ClickCease Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks

by Rohan Timalsina

February 15, 2024 - TuxCare expert team

A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail by Quarkslab, these nine vulnerabilities in the TianoCore EFI Development Kit II (EDK II) impact the network boot process, crucial for loading OS from the network. They could be leveraged by attackers, leading to remote code execution, denial-of-service (DoS) attacks, DNS cache poisoning, and the unauthorized leakage of sensitive data.

 

Nine PixieFail UEFI Vulnerabilities

 

The impact of these vulnerabilities extends to UEFI firmware developed by major companies such as AMI, Intel, Insyde, and Phoenix Technologies. The EDK II incorporates its own TCP/IP stack known as NetworkPkg, facilitating network functionalities during the initial Preboot eXecution Environment (PXE) stage. PXE enables devices to boot from their network interface card (NIC) and permits the remote configuration and booting of networked computers that lack a running operating system.

These vulnerabilities identified within the EDK II’s NetworkPkg encompass a variety of flaws, including mishandling DHCPv6 Advertise messages, causing integer underflow, and buffer overflows due to Server ID options. Such exploits occur before the OS loads, bypassing traditional security measures.

The list of all PixieFail vulnerabilities includes:

CVE-2023-45229 (CVSS score: 6.5) – Integer underflow in DHCPv6 Advertise message processing
CVE-2023-45230 (CVSS score: 8.3) – Buffer overflow in DHCPv6 client via Server ID option
CVE-2023-45231 (CVSS score: 6.5) – Out-of-bounds read in handling ND Redirect message
CVE-2023-45232 (CVSS score: 7.5) – Infinite loop in parsing unknown options
CVE-2023-45233 (CVSS score: 7.5) – Infinite loop in parsing PadN option
CVE-2023-45234 (CVSS score: 8.3) – Buffer overflow in processing DNS Servers option
CVE-2023-45235 (CVSS score: 8.3) – Buffer overflow in handling Server ID option
CVE-2023-45236 (CVSS score: 5.8) – Predictable TCP Initial Sequence Numbers
CVE-2023-45237 (CVSS score: 5.3) – Use of a weak pseudorandom number generator

 

Conclusion

 

The PixieFail vulnerabilities highlight the necessity for robust security measures in network boot setups. According to the CERT Coordination Center (CERT/CC), the impact and exploitability of these vulnerabilities vary depending on the specific firmware build and default PXE boot configuration. PXE, essential for network booting in enterprise systems, is utilized in both server and desktop environments.

Attackers must be on the same network as the target devices to exploit the PixieFail vulnerabilities. Quarkslab has also provided proof-of-concept (PoC) exploits to aid network administrators in identifying vulnerable devices.

 

The sources for this article include a story from Eclypsium.

Summary
Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks
Article Name
Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks
Description
Discover the critical PixieFail vulnerabilities in the IPv6 network stack of EDK II, an open-source reference implementation of UEFI.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!