Uncategorized

Linux kernel ACPI-centric CVE-2017-13694: Awaiting Analysis

CVE-2017-13694
Source: MITRE
Last Modified: 08/25/2017
CVE-2017-13694

This vulnerability is currently awaiting analysis.

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

https://nvd.nist.gov/vuln/detail/CVE-2017-13694

https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0
https://patchwork.kernel.org/patch/9806085/

Standard
Uncategorized

CVE-2017-11472: Linux kernel ACPI KASLR vulnerability

The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

[…]This causes a security threat because the old kernel (<= 4.9) shows memory locations of kernel functions in stack dump, therefore kernel ASLR can be neutralized. To fix ACPI operand leak for enhancing security, I made a patch which removes the ACPI_EXEC_APP define in acpi_ns_terminate() function for executing the deletion code unconditionally.[…]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11472
https://nvd.nist.gov/vuln/detail/CVE-2017-11472
https://vuldb.com/?id.104315
https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6
https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f

 

Standard
Uncategorized

Firmware Test Suite 17.07.00 released

Today Alex Hung of Canonical announced the latest release of FWTS. The list of New Features appears to all be ACPI-centric:

* acpi: bgrt: update according to acpi 6.1 errata (mantis 1577)
* acpi: method: update _PSD and _TSD tests according to ACPI 6.1 errata
* acpi: rsdp: revision 1 must have length 20 according to ACPI 6.1 errata
* acpi: method: Add _CPC revision 3 according to ACPI 6.2 (mantis 1611)
* acpi: hest: add new type 11 introduced in ACPI 6.2 (mantis 1649)
* acpi: srat: add new type 4 according to ACPI 6.2 (mantis 1656)
* acpi: method: update _GCP according to ACPI 6.2 (mantis 1703)
* acpi: hest: add notification type 11 according to ACPI 6.2 (mantis 1731)
* acpi: fadt: update minor version to 2 for ACPI 6.2 (mantis 1769)
* acpi: hest: add checks for GHES_ASSIST flag value in ACPI 6.2 (mantis 1674)
* acpi: wsmt: add wsmt test according to ACPI 6.2 (mantis 1585)
* ACPICA: Update to version 20170629
* acpi: tpm2: Add additional start method values
* acpi: iort: Add PMCG support

See the full announcement for list of Fixed Bugs (which aren’t ACPI-centric).

https://launchpad.net/ubuntu/+source/fwts
http://fwts.ubuntu.com/release/fwts-V17.07.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/17.07.00

Standard
Uncategorized

UEFI Forum recommends FWTS for it’s ACPI tests

FWTS has had ACPI tests for a while, and it’s basically the best public set of ACPI tests available. Better than anything the UEFI Forum has, like the SCTs. They’ve been using FWTS in the UEFI plugfests for a while, for ACPI purposes. Now the UEFI Forum is more formally recommending FWTS. Alex Hung of Canonical announces a new milestone for FWTS, the FirmWare Test Suite:

FWTS 17.03.00 is recommended as the ACPI 6.1 SCT

We have achieved another important milestone! The UEFI Board of Directors recommends Firmware Test Suite (FWTS) release 17.03.00 as the ACPI v6.1 Self-Certification Test (SCT), More information is available at:
http://www.uefi.org/testtools
Thank you all for who contributed patches, reported bugs, provided feedbacks and used FWTS in your work.

Thanks, FWTS, for having the best ACPI tests available!

 

Full announcement:
https://lists.ubuntu.com/mailman/listinfo/fwts-announce

 

Standard
Uncategorized

Nikolaj on recent UEFI/ACPI spec updates

[[[UPDATE:
William’s blog post on Nikolaj’s comments are more readable than below post:
http://www.basicinputoutput.com/2017/07/uefi-27-courtesy-of-nikolaj.html
]]

Nikolaj has over a dozen tweets showcasing the interesting new features in the latest UEFI and ACPI specs. Click on the above Twitter URL to see the full set.

 

Standard
Uncategorized

UEFI updates specs

The UEFI Forum has updated their specs.

UEFI Spec v2.7
http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_7.pdf

PI v1.6
http://www.uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf

ACPI v6.2
http://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdf

SCT v2.5A
http://www.uefi.org/testtools

http://uefi.org/specsandtesttools
http://uefi.org/specifications

Standard
Uncategorized

Linux kernel patch for ACPI HMAT support

Ross Zwisler of Intel posted a new patch to the Linux kernel, with support for the ACPI 6.2 HMAT (Heterogeneous Memory Attribute Table).

This series adds kernel support for the Heterogeneous Memory Attribute Table (HMAT) table, newly defined in ACPI 6.2. The HMAT table, in concert with the existing System Resource Affinity Table (SRAT), provides users with information about memory initiators and memory targets in the system. A “memory initiator” in this case is any device such as a CPU or a separate memory I/O device that can initiate a memory request. A “memory target” is a CPU-accessible physical address range. The HMAT provides performance information (expected latency and bandwidth, etc.) for various (initiator,target) pairs. This is mostly motivated by the need to optimally use performance-differentiated DRAM, but it also allows us to describe the performance characteristics of persistent memory. The purpose of this RFC is to gather feedback on the different options for enabling the HMAT in the kernel and in userspace.

==== Lots of details ====
[…]

See the patch, especially more details in comment documentation in part 0, on the linux-acpi mailing list posting.

http://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdf
http://vger.kernel.org/majordomo-info.html
http://marc.info/?l=linux-acpi&r=1&b=201706&w=2

 

Standard