Tianocore Security Advisories: 10 new entries for March

There are 10 new UEFI/Tianocore Security Advisories, 32-40. I don’t see 10 new CVEs, though…

32. DNS Packet Size Check: Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html

33. Opal BlockSid Setting Disabled after S3: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html

34. PartitionDxe and Udf Buffer Overflow: Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html

https://nvd.nist.gov/vuln/detail/CVE-2019-0160

35. Stack Overflow on Corrupted BMP: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html

36. Buffer Overflow in BlockIo service for RAM disk: Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html

37. XHCI stack local stack overflow: Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html

38. SW SMI Confused Deputy SmramSaveState.c: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html

39. Unlimited FV Recursion: Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html

40. AuthVariable Timestamp Zeroing on APPEND_WRITE: Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html

 

Tracking Intel BIOS and UEFI updates

Here’re two resources that you should be tracking, if you care about firmware security. In addition to OEM-specific sites, these are very useful to track updates in UEFI- and Intel-based systems:

1) TianoCore Security site, advisories, and list:
http://www.tianocore.org/security/
http://tianocore.sourceforge.net/wiki/Security
http://sourceforge.net/projects/edk2/files/Security_Advisory/

The Tianocore Security site has UEFI security vulnerability information impacting most UEFI-based vendors, including non-Intel vendors like ARM. The data is released as PDFs, and announced on their list. Tianocore doesn’t use NIST SCAP CVEs, look for these PDFs instead.

2) Intel Security Center site, and list:
https://security-center.intel.com/default.aspx
https://security-center.intel.com/advisories.aspx

The Intel Security Center site has BIOS/UEFI security vulnerability information impacting Intel-based systems. The data is released as web pages, and announced on their list.

Someone from your IT department should probably be subscribed to these mailing lists, and watch these lists and content for updates that may impact their systems.