Lenovo has released a security notification for its computers.
Computer maker Lenovo has issued a security alert for its users, Lenovo Security Advisory LEN-8324 . This is a vulnerability in the firmware (firmware) produced by the company of computers, including in the well-known series of notebooks ThinkPad . The vulnerability can be attributed to the type of Local Privilege Escalation, since it allows an attacker to execute code in the microprocessor mode System Management Mode (SMM). The SMM code is the most privileged from the point of view of the system, since its execution priority is even higher than that of the operating system or hypervisor running on the system that can control the virtual machines.
Lenovo does not disclose information about the vulnerability, however, it is obvious that we are talking about the vulnerability, the details of which were published several days ago by a security account reader under the nickname Cr4sh . The researcher presented his research results on the protection of the firmware of ThinkPad notebooks and published information about vulnerabilities in the implementation of BIOS_CNTL and SPI Protected Ranges (PRx) protection mechanisms that allow the firmware code to protect the SPI flash-memory (NVRAM) regions from being overwritten. Such protection does not allow modifying legitimate executable firmware code or integrating extraneous code, for example, a backdoor into SMRAM memory.
')
The exploit demonstrated by the expert not only allows you to bypass the SPI Protected Ranges protection mechanism to write your SMM code, but also execute it using the 0day vulnerability in the Lenovo firmware. The SPI Protected Ranges protection mechanism introduces the concept of special registers with the names PRx, which allow the firmware code to specify write-protected SPI flash memory regions. Since the PRx registers are not writable by anyone except the firmware code, the exploit uses a special method to install them, similar to how the firmware code itself does.
Since the reset of the PRx system registers is possible when the computer goes into S3 sleep mode, the firmware code saves them to a special structure called the Boot Script Table for later restoring them from there after returning from this mode. By modifying this structure and simulating a return from S3 mode, the attacker's code can load new values into registers after waking up, i.e., reset them. However, to protect against this method of operation, the UEFI standard regulates the use of a special protection mechanism of the Boot Script Table called the SMM LockBox. SMM LockBox protection is successfully exploited using special system operations.
Fig. Exploit demonstration, successful modification of the PRx registers.
Removing protection for modifying the chip's memory is used by an exploit involving the 0day vulnerability in the Lenovo firmware, which allows you to execute arbitrary SMM code using the callback function mechanism to bypass the SMM LockBox protection. The vulnerability is present in the Lenovo UEFI driver called SystemSmmRuntimeRt, which can cause a pointer function in the structure passed to it without checking this pointer to belong to the legitimate code.
Fig. Vulnerable driver in Lenovo UEFI firmware, which performs the function of a pointer from the structure without checking it.
According to information published by Lenovo, the company itself does not develop firmware for its computers, delegating these responsibilities to BIOS / UEFI manufacturers, which, in turn, apply for the development and code base of Intel and AMD.
According to Cr4sh, the vulnerability is related to the firmware from Intel and was present there before 2014. The vulnerable driver is included in the newest firmware version of the ThinkPad T450s (1.22) laptops, as well as the ThinkPad X220 (1.42). It can also potentially be located in Lenovo-made computers: ThinkCentre, ThinkStation, ThinkServer
The demonstrated vulnerability allows attackers to bypass such modern protection mechanisms as Secure Boot, Virtual Secure Mode, and Credential Guard on Windows 10. The Secure Boot protection measure prevents malware such as bootkits from gaining control over the user's system at an early stage of its loading. Disabling Secure Boot removes the security authentication measure of the OS loader from the firmware side.
Fig. Demonstration of arbitrary code execution in SMM.
We recommend that Lenovo computer owners wait for the appropriate firmware update and install it as soon as it is available.
Lenovo does not disclose information about the vulnerability, however, it is obvious that we are talking about the vulnerability, the details of which were published several days ago by a security account reader under the nickname Cr4sh . The researcher presented his research results on the protection of the firmware of ThinkPad notebooks and published information about vulnerabilities in the implementation of BIOS_CNTL and SPI Protected Ranges (PRx) protection mechanisms that allow the firmware code to protect the SPI flash-memory (NVRAM) regions from being overwritten. Such protection does not allow modifying legitimate executable firmware code or integrating extraneous code, for example, a backdoor into SMRAM memory.
')
The exploit demonstrated by the expert not only allows you to bypass the SPI Protected Ranges protection mechanism to write your SMM code, but also execute it using the 0day vulnerability in the Lenovo firmware. The SPI Protected Ranges protection mechanism introduces the concept of special registers with the names PRx, which allow the firmware code to specify write-protected SPI flash memory regions. Since the PRx registers are not writable by anyone except the firmware code, the exploit uses a special method to install them, similar to how the firmware code itself does.
Since the reset of the PRx system registers is possible when the computer goes into S3 sleep mode, the firmware code saves them to a special structure called the Boot Script Table for later restoring them from there after returning from this mode. By modifying this structure and simulating a return from S3 mode, the attacker's code can load new values into registers after waking up, i.e., reset them. However, to protect against this method of operation, the UEFI standard regulates the use of a special protection mechanism of the Boot Script Table called the SMM LockBox. SMM LockBox protection is successfully exploited using special system operations.
Fig. Exploit demonstration, successful modification of the PRx registers.
Removing protection for modifying the chip's memory is used by an exploit involving the 0day vulnerability in the Lenovo firmware, which allows you to execute arbitrary SMM code using the callback function mechanism to bypass the SMM LockBox protection. The vulnerability is present in the Lenovo UEFI driver called SystemSmmRuntimeRt, which can cause a pointer function in the structure passed to it without checking this pointer to belong to the legitimate code.
Fig. Vulnerable driver in Lenovo UEFI firmware, which performs the function of a pointer from the structure without checking it.
According to information published by Lenovo, the company itself does not develop firmware for its computers, delegating these responsibilities to BIOS / UEFI manufacturers, which, in turn, apply for the development and code base of Intel and AMD.
Since that time, Lenovo has been actively pursuing its own investigation, which remains ongoing. At this point, there has been a list of independent BIOS Vendors (IBVs). Independent BIOS vendors (IBVs) are software development firms that specialize in Lenovo, including Lenovo. The following standard industry practice has been established, for example, chip makers, such as Intel or AMD. Lenovo currently works with the industry’s three largest IBVs.
According to Cr4sh, the vulnerability is related to the firmware from Intel and was present there before 2014. The vulnerable driver is included in the newest firmware version of the ThinkPad T450s (1.22) laptops, as well as the ThinkPad X220 (1.42). It can also potentially be located in Lenovo-made computers: ThinkCentre, ThinkStation, ThinkServer
The demonstrated vulnerability allows attackers to bypass such modern protection mechanisms as Secure Boot, Virtual Secure Mode, and Credential Guard on Windows 10. The Secure Boot protection measure prevents malware such as bootkits from gaining control over the user's system at an early stage of its loading. Disabling Secure Boot removes the security authentication measure of the OS loader from the firmware side.
Fig. Demonstration of arbitrary code execution in SMM.
We recommend that Lenovo computer owners wait for the appropriate firmware update and install it as soon as it is available.
Source: https://habr.com/ru/post/304566/
All Articles