Описание
A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
The PKfail flaw was discovered in Secure Boot. It is a firmware supply-chain issue that affects hundreds of device models in the UEFI ecosystem. The Secure Boot "master key," known as the Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often not replaced by OEMs or device vendors. This issue results in devices shipping with untrusted keys. This issue allows an attacker with access to the private part of the PK to bypass Secure Boot by manipulating the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx).
Отчет
PKFail is a supply chain security issue in which an untrusted private key is used for firmware development and production devices. This helps attackers perform malicious operations due to many devices in the field connected to the same leaked key, used across multiple vendors for cryptographic data preservation. These encryption keys should ideally assure platform security of devices secured with Secure Boot. This vulnerability could allow an attacker to sign device firmware that can bypass the protections that Secure Boot enables, compromising the trust chain of the device firmware and operating system. Only privileged user with physical access or root access can use UEFI-update to do this. We recommend upgrading system firmware (to the last), please contact your hardware vendor for further updates.
Меры по смягчению последствий
The fix for PKfail is straightforward: the compromised key needs to be replaced and device vendors need to ship a firmware update.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
Уязвимость микропрограммного обеспечения UEFI (BIOS), связанная с возможностью использования жёстко закодированных ключей платформы, позволяющая нарушителю выполнить произвольный код до загрузки операционной системы
8.2 High
CVSS3