A series of security vulnerabilities has been revealed in the PixieFail TCP/IP network protocol stack of the open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification, a widely used system in modern computers.
READ: Firework-Related Ocular Trauma Higher in Areas Without Firework Bans
PixieFail
Termed PixieFail by Quarkslab, these nine vulnerabilities are present in the TianoCore EFI Development Kit II (EDK II) and have the potential for remote code execution, denial-of-service (DoS) attacks, DNS cache poisoning, and leakage of sensitive information.
The affected UEFI firmware, responsible for booting the operating system, includes versions from AMI, Intel, Insyde, and Phoenix Technologies. These vulnerabilities specifically impact EDK II, which integrates its own TCP/IP stack called NetworkPkg. This stack facilitates network functionalities during the initial Preboot eXecution Environment (PXE) stage, allowing for crucial management tasks even in the absence of a running operating system.
To elaborate, PXE serves as a client-server interface designed to boot a device from its network interface card (NIC). This mechanism enables networked computers without a loaded operating system to be configured and booted remotely by an administrator. The PXE code is embedded as part of the UEFI firmware on the motherboard or within the NIC firmware read-only memory (ROM).
The PixieFail vulnerabilities identified by Quarkslab within the EDK II’s NetworkPkg encompass various issues, including overflow bugs, out-of-bounds reads, infinite loops, and the utilization of a weak pseudorandom number generator (PRNG). These vulnerabilities can lead to DNS and DHCP poisoning attacks, information leakage, denial of service, and data insertion attacks at both the IPv4 and IPv6 layers.
This disclosure emphasizes the potential risks associated with these vulnerabilities in widely used UEFI firmware, raising concerns about the security of modern computer systems. As the PixieFail flaws pose a range of threats, from remote code execution to sensitive data exposure, it underscores the critical need for timely patching and security measures to mitigate potential risks to the UEFI ecosystem.