Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14576

Опубликовано: 01 мар. 2023
Источник: redhat
CVSS3: 0

Описание

[REJECTED CVE] The PE32/PE32+/TE image formats contain an EFI_IMAGE_DATA_DIRECTORY[] array that can contain an EFI_IMAGE_DIRECTORY_ENTRY_SECURITY element. This element in the array, and the content it describes are not included in the signature verification. The content describes one or more WIN_CERTIFICATES that are used in signature verification. For obvious reasons the content itself cannot be part of the signature check (else by calculating it, it would change the signature itself). However, the DataDirectory entry itself, could be part of the signature check. It is currently not the case. Because it's not, it gives an attacker a lot of leaway to take an existing validly signed .efi, make the room for the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content larger, and start adding content to it, while still leaving the WIN_CERTIFICATE in tact enough to pass signature verification. This would allow an attacker to get arbitrary content inside of the the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY content mapped into memory, presumably with RWX or RX page protections. Hence having shellcode ready to go, in case an exploit is found somewhere (bypassing exploit mitigations).

Отчет

This CVE has been rejected as it does not consider this to be a security vulnerability, given that to exploit this you need another existing vulnerability. This is more of a second security layer/hardening feature. Red Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7ovmfNot affected
Red Hat Enterprise Linux 8edk2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=1883532edk2: DataDirectory security table element does not get included in signature verification

0 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-14576

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.

0 Low

CVSS3