Bug 1883532 (CVE-2019-14576)

Summary: CVE-2019-14576 edk2: DataDirectory security table element does not get included in signature verification
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: berrange, ddepaula, jferlan, kraxel, lersek, pbonzini, philmd, security-response-team, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
[REJECTED CVE] The PE32/PE32+/TE image formats contain an EFI_IMAGE_DATA_DIRECTORY[] array that can contain an EFI_IMAGE_DIRECTORY_ENTRY_SECURITY element. This element in the array, and the content it describes are not included in the signature verification. The content describes one or more WIN_CERTIFICATES that are used in signature verification. For obvious reasons the content itself cannot be part of the signature check (else by calculating it, it would change the signature itself). However, the DataDirectory entry itself, could be part of the signature check. It is currently not the case. Because it's not, it gives an attacker a lot of leaway to take an existing validly signed .efi, make the room for the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content larger, and start adding content to it, while still leaving the WIN_CERTIFICATE in tact enough to pass signature verification. This would allow an attacker to get arbitrary content inside of the the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content mapped into memory, presumably with RWX or RX page protections. Hence having shellcode ready to go, in case an exploit is found somewhere (bypassing exploit mitigations).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-03 13:52:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1883558    

Description Guilherme de Almeida Suckevicz 2020-09-29 13:49:45 UTC 
The PE32/PE32+/TE image formats contain an EFI_IMAGE_DATA_DIRECTORY[] array that can contain an EFI_IMAGE_DIRECTORY_ENTRY_SECURITY element. This element in the array, and the content it describes are not included in the signature verification. The content describes one or more WIN_CERTIFICATES that are used in signature verification.

For obvious reasons the content itself cannot be part of the signature check (else by calculating it, it would change the signature itself). However, the DataDirectory entry itself, could be part of the signature check. It is currently not the case.

Because it's not, it gives an attacker a lot of leaway to take an existing validly signed .efi, make the room for the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content larger, and start adding content to it, while still leaving the WIN_CERTIFICATE in tact enough to pass signature verification. This would allow an attacker to get arbitrary content inside of the the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content mapped into memory, presumably with RWX or RX page protections. Hence having shellcode ready to go, in case an exploit is found somewhere (bypassing exploit mitigations).

Reference:
https://bugzilla.tianocore.org/show_bug.cgi?id=2213
Comment 5 Riccardo Schirone 2021-02-03 13:52:36 UTC 
Closing this bug as WONTFIX because this is not going to be considered as a vulnerability, given that to exploit this you need another existing vulnerability. This is more of a second security layer/hardening feature.