In UEFI-risers based on the open platform tianocore edk2, typically used on server systems, 9 vulnerabilities, collectively known as Pixiefail, have been discovered. These vulnerabilities, as reported by Quarkslab, are present in the network stack of the firmware used for network boot organization (PXE). The most critical vulnerabilities allow attackers to remotely execute their code at the firmware level in systems that allow PXE-loading through IPV6.
The less severe problems can lead to denial of service (blocking loading), information leakage, DNS cache poisoning, and interception of TCPs. While most of the vulnerabilities can be exploited from the local network, some of them also allow external network attacks. To demonstrate the attack techniques, Quarkslab has published prototypes of exploits.
UEFI Carries based on the Tianocore EdK2 platform are widely used in large companies, cloud providers, data centers, and computing clusters. The vulnerable module networkpkg, which implements PXE-load, is used in firmware developed by companies such as ARM, Insyde Software (instead of the H20 UEFI BIOS), American Megatrends (AMI Aptio OpenEdition), Phoenix Technologies (Phoenix SecureCore), Intel, Dell, and Microsoft (Project Mu). It was initially speculated that the vulnerabilities could also affect the ChromeOS platform, which includes the EDK2 package, but Google confirmed that this package is not used in ChromeBook firmware and therefore, the ChromeOS platform is not affected by the vulnerabilities.
The following vulnerabilities have been identified:
| CVE | Description |
|---|