Recent findings have unveiled two critical vulnerabilities within various UEFI BIOS versions from multiple manufacturers, raising concerns about the integrity of the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and even replace firmware in UEFI BIOSes, particularly those from Insyde. With proof-of-concept code now publicly accessible, the potential for system compromise is significant. Manufacturers are actively working on BIOS updates to address these security gaps.
UEFI components from different manufacturers are vulnerable
The vulnerabilities stem from the exploitation of unprotected NVRAM variables, which the UEFI BIOS mistakenly treats as secure. According to a security advisory issued by CERT, the issues lie within the UEFI firmware applications “DTBios” and “BiosFlashShell” from DTResearch. The advisory states that improper handling of a runtime NVRAM variable allows for arbitrary writing, which can alter critical firmware structures, including the global Security2 architecture protocol used for SecureBoot verification. This flaw is particularly concerning as it is present in Microsoft-signed UEFI applications, making it exploitable across any UEFI-compatible system. The risk is categorized as “high,” with a CVSS score of 8.2.
Specifically, the vulnerability arises from the use of the NVRAM variable “IhisiParamBuffer,” which serves as a pointer for memory operations. This variable can be manipulated to bypass the Security2 architecture protocol, enabling the execution of unsigned UEFI binaries regardless of the SecureBoot settings. While some implementations lock this variable early in the boot process, those that do not remain susceptible to exploitation. In response, Microsoft has added 14 new hashes to its DBX database to prevent the execution of these vulnerable UEFI applications, and software updates are being rolled out by affected providers, particularly DTResearch.
Vulnerability in Insyde H2O UEFI app
Another vulnerability has been identified in the Insyde H2O UEFI firmware app, where attackers can infiltrate digital certificates due to insecure handling of an NVRAM variable. The CERT advisory highlights that the variable “SecureFlashCertData” is incorrectly regarded as trusted memory for digital certificates within the chain of trust. This oversight allows attackers to store their own certificates, enabling them to execute any firmware certified with these certificates during the early boot process. This vulnerability is classified as “high” risk, with a CVSS score of 7.8.
The vulnerability, dubbed “Hydroph0bia” as a play on “Insyde H2O,” has been thoroughly analyzed by its discoverer, who has also provided proof-of-concept code demonstrating the exploit. The core issue lies in the reliance on volatile NVRAM for trusted memory, which can be manipulated by common library functions, allowing unauthorized access to the variable contents. The CERT emphasizes the need for firmware updates from manufacturers to rectify these vulnerabilities and seal the security gaps.
It is noteworthy that the blocking or locking of UEFI variables is not consistently supported across firmware implementations, often lacking proper documentation. This inconsistency raises concerns about the widespread use of Insyde H2O software and its implications for system security. As the landscape of UEFI firmware vulnerabilities continues to evolve, timely updates and vigilant monitoring will be essential for maintaining system integrity.
