The branches for 4.14, .15, and 4.16 are created and ready for patches to be pushed.
After the patches are merged, I'll handle the releases.
Martin
On Mon, Apr 25, 2022 at 11:54 PM Shawn C shawn.chang@hardenedvault.net wrote:
Nice hunt, Arthur! The attack surface in coreboot is lesser than UEFI but the misconfig during the setup will lead to serious issue. This one is neat and worth a CVE. Please use CVE-2022-29264 as record:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29264
regards Shawn
------- Original Message ------- On Thursday, April 7th, 2022 at 10:43 PM, Arthur Heymans arthur@aheymans.xyz wrote:
Hi When refactoring the coreboot SMM setup I noticed that there is a security vulnerability in our SMM setup code. It boils down to this: except on the BSP the smihandler code will execute code at a random location, but most likely at offset 0. With some carefully crafted code a bootloader or the OS could place some code at that offset, generate an SMI on an AP and get control over SMM. More recent silicon has hardware mechanisms to avoid executing code outside the designated SMM area (TSEG) so those would not be affected. The commit introducing this problem is https://review.coreboot.org/c/coreboot/+/43684. Roughly it affects most x86 builds from end 2020/ beginning 2021 till now.
https://review.coreboot.org/c/coreboot/+/63478 fixes the problem. (Feel free to review the rest of that series as it makes the smm setup much more readable ;-)) Kind regards Arthur
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org