VAR-201501-0774
Vulnerability from variot - Updated: 2024-04-19 23:01plural UEFI In the system, EFI S3 Resume Boot Path Used in boot script Does not properly restrict access to. MITRE of Rafal Wojtczuk Mr and Corey Kallenberg He says: * "During the UEFI S3 Resume path, a boot script is interpreted to re-initialize the platform. The boot script dictates various memory and port read/write operations to facilitate this re-initialization. The boot script is interpreted early enough where important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protects the platform firmware against arbitrary writes, is unlocked. TSEGMB, which protects SMRAM against DMA, is also unlocked. * Given this, the boot script is in a security critical position and maintaining its integrity is important. However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory." * (UEFI S3 Resume path So for the platform re-initialization boot script Is used. boot script Contains various read and write operations to various memory and ports for reinitialization, boot script The platform security settings are not fully configured when is run. For example, restrict writing to firmware BIOS_CNTL Is not locked. As well DMA by SMRAM Restrict writing to TSEGMB Is also not locked. * boot script Is important for security and must be kept intact. But we have a specific system boot script Has been found to be tampered with by attackers who have access to physical memory and are located in unprotected memory space. )By users with physical access to the system Secure Boot Could be bypassed. Also, even if the settings require an appropriate digital signature for firmware update, the firmware may be rewritten to arbitrary contents. further, SMRAM The contents of the area may be obtained or rewritten, or the firmware may be destroyed, rendering the system inoperable. UEFI is a standard that describes the type interface in detail. This interface is used by the operating system to automatically load from a pre-booted operating environment to an operating system. There are local security bypass vulnerabilities in multiple product UEFI systems. A verified local attacker can bypass the Secure boot and perform any re-brushing of the platform firmware. Attackers with physical access to the computer running the vulnerable firmware can exploit this issue to bypass certain security restrictions and trigger denial-of-service conditions. Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "uefi systems",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc with intel core i5 processor",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc with intel core i3 processor",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "BID",
"id": "71873"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafal Wojtczuk, and Corey Kallenberg.",
"sources": [
{
"db": "BID",
"id": "71873"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8274",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-001003",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2015-00285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2015-001003",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00285",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural UEFI In the system, EFI S3 Resume Boot Path Used in boot script Does not properly restrict access to. MITRE of Rafal Wojtczuk Mr and Corey Kallenberg He says: * \"During the UEFI S3 Resume path, a boot script is interpreted to re-initialize the platform. The boot script dictates various memory and port read/write operations to facilitate this re-initialization. The boot script is interpreted early enough where important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protects the platform firmware against arbitrary writes, is unlocked. TSEGMB, which protects SMRAM against DMA, is also unlocked. * Given this, the boot script is in a security critical position and maintaining its integrity is important. However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory.\" * (UEFI S3 Resume path So for the platform re-initialization boot script Is used. boot script Contains various read and write operations to various memory and ports for reinitialization, boot script The platform security settings are not fully configured when is run. For example, restrict writing to firmware BIOS_CNTL Is not locked. As well DMA by SMRAM Restrict writing to TSEGMB Is also not locked. * boot script Is important for security and must be kept intact. But we have a specific system boot script Has been found to be tampered with by attackers who have access to physical memory and are located in unprotected memory space. )By users with physical access to the system Secure Boot Could be bypassed. Also, even if the settings require an appropriate digital signature for firmware update, the firmware may be rewritten to arbitrary contents. further, SMRAM The contents of the area may be obtained or rewritten, or the firmware may be destroyed, rendering the system inoperable. UEFI is a standard that describes the type interface in detail. This interface is used by the operating system to automatically load from a pre-booted operating environment to an operating system. There are local security bypass vulnerabilities in multiple product UEFI systems. A verified local attacker can bypass the Secure boot and perform any re-brushing of the platform firmware. \nAttackers with physical access to the computer running the vulnerable firmware can exploit this issue to bypass certain security restrictions and trigger denial-of-service conditions. \nNote: Very limited information is currently available regarding this issue. We will update this BID as more information emerges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "BID",
"id": "71873"
},
{
"db": "VULMON",
"id": "CVE-2014-8274"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8274",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#976132",
"trust": 1.8
},
{
"db": "BID",
"id": "71873",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91050570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00285",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-8274",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "VULMON",
"id": "CVE-2014-8274"
},
{
"db": "BID",
"id": "71873"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
]
},
"id": "VAR-201501-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
}
]
},
"last_update_date": "2024-04-19T23:01:21.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00041 - BIOS Security Updates for Multiple Issues",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00041\u0026languageid=en-fr"
},
{
"title": "EFI Boot Script Specification v0.91",
"trust": 0.8,
"url": "http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-boot-script-specification-v091.html"
},
{
"title": "Patch for multiple product UEFI system local security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/53960"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/river-li/awesome-uefi-security "
},
{
"title": "Publications",
"trust": 0.1,
"url": "https://github.com/abazhaniuk/publications "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "VULMON",
"id": "CVE-2014-8274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/976132"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8274"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91050570/index.html"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/71873"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8274"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-boot-script-specification-v091.html"
},
{
"trust": 0.3,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00041\u0026languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://github.com/river-li/awesome-uefi-security"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "VULMON",
"id": "CVE-2014-8274"
},
{
"db": "BID",
"id": "71873"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"db": "VULMON",
"id": "CVE-2014-8274"
},
{
"db": "BID",
"id": "71873"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"date": "2015-01-05T00:00:00",
"db": "BID",
"id": "71873"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"date": "2015-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00285"
},
{
"date": "2015-01-05T00:00:00",
"db": "BID",
"id": "71873"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001003"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71873"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural UEFI In the system EFI S3 Resume Boot Path Used in boot script Is not properly protected",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-027"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…