Researchers Discover Multiple Serious Vulnerabilities in Tianocore Edk II
Researchers from the French company Quarkslab have uncovered a series of serious vulnerabilities in Tianocore Edk II, which is an open implementation of the Unified Extensible Firmware Interface (UEFI) specification. These vulnerabilities, collectively known as Pixiefail, have the potential to result in code removal, service disruption, information leakage, remote code execution, DNS cache poisoning, and network session interception. The vulnerabilities were discovered during an analysis of Networkpkg, a provider of network configuration drivers and applications.
Several major manufacturers, including Microsoft, ARM, Insyde, Phoenix Technologies, and Ami, utilize the vulnerable module. The Chief Technical Director of Quarkslab has also confirmed the presence of vulnerable code in Microsoft’s adaptation of Tianocore Edk II, known as Project Mu.
The following CVE identifiers have been assigned to the nine vulnerabilities:
| CVE Identifier | Vulnerability Description |
|---|---|
| CVE-2023-45229 | Lack of integers when processing IA_NA/IA_TA options in the DHCPV6 Advertise message |
| CVE-2023-45230 | Buffer overflow in the client DHCPV6 due to the long option SERVER ID |
| CVE-2023-45231 | Reading outside the array when processing truncated options in the ND Redirect message |
| CVE-2023-45232 | Endless cycle when analyzing unknown options in the Destination Options header |
| CVE-2023-45233 | Endless cycle when |