According to the latest information from French network security company Quarkslab, UEFI vulnerability called PixieFAIL found recently, which allows hackers to remotely launch DoS attacks, execute arbitrary code, and hijack network sessions. Products including Microsoft, ARM, Google and other companies have been affected.
Relevant vulnerabilities mainly exist in the Intel TianoCore EDK II development environment and consist of 9 sub-vulnerabilities. The specific list is as follows:
- Integer overflow vulnerability : CVE-2023-45229
- Buffer overflow vulnerabilities : CVE-2023-45230, CVE-2023-45234, CVE-2023-45235
- Out-of-bounds read vulnerability : CVE-2023-45231
- Loop vulnerability : CVE-2023-45232, CVE-2023-45233
- TCP sequence number prediction vulnerability : CVE-2023-45236
- Weak pseudo-random number generator vulnerability : CVE-2023-45237
Researchers pointed out that many enterprise computers and servers currently use network boot operating systems. In order to provide related functions, UEFI needs to implement a complete IP stack in the driver execution environment (DXE) stage, thus forming related vulnerabilities that allow hackers to pre-boot. The execution environment (Preboot Execution Environment, PXE) intrudes into the local LAN computer and then performs malicious behavior.