Header bannerHeader banner
Advisory ID:
BRLY-DVA-2023-029

[BRLY-DVA-2023-029] SMM memory corruption vulnerability in SMM module on Fujitsu device (SMRAM write)

July 2, 2024
Severity:
High
CVSS Score
8.2
Public Disclosure Date:
June 17, 2024

Summary

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Vendors Affected Icon

Vendors Affected

Fujitsu
Insyde
Affected Products icon

Affected Products

No items found.

Potential Impact

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors).

This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform

Summary

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Vulnerability Information

  • BINARLY internal vulnerability identifier: BRLY-DVA-2023-029
  • Fujitsu PSIRT assigned CVE identifier: CVE-2024-25079
  • CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Insyde-based Fujitsu firmware images with confirmed impact by BINARLY team

Device name Unpacked firmware SHA256 Firmware version IBV Module name Module GUID Module SHA256 Module kind
D3544-Sxx f14778c0170930f3b50f65f4901a85c20cdb5aa9b0a93b42eb80f68b37b9dac1 V5.0.0.13-R1.10.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 1b1c3a5604bc0b526d3eeb7d331f82f385f9e795048bd5daab474dcaf3226ba3 SmmModule
FUTRO S540 af93d5b6cf2713f2feb6b89d6b0d009aeea94412148c59dcc5b050d0eb0e40df V5.0.0.13-R1.12.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 523f857459adb5343386b437d3dfe765addcf468326d2f6305631cbf7d39685a SmmModule
FUTRO Q940 29cae5112d732659d5803885a10401cb743cfe81bcde6c392846956d71cf3f45 V5.0.0.13-R1.12.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 ebc16b3a60715c3716c66049944c1208ce8a8d9371b1083d7c7fa55fc2bfe6f1 SmmModule
D3543-Sxx 92ec57403ca64d2243969a19074f416eaac0ae22245d799363ead6bb7ce0fddf V5.0.0.13-R1.8.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 2c584fefea6d8c7300f8ede7cc3ba7fc8899197ce2c26b1dd4864c89e3955357 SmmModule
FUTRO S9010 GLK Refresh 0ce1298658adb71a65b752a8ce52f113ec3709cd99942c552f5a10f254a8e907 V5.0.0.13-R1.24.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 a66cda050c7ad8e272de0d5df9a8275af1c0cdcc9f48f89f646daf6dee2d79ef SmmModule
FUTRO S740 da432fce299bff1157c01be1b75c522bb69a95525eec3b414af980ba51193a21 V5.0.0.13-R1.12.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 2af11f6eb5233fdb33fb2ab96ecd4eee0202530d6d68c5e0b3ebcc46629f5381 SmmModule
FUTRO S5010 GLK Refresh 5F65D21A-8867-45D3-A41A-526F9FE2C598 89bf3ab1bf40a51de07a1c002a769e897ce2b2441034f3e2bb95f45a4d8c9344 V5.0.0.13-R1.24.0 AMI HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 779d2240154619872ee9beae7e71fc7658f751b5f0b3006ae5fa852eee5c43c1 SmmModule
STYLISTIC Q509 b608aba18534f4823198f4700cec0c2b9ad75a63aba973e0ff5824b10e803d40 1.32 Insyde HeciSmm c4491f51-66b9-4590-95e4-e2b4ad777703 b3d6364480823364f98d4f9f0ab91ebd0bb1acedd79d3fab0220b8a07c37619b SmmModule

Potential impact

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors).

Vulnerability description

Let's consider the vulnerability on the example of a module with SHA256 1b1c3a5604bc0b526d3eeb7d331f82f385f9e795048bd5daab474dcaf3226ba3. The pseudocode of the vulnerable ChildSwSmiHandler function (with the HandlerType: EFI_HECI_SMM_PROTOCOL_GUID) is presented below:

MACRO_EFI __fastcall ChildSwSmiHandler(
        EFI_HANDLE DispatchHandle,
        const void *Context,
        unsigned int *CommBuffer,
        UINTN *CommBufferSize)
{
  __int64 Command; // rax
  __int64 v7; // rax
  __int64 v8; // rax
  __int64 v9; // rax
  __int64 v10; // rax
  __int64 v11; // rax
  __int64 v12; // rdx
  __int64 v13; // r8
  int v14; // r9d
  unsigned int v15; // ebp
  __int64 v16; // rbx
  __int64 v17; // rax
  __int64 v18; // rax
  __int64 v19; // rax
  __int64 v20; // rax
  __int64 v21; // r8
  __int64 v22; // r9
  __int64 v23; // rdx
  char v24; // [rsp+28h] [rbp-40h]
  EFI_HANDLE Handle; // [rsp+30h] [rbp-38h] BYREF
  __int64 v26; // [rsp+38h] [rbp-30h] BYREF
  EFI_SMM_SW_REGISTER_CONTEXT RegisterContext; // [rsp+40h] [rbp-28h] BYREF
  EFI_SMM_SW_DISPATCH2_PROTOCOL *EfiSmmSwDispatch2Protocol; // [rsp+48h] [rbp-20h] BYREF
  EFI_HANDLE DispatchHandlea[2]; // [rsp+50h] [rbp-18h] BYREF
  char v30; // [rsp+80h] [rbp+18h] BYREF

  if ( CommBuffer && CommBufferSize && *CommBufferSize >= 0x18 )
  {
    if ( !ValidateMemoryBuffer(CommBuffer, *CommBufferSize) )
      return 0;
    if ( (*(gPhysicalAddr + 0x78040) & 0xF0000) != 0 )
      return EFI_UNSUPPORTED;
    Command = *CommBuffer;
    if ( *CommBuffer <= 6 )
    {
      if ( *CommBuffer == 6 )
      {
        if ( !ValidateMemoryBuffer(CommBuffer + 4, 8) )
          return 0;
        v11 = sub_1624(CommBuffer[4], CommBuffer[5]);
        goto LABEL_48;
      }
      ...
    }
    ...
  }
  ...
}

Inside the sub_1624 function, another function (sub_1624) with the same parameter (CommBuffer[4]) will be called:

unsigned __int64 __fastcall sub_1624(__int64 a1, int a2)
{
  __int64 v3; // rax
  unsigned int v4; // r10d
  unsigned int v5; // ebx
  __int64 v6; // r11

  v3 = sub_ED0(a1);
  ...
}

The pseudocode of the sub_ED0 function is shown below:

__int64 __fastcall sub_ED0(int Value)
{
  __int64 v1; // rbx
  _DWORD *Addr; // rdx
  __int64 (**v3)(void); // rax
  __int64 v4; // r11
  int v6; // eax
  int v7; // ecx
  __int64 v8; // [rsp+38h] [rbp+10h]
  __int64 (**v9)(void); // [rsp+40h] [rbp+18h] BYREF

  v1 = 0;
  v9 = 0;

  // Controllable Value + integer overflow:
  // * Value is controllable by the attacker(CommBuffer[4])
  // * Due to the integer overflow, Address can take
  //    any value in 32-bit address space
  //    that is a multiple of the page size (0x1000)
  Addr = (((Value + 120) << 12) + 0xE0000000);
  if ( *(((Value + 120) << 12) + 0xE0000002) == 0xFFFF )
  {
    if ( Value == 1 )
    {
      v3 = gEfiHeci2PmProtocol;
      if ( gEfiHeci2PmProtocol )
      {
        v4 = 0;
      }
      else
      {
        v4 = sub_1B3C(&v9);
        v3 = v9;
      }
      if ( v4 >= 0 )
      {
        if ( v3 )
          return v3[3]();
      }
    }
    return v1;
  }
  else
  {
    v6 = *(((Value + 120) << 12) + 0xE0000010);
    v7 = 0;
    v8 = Addr[4] & 0xFFFFFFF0;
    if ( (v6 & 6) == 4 )
    {
      v7 = Addr[5];
      HIDWORD(v8) = v7;
    }
    if ( (Addr[4] & 0xFFFFFFF0) != 0 || v7 )
    {
      Addr[1] |= 0x106; // unchecked write (SMRAM corruption)
      return v8;
    }
    else
    {
      return 0;
    }
  }
}

Since attacker is able to control Ptr and the offset ((Ptr + 120) << 12) is not checked, attacker is able to control Addr pointer and perform an arbitrary write operation here:

Addr[1] |= 0x106; // unchecked write (SMRAM corruption)

It should be noted that the sub_ED0 function is reachable from several locations within the SMI handler.

In order to fix this vulnerability, all user-controllable offsets and pointers should be checked.

Disclosure Timeline

Disclosure Activity Date (YYYY-mm-dd)
Fujitsu PSIRT is notified 2023-12-22
Fujitsu PSIRT informed Insyde 2024-01-22
Insyde PSIRT confirmed issue 2024-01-24
Insyde PSIRT provide patch release 2024-05-13
Binarly Public Disclosure Date 2024-06-17

Acknowledgements

Binarly REsearch Team

Tags
Fujitsu
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner