Security Advisory

18. Overflow in Processing of AuthVarKeyDatabase


When the UEFI Variable AuthVarKeyDatabase is used, it may be possible to overflow a statically allocated buffer.


The variable AuthVarKeyDatabase is an authenticated variable. Its contents may not be changed without access to an authorized private key. This limits the severity of the issue. EDK2 maintainers have assessed that this issue violates the threat model and does not require explicit mitigation. This issue requires an attacker to introduce inconsistency into internal data structures in the variable storage area. The EDK2 architecture requires internal data structures to be protected in implementation. An attacker capable of bypassing this protection may introduce many other inconsistencies. EDK2 SVN added a comment to the source file in order to clarify this.


Reported by Rafal Wojtczuk from Bromium and Corey Kallenberg from MITRE.


• USRT M1246