Melting Glaciers, Rising Seas, and Rowboats

Will the rapidly rising tide of firmware vulnerabilities swamp your cybersecurity teams? Not if you lean into automation. 

News came out this week about a host of new firmware vulnerabilities. Specifically, a piece of common firmware – the Insyde Hardware-2-Operating System (H2O) UEFI firmware – was discovered to have 23 vulnerabilities. Of these, 10 involved SMM (System Management Mode) privilege escalation vulnerabilities, 12 were SMM memory corruption vulnerabilities, and one was a DXE (Driver eXecution Environment) vulnerability. The relevant CVEs are linked at the foot of this post for further research if desired.

SMM abuse is impactful and deeply damaging. SMM is outside of the normal processor security controls,  and attackers who compromise SMM are often able to:

• Bypass hardware security features like SecureBoot and Intel BootGuard
• Implant persistent code that can’t be erased by standard refresh or reimaging techniques
• Create backdoors and stealthy communications channels to exfiltrate sensitive data

We have written about SMM exploits often over the years. You can read Eclypsium’s earlier research and posts about Trickbot, remote UEFI attacks, and Evil Maid attacks that leverage SMM in posts going back the last few years. A favorite Eclypsium-authored primer on SMM attacks is a post called System Management Mode and Speculative Execution Attacks that goes all the way back to 2018. 

Over the last few months, however, it seems like a tipping point has been reached. In recent weeks we published news about the iLOBleed implant affecting HPE Gen8 and Gen9 servers, the Meris botnet targeting MikroTik routers, FinSpy bootloaders resurging and the Moonbounce UEFI implant showing up in the wild and impacting, well, almost everything. 

The list grows every week and the key point is simply this: 

UEFI compromises and active, firmware-level threats are the New Normal

You know how you, personally – the reader – went through a moment of realization recently that COVID had changed everything? When you realized we may always wear masks on airplanes? And that we’ll never really be able to relate to the antics of “The Office” like we once did because that version of our work environment is gone? 

Gone, too, are the days when only highly skilled, well-funded nation-state adversaries had the will and the smarts and the time to attack firmware. Gartner’s Peter Firstbrook was right when he said, at the end of 2020, “firmware may well be the next endpoint battleground.”

Adversaries have raised the global temperature but unfortunately our defensive tools – EDR, XDR and vulnerability management – have not kept up. The seas are rising, and for many cybersecurity professionals it seems like the melting of this last glacier (firmware) has brought the water to their necks.  

Providing a Rowboat 

There is still a high degree of confusion in the EDR, XDR and VM space around firmware. The term “firmware” has been used in many forms and in broad contexts, with some vendors claiming that they in fact do keep up with the firmware vulnerabilities. Some readers might see the claim above -– that EDR, XDR and vulnerability management tools have failed to keep up – and reject it. They might say, “I read a press release about firmware detection in my EDR vendor!” 

But securing the vast, heterogeneous, interconnected and fragile firmware foundations beneath our modern networks and compute stacks takes more than a “feature”. No one needs more alerts from a feature. Practitioners and strategists alike need a firmware security solution. 

That solution will:

• Identify firmware, wherever it is in the broad, distributed modern enterprise. Endpoints, servers, networked devices. Office networks, secure enclaves, or homes. By “identify” I mean it will:
  • Discover firmware through active and passive scanning
  • Unpack component-level details of firmware for every device  
  • Catalog firmware 
  • How we do it: Eclypsium detects vulnerable UEFI firmware versions based on OEM security advisories/changelog and UEFI updates OEMs publish to fix disclosed vulnerabilities

• Verify firmware, by comparing firmware component details against the world’s largest database of known-good firmware from global vendors. By “verify” I mean:
  • Assure the integrity of every piece of firmware
  • Verify that firmware hasn’t been altered in the supply chain
  • Assess firmware configurations against security best practices
  • How we do it: Eclypsium monitors persistent UEFI firmware (including SMM modules) for any unexpected modifications to detect post exploitation stages. SMM runtime vulnerabilities are often exploited by threat actors to bypass persistent firmware storage protections and modify UEFI firmware
• Fortify firmware in a way that automates a sensitive and time-intensive process:
  • Updating and patching it
  • Repairing it where needed
  • Detect IOCs and anomalies
  • How we do it: Eclypsium performs binary analysis over all extracted UEFI firmware binaries applying a number of heuristic methods and specific detection rules. Future Versions will include YARA rules specific to the disclosed vulnerabilities in InsydeH2O based UEFI firmware.     

Anything less than this solution is throwing out yet another life preserver, instead of launching a sturdy rowboat and pulling your teams on board. </preach>

Additional details on the recent CVEs can be found below.

_________________________________________________________________________

Relevant InsydeH20 CVEs: CVE-2020-27339 CVE-2020-5953 CVE-2021-33625 CVE-2021-33626 CVE-2021-33627 CVE-2021-41837 CVE-2021-41838 CVE-2021-41839 CVE-2021-41840 CVE-2021-41841 CVE-2021-42059 CVE-2021-42060 CVE-2021-42113 CVE-2021-42554 CVE-2021-43323 CVE-2021-43522 CVE-2021-43615 CVE-2021-45969 CVE-2021-45970 CVE-2021-45971 CVE-2022-24030 CVE-2022-24031 CVE-2022-24069

CVE Breakdown:

• SMM Callout (Privilege Escalation)
  • CVE-2020-5953, CVE-2021-41839, CVE-2021-41841, CVE-2021-41840, CVE-2020-27339, CVE-2021-42060, CVE-2021-42113, CVE-2021-43522, CVE-2022-24069, CVE-2021-43615
• SMM Memory Corruption
  • CVE-2021-41837,CVE-2021-41838, CVE-2021-33627, CVE-2021-45971, CVE-2021-33626, CVE-2021-45970, CVE-2021-45969, CVE-2022-24030, CVE-2021-42554, CVE-2021-33625, CVE-2022-24031, CVE-2021-43323
• DXE Memory Corruption
  • CVE-2021-42059

Current OEM CVE BreakDown (future updates to this list can be found here)  

• Fujitsu
  • CVE-2020-5953
  • CVE-2021-33625
  • CVE-2021-33626
  • CVE-2021-33627
  • CVE-2021-41837
  • CVE-2021-41838
  • CVE-2021-41839
  • CVE-2021-41840
  • CVE-2021-41841
  • CVE-2021-42059
  • CVE-2021-42060
  • CVE-2021-42113
  • CVE-2021-42554
  • CVE-2021-43323
  • CVE-2021-43522
  • CVE-2021-43615
  • CVE-2021-45969
• Intel
  • CVE-2020-5953
• Insyde
  • CVE-2020-27339   
  • It affects the driver IdeBusDxe. It was discovered by an external security researcher and entered as an incident on 14 October 2020. It was independently reported by Binarly as BRLY-2021-020 in September 2021. The code that resolved the issue can be found in the following kernel versions: Kernel 5.1: 05.16.25, Kernel 5.2: 05.26.25, Kernel 5.3: 05.35.25, Kernel 5.4: 05.43.25, Kernel 5.5: Unaffected
  • CVE-2020-5953    
    • It affects the driver AsfSecureBootSmm. This issue was discovered by a 3rd party security researcher on a version of InsydeH2O that supported a specific Intel chipset. Insyde engineers subsequently discovered that drivers with the same name on versions of InsydeH2O supporting other Intel chipsets were similarly vulnerable. Prior to disclosure, this issue was independently discovered by the Binarly efiXplorer team. The fixed versions were as follows (using the Intel code name): Intel Kaby Lake – 05.12.09.0074, Intel Cannon Lake – 05.34.03.0029, Intel Coffee Lake – 05.34.03.0029, Intel Whiskey Lake (on Cannon Lake) – 05.34.03.0029, Intel Whiskey Lake – 05.23.45.0023, Intel Whiskey Lake (Server/Embedded) – TBD, Intel Comet Lake – 05.23.04.0045, Intel Comet Lake (Server/Embedded) – 05.34.03.0029, Intel Mehlow – TBD, Intel Greenlow/Greenlow-R – TBD, Intel Ice Lake – 05.33.15.0034, Intel Rocket Lake – Unaffected, Intel Tiger Lake – 05.42.03.0010, Intel Alder Lake – Unaffected
  • CVE-2021-33625  
    • It was reported by the Binarly efiXplorer team. Fixes are available in the InsydeH2O kernel: Kernel 5.1: 05.16.23, Kernel 5.2: 05.26.23, Kernel 5.3: 05.35.23, Kernel 5.4: 05.43.22, Kernel 5.5: 05.51.22
  • CVE-2021-33626   
    • It affects the driver SmmResourceCheckDxe. This issue was discovered by Insyde engineering during an internal security review of several Insyde drivers and entered as a security incident on May 28, 2021. It was independently reported by Binaryly (BRLY-2021-013) in September 2021. It was fixed in the following Insyde kernel versions on June 1, 2021. Kernel 5.1: 05.16.23 Kernel 5.2: 05.26.23 Kernel 5.3: 05.35.23 Kernel 5.4: 05.43.23 Kernel 5.5: 05.51.23
  • CVE-2021-33627   
    • It affects the driver FwBlockServiceSmm. This issue was discovered by Insyde engineering during an internal security review and reported on 25 May 2021. It was independently reported by Binarly (BRLY-2021-011) in September 2021. It was fixed in the following Insyde kernel versions. Kernel 5.0: 05.08.29. Kernel 5.1: 05.16.29. Kernel 5.2: 05.26.29. Kernel 5.3: 05.35.29. Kernel 5.4: Unaffected. Kernel 5.5: Unaffected.
  • CVE-2021-41837  
    • It affects the AhciBusDxe driver. This issue was discovered by the Binarly efiXplorer team. The fixed versions of Kernel 5.0: 05.08.41, Kernel 5.1: 05.16.41, Kernel 5.2: 05.26.41, Kernel 5.3: 05.35.41, Kernel 5.4: 05.43.41, Kernel 5.5: 05.51.41
  • CVE-2021-41838   
    • It affects the driver NvmExpressDxe driver. This issue was discovered by the Binarly efiXplorer team. The fixed versions are Kernel 5.1: 05.16.42, Kernel 5.2: 05.26.42, Kernel 5.3: 05.35.42, Kernel 5.4: 05.43.42, Kernel 5.5: 05.51.42
  • CVE-2021-41839   
    • It affects the driver NvmExpressDxe. This issue was discovered by Insyde engineering during an internal security review of several Insyde drivers and entered as a security incident on May 28, 2021. It was independently reported by Binarly (BRLY-2021-017) in September 2021. It was fixed in the following Insyde kernel versions on June 18, 2021. Kernel 5.0: Unaffected. Kernel 5.1: 05.16.25 Kernel 5.2: 05.26.25 Kernel 5.3: 05.35.25 Kernel 5.4: 05.43.25 Kernel 5.5: 05.51.25
  • CVE-2021-41840   
    • It affects the driver SdHostDriver. This issue was discovered internally by during an Insyde code review but was not classified as a security incident until September 17, 2021. It was independently reported by Binarly (BRLY-2021-019) in September 2021. The code that fixed the issue can be found in the following Insyde kernel versions, starting on August 28, 2020. Kernel 5.0: not present. Kernel 5.1: not present. Kernel 5.2: 05.23.35 Kernel 5.3: 05.32.35 Kernel 5.4: 05.40.35 Kernel 5.5: not present.
  • CVE-2021-41841   
    • It affects the driver AhciBusDxe. This issue was discovered by a 3rd party security researcher and entered as a security incident on May 26, 2021. It was independently reported by Binarly (BRLY-2021-018) in September 2021. It was fixed in the following Insyde kernel versions on July 26, 2021. Kernel 5.0: 05.08.29 Kernel 5.1: 05.16.29 Kernel 5.2: 05.26.29 Kernel 5.3: 05.35.29 Kernel 5.4: 05.43.29 Kernel 5.5: 05.51.29
  • CVE-2021-42059   
    • It was reported by the Binarly efiXplorer team. It was fixed in the InsydeH2O kernel: Kernel 5.0 05.08.41, Kernel 5.1: 05.16.41, Kernel 5.2: 05.26.41, Kernel 5.3: 05.35.41, Kernel 5.4: 05.42.20, Kernel 5.5: unaffected.
  • CVE-2021-42060   
    • It was reported by the Binarly efiXplorer team. It was fixed in InsydeH2O versions kernel 5.0: 05.08.49, kernel 5.1: 05.16.49, kernel 5.2: 05.23.22, Kernel 5.3: 05.32.22, Kernel 5.4: unaffected, kernel 5.5: unaffected.
  • CVE-2021-42113   
    • It affects the StorageSecurityCommandDxe driver. It was discovered by the Binarly efiXplorer team. It is fixed in the InsydeH2O kernel: Kernel 5.1: 05.14.34, Kernel 5.2: 05.24.34, Kernel 5.3: 05.33.34, Kernel 5.4: unaffected. Kernel 5.5: unaffected.
  • CVE-2021-42554   
    • This affects the FvbServicesRuntimeDxe driver. It was reported by the Binarly efiXplorer team. It is fixed in the following InsydeH2O kernel versions: Kernel 5.0: 05.08.42, Kernel 5.1: 05.16.42, Kernel 5.2: 05.26.42, Kernel 5.3: 05.35.42, Kernel 5.4: 05.42.51, Kernel 5.5: 05.50.51
  • CVE-2021-43323   
    • This affects the UsbCoreDxe driver. It was reported by the Binarly efiXplorer team. The fixes are available for the Insyde kernel: Kernel 5.0: 05.08.45, Kernel 5.1: 05.16.45, Kernel 5.2: 05.26.45, Kernel 5.3: 05.35.45, Kernel 5.4: 05.43.45, Kernel 5.5: 05.51.45.
  • CVE-2021-43522  
    • An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
  • CVE-2021-43615  
    • This affects the HddPassword driver. It was reported by the Binarly efiXplorer team. It was fixed in the InsydeH2O kernel: Kernel 5.1: 05.16.23, Kernel 5.2: 05.23.22, Kernel 5.3: 05.32.22, Kernel 5.4: Unaffected, Kernel 5.5: Unaffected
  • CVE-2021-45969   
    • It affects the driver AhciBusDxe. This issue was discovered by Insyde engineering during an internal security review of several Insyde drivers and entered as a security incident on May 28, 2021. It was independently reported by Binaryly (BRLY-2021-016) in September 2021. It was fixed in the following Insyde kernel versions on June 18, 2021. It was fixed in the following versions: Kernel 5.1: 05.16.25 Kernel 5.2: 05.26.25 Kernel 5.3: 05.35.25 Kernel 5.4: 05.43.25 Kernel 5.5: 05.51.25. This issue was previously reported incorrectly as part of CVE-2020-27339.
  • CVE-2021-45970   
    • It affects the driver IdeBusDxe. This issue was discovered by Insyde engineering during an internal security review of several Insyde drivers and entered as a security incident on May 28, 2021. It was independently reported by Binarly (BRLY-2021-015) in September 2021. It was fixed in the following Insyde kernel versions on June 18, 2021. It was fixed in the following Insyde kernel versions: Kernel 5.1: 05.16.25 Kernel 5.2: 05.26.25 Kernel 5.3: 05.35.25 Kernel 5.4: 05.43.25 Kernel 5.5: 05.51.25. This issue was previously reported incorrectly as part of CVE-2020-27339.
  • CVE-2021-45971   
    • It affects the driver SdHostDriver. This issue was discovered by Insyde engineering during an internal security review of several Insyde drivers and entered as a security incident on May 28, 2021. It was independently reported by Binarly (BRLY-2021-012) in September 2021 It was fixed in the following Insyde kernel versions on June 18, 2021. Kernel 5.1: 05.16.25 Kernel 5.2: 05.26.25 Kernel 5.3: 05.35.25 Kernel 5.4: 05.43.25 Kernel 5.5: 05.51.25. It was previously reported incorrectly as part of CVE-2020-27339.
  • CVE-2022-24030   
    • This affects the AhciBusDxe driver. This issue was discovered by the Binarly efiXplorer team. The fixed versions of Kernel 5.0: 05.08.41, Kernel 5.1: 05.16.41, Kernel 5.2: 05.26.41, Kernel 5.3: 05.35.41, Kernel 5.4: 05.43.41, Kernel 5.5: 05.51.41
  • CVE-2022-24031   
    • This affects the NvmExpressDxe driver. This issue was discovered by the Binarly efiXplorer team. The fixed versions are Kernel 5.1: 05.16.42, Kernel 5.2: 05.26.42, Kernel 5.3: 05.35.42, Kernel 5.4: 05.43.42, Kernel 5.5: 05.51.42
  • CVE-2022-24069  
    • These issues affect a broad range of Insyde’s InsydeH2O products. They are not chipset specific, but they are specific to kernel versions, which are listed with each statement. We have disclosed these to all affected customers.