Insyde Software Corporation"},{"category":"other","text":"We have reviewed our code and do NOT believe we are affected by this vulnerability.","title":"Vendor statment from Phoenix Technologies"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/434994"},{"url":"https://edk2-docs.gitbook.io/edk-ii-secure-coding-guide/secure_coding_guidelines_general","summary":"https://edk2-docs.gitbook.io/edk-ii-secure-coding-guide/secure_coding_guidelines_general"},{"url":"https://edk2-docs.gitbook.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/memory-protection-in-smm","summary":"https://edk2-docs.gitbook.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/memory-protection-in-smm"},{"url":"https://eclypsium.com/2020/01/30/direct-memory-access-attacks/","summary":"https://eclypsium.com/2020/01/30/direct-memory-access-attacks/"},{"url":"https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf","summary":"https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf"},{"url":"http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html","summary":"http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html"},{"url":"https://www.sentinelone.com/labs/another-brick-in-the-wall-uncovering-smm-vulnerabilities-in-hp-firmware/","summary":"https://www.sentinelone.com/labs/another-brick-in-the-wall-uncovering-smm-vulnerabilities-in-hp-firmware/"},{"url":"https://fwupd.org/lvfs/docs/users","summary":"https://fwupd.org/lvfs/docs/users"},{"url":"https://jvn.jp/vu/JVNVU96604488/","summary":"https://jvn.jp/vu/JVNVU96604488/"},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html","summary":"Reference(s) from vendor \"Intel\""},{"url":"https://www.dell.com/support/kbdoc/000207529","summary":"Reference(s) from vendor \"Dell\""}],"title":"Multiple race conditions due to TOCTOU flaws in various UEFI Implementations","tracking":{"current_release_date":"2024-05-06T18:18:02+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#434994","initial_release_date":"2022-11-08 17:02:19.010450+00:00","revision_history":[{"date":"2024-05-06T18:18:02+00:00","number":"1.20240506181802.8","summary":"Released on 2024-05-06T18:18:02+00:00"}],"status":"final","version":"1.20240506181802.8"}},"vulnerabilities":[{"title":"Various UEFI implementations are vulnerable to code execution in SMM by an attacker with ring 0 privileges to elevate to ring-2 and potentially execute arbitrary code.","notes":[{"category":"summary","text":"Various UEFI implementations are vulnerable to code execution in SMM by an attacker with ring 0 privileges to elevate to ring-2 and potentially execute arbitrary code. This can happen due to the asynchronous nature of the DMA controller, which continues to work while all cores (except the one in SMM) are suspended. An attacker can overwrite strategic places in the SMRAM and be able to execute arbitrary code on the target device."}],"cve":"CVE-2021-33164","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#434994"}],"product_status":{"known_affected":["CSAFPID-e05fe074-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e0601cc4-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e0604c9e-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e0610198-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e0618910-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e06201d8-3a6f-11f1-a172-0afffb3ee71d"],"known_not_affected":["CSAFPID-e0609122-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e060c728-3a6f-11f1-a172-0afffb3ee71d","CSAFPID-e06151ac-3a6f-11f1-a172-0afffb3ee71d"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-e05fe074-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-e0601cc4-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Hewlett Packard Enterprise","product":{"name":"Hewlett Packard Enterprise Products","product_id":"CSAFPID-e0604c9e-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-e0609122-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-e060c728-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-e0610198-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-e06151ac-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Dell","product":{"name":"Dell Products","product_id":"CSAFPID-e0618910-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-e061cace-3a6f-11f1-a172-0afffb3ee71d"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-e06201d8-3a6f-11f1-a172-0afffb3ee71d"}}]}}