Devs Scramble To Fix Nine PixieFAIL Firmware Security Flaws, What You Should Know
Network booting is a fairly standard feature of computers, and you may notice it when starting up your computer at work or at home. Before getting into your operating system of choice, you may see a screen flash saying something about “PXE Booting,” and it may even require interaction to skip. This is known as the Preboot Execution Environment (PXE), or referenced as Pixie boot for the spelling, and is a feature that allows a computer to retrieve software from the network to boot to. Normally, it is a good method to set up infrastructure or flash devices with ease over the network.
Tianocore’s EDK II is an open-source implementation of the Unified Extensible Firmware Interface (UEFI) specification, which has both IPv4 and IPv6-based PXE. Within this, researchers at Quarkslab dug into the NetworkPkg PXE implementation and discovered nine vulnerabilities affecting Arm Ltd., Insyde Software, Intel, American Megatrends Inc., Phoenix Technologies Inc., and Microsoft Corporation. These vulnerabilities, listed below and online, can be executed either on the same local network or remotely, depending on the vulnerability, and can lead to “denial of service, information leakage, remote code execution, DNS cache poisoning, and network session hijacking.”
- CVE-2023-45229: Integer underflow in DHCPv6 Advertise message.
- CVE-2023-45230: Buffer overflow in the DHCPv6 client.
- CVE-2023-45231: Out of Bounds read in Ip6ProcessRedirect.
- CVE-2023-45232: Infinite loop in Ip6IsExtsValid.
- CVE-2023-45233: Infinite loop in Ip6IsOptionValid.
- CVE-2023-45234: Buffer overflow with DNS Servers option in a DHCPv6 Advertise message.
- CVE-2023-45235: Buffer overflow with Server ID option in DHCPv6 proxy Advertise message.
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers (ISNs).
- CVE-2023-45237: Weak PseudoRandom Number Generator
Perhaps we will also see this family of vulnerabilities at RSA Conference, BlackHat, DEF CON, or other security conferences which are not all that far away. In any event, it will certainly be interesting to see how updates and information unfold with this, so stay tuned to the Quarkslab report and HotHardware for any major updates.