Sign-up

ID

VAR-201501-0774


CVE

CVE-2014-8274


TITLE

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Trust: 0.8

sources: CERT/CC: VU#976132

DESCRIPTION

plural UEFI In the system, EFI S3 Resume Boot Path Used in boot script Does not properly restrict access to. MITRE of Rafal Wojtczuk Mr and Corey Kallenberg He says: * "During the UEFI S3 Resume path, a boot script is interpreted to re-initialize the platform. The boot script dictates various memory and port read/write operations to facilitate this re-initialization. The boot script is interpreted early enough where important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protects the platform firmware against arbitrary writes, is unlocked. TSEGMB, which protects SMRAM against DMA, is also unlocked. * Given this, the boot script is in a security critical position and maintaining its integrity is important. However, we have discovered that on certain systems the boot script resides in unprotected memory which can be tampered with by an attacker with access to physical memory." * (UEFI S3 Resume path So for the platform re-initialization boot script Is used. boot script Contains various read and write operations to various memory and ports for reinitialization, boot script The platform security settings are not fully configured when is run. For example, restrict writing to firmware BIOS_CNTL Is not locked. As well DMA by SMRAM Restrict writing to TSEGMB Is also not locked. * boot script Is important for security and must be kept intact. But we have a specific system boot script Has been found to be tampered with by attackers who have access to physical memory and are located in unprotected memory space. )By users with physical access to the system Secure Boot Could be bypassed. Also, even if the settings require an appropriate digital signature for firmware update, the firmware may be rewritten to arbitrary contents. further, SMRAM The contents of the area may be obtained or rewritten, or the firmware may be destroyed, rendering the system inoperable. UEFI is a standard that describes the type interface in detail. This interface is used by the operating system to automatically load from a pre-booted operating environment to an operating system. There are local security bypass vulnerabilities in multiple product UEFI systems. Attackers with physical access to the computer running the vulnerable firmware can exploit this issue to bypass certain security restrictions and trigger denial-of-service conditions. Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges

Trust: 2.34

sources: CERT/CC: VU#976132 // JVNDB: JVNDB-2015-001003 // CNVD: CNVD-2015-00285 // BID: 71873 // VULMON: CVE-2014-8274

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-00285

AFFECTED PRODUCTS

vendor:american megatrends incorporated amimodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:insydemodel: - scope: - version: -

Trust: 0.8

vendor:intelmodel: - scope: - version: -

Trust: 0.8

vendor:lenovomodel: - scope: - version: -

Trust: 0.8

vendor:phoenixmodel: - scope: - version: -

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

vendor:intelmodel:uefi systemsscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc with intel core i5 processorscope:eqversion:0

Trust: 0.6

vendor:intelmodel:nuc with intel core i3 processorscope:eqversion:0

Trust: 0.6

sources: CERT/CC: VU#976132 // CNVD: CNVD-2015-00285 // BID: 71873 // JVNDB: JVNDB-2015-001003

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-8274
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2015-001003
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00285
value: MEDIUM

Trust: 0.6

NVD: CVE-2014-8274
severity: MEDIUM
baseScore: 6.2
vectorString: NONE
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2015-001003
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-00285
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#976132 // CNVD: CNVD-2015-00285 // JVNDB: JVNDB-2015-001003

THREAT TYPE

local

Trust: 0.9

sources: BID: 71873 // CNNVD: CNNVD-201502-027

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001003

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#976132

PATCH
title:INTEL-SA-00041 - BIOS Security Updates for Multiple Issuesurl:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00041&languageid=en-fr
Trust: 0.8
title:EFI Boot Script Specification v0.91url:http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-boot-script-specification-v091.html
Trust: 0.8
title:Patch for multiple product UEFI system local security bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/53960
Trust: 0.6
title: - url:https://github.com/river-li/awesome-uefi-security 
Trust: 0.1
title:Publicationsurl:https://github.com/abazhaniuk/Publications 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-00285 // 
            
            
            
            VULMON: CVE-2014-8274 // 
            
            
            
            JVNDB: JVNDB-2015-001003

EXTERNAL IDS
db:CERT/CCid:VU#976132
Trust: 2.6
db:NVDid:CVE-2014-8274
Trust: 2.4
db:BIDid:71873
Trust: 1.6
db:JVNid:JVNVU91050570
Trust: 0.8
db:JVNDBid:JVNDB-2015-001003
Trust: 0.8
db:CNVDid:CNVD-2015-00285
Trust: 0.6
db:CNNVDid:CNNVD-201502-027
Trust: 0.6
db:VULMONid:CVE-2014-8274
Trust: 0.1
sources:
            
            
            CERT/CC: VU#976132 // 
            
            
            
            CNVD: CNVD-2015-00285 // 
            
            
            
            VULMON: CVE-2014-8274 // 
            
            
            
            BID: 71873 // 
            
            
            
            JVNDB: JVNDB-2015-001003 // 
            
            
            
            CNNVD: CNNVD-201502-027

REFERENCES
url:http://www.kb.cert.org/vuls/id/976132
Trust: 1.8
url:http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-boot-script-specification-v091.html
Trust: 1.1
url:http://support.lenovo.com/us/en/product_security/s3_boot_protect
Trust: 0.8
url:https://support.apple.com/en-us/ht204942
Trust: 0.8
url:http://support.dell.com
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8274
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91050570/index.html
Trust: 0.8
url:http://www.securityfocus.com/bid/71873
Trust: 0.7
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8274
Trust: 0.6
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00041&languageid=en-fr
Trust: 0.3
url:https://github.com/river-li/awesome-uefi-security
Trust: 0.1
sources:
            
            
            CERT/CC: VU#976132 // 
            
            
            
            CNVD: CNVD-2015-00285 // 
            
            
            
            VULMON: CVE-2014-8274 // 
            
            
            
            BID: 71873 // 
            
            
            
            JVNDB: JVNDB-2015-001003 // 
            
            
            
            CNNVD: CNNVD-201502-027

CREDITS
Rafal Wojtczuk, and Corey Kallenberg.
Trust: 0.9
sources:
            
            
            BID: 71873 // 
            
            
            
            CNNVD: CNNVD-201502-027

SOURCES
db:CERT/CCid:VU#976132
db:CNVDid:CNVD-2015-00285
db:VULMONid:CVE-2014-8274
db:BIDid:71873
db:JVNDBid:JVNDB-2015-001003
db:CNNVDid:CNNVD-201502-027

LAST UPDATE DATE
2024-09-09T23:10:47.223000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#976132date:2015-08-03T00:00:00
db:CNVDid:CNVD-2015-00285date:2015-01-14T00:00:00
db:BIDid:71873date:2015-01-05T00:00:00
db:JVNDBid:JVNDB-2015-001003date:2015-01-07T00:00:00
db:CNNVDid:CNNVD-201502-027date:2015-02-03T00:00:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#976132date:2015-01-05T00:00:00
db:CNVDid:CNVD-2015-00285date:2015-01-14T00:00:00
db:BIDid:71873date:2015-01-05T00:00:00
db:JVNDBid:JVNDB-2015-001003date:2015-01-07T00:00:00
db:CNNVDid:CNNVD-201502-027date:2015-01-05T00:00:00