41. BootGuard TOCTOU - Security Advisory

Security Advisory

Search…

Security Advisory

1.0.0

Security Advisory

1. Insecure Default Secure Boot Policy for Option ROMs

2. Incorrect PKCS#1v1.5 Padding Verification for RSA Signature Check

3. UEFI Variable “Reinstallation”

4. Overwrite from Performance Data Variable

5. CommBuffer SMM Overwrite/Exposure

6. TOCTOU Issue with CommBuffer

7. SMRAM Overwrite in Fault Tolerant Write SMI Handler

8. SMRAM Overwrite in SmmVariableHandler

9. Integer/Heap Overflow in SetVariable

10. Heap Overflow in UpdateVariable

11. Overwrite from FirmwarePerformance Variable

12. Integer/Buffer Overflow in TpmDxe Driver

13. Protection of PhysicalPresence Variable

14. Boot Failure Related to UEFI Variable Usage

15. Buffer Overflows in Capsule Update

16. Boot Failure Related to TPM Measurements

17. Buffer Overflow in Variable Reclaim

18. Overflow in Processing of AuthVarKeyDatabase

19. Counter Based Authenticated Variable Issue

20. Honoring Memory Only Reset Control and correct MOR spec imlementation

21. TCG PP S4 issue

22. BIOS Password

23. OPAL driver has PP issue on BlockSid

24. OPAL driver has PSID issue

25. DHCP misses boundary check for network packet

26. SmmCore comm buffer check has TOCTOU issue

27. UEFI Variable Deletion/Corruption

28. EDK II Untested memory not covered by SMM page protection

29. Unauthenticated Firmware Chain-of-Trust Bypass

30. EDK II Authenticated Variable Bypass

31. EDK II TianoCompress Bounds Checking Issues

32. DNS Packet Size Check

33. Opal BlockSid Setting Disabled after S3

34. PartitionDxe and Udf Buffer Overflow

35. Stack Overflow on Corrupted BMP

36. Buffer Overflow in BlockIo service for RAM disk

37. XHCI stack local stack overflow

38. SW SMI Confused Deputy SmramSaveState.c

39. Unlimited FV Recursion

40. AuthVariable Timestamp Zeroing on APPEND_WRITE

41. BootGuard TOCTOU

Powered By GitBook

41. BootGuard TOCTOU

Description:
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Impact
Escalation of Privilege, Information Disclosure and/or Denial of Service
Severity
Medium 7.1 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Recommendation:
EDK II commits:
​https://github.com/tianocore/edk2-staging/tree/BootGuardTocTouVulnerabilityMitigation​
Patches:
​https://bugzilla.tianocore.org/attachment.cgi?id=316​
Readme:
​https://github.com/tianocore/edk2-staging/blob/BootGuardTocTouVulnerabilityMitigation/Readme.md​
Acknowledgments:
Trammel Hudson and Peter Bosch
References:
CVE-2019-11098
EDK II Bugzilla #1614​

40. AuthVariable Timestamp Zeroing on APPEND_WRITE

Last modified 2yr ago

Copy link

Contents

Recommendation:

Acknowledgments: