xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-4.rst (revision ced1711297347f24fee45e75e73c7767507a0982) 
1*267f8085SPaul BeesleyAdvisory TFV-4 (CVE-2017-9607)
2*267f8085SPaul Beesley==============================
3*267f8085SPaul Beesley
44fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
54fe91230SJoel Hutton| Title          | Malformed Firmware Update SMC can result in copy or         |
64fe91230SJoel Hutton|                | authentication of unexpected data in secure memory in       |
74fe91230SJoel Hutton|                | AArch32 state                                               |
84fe91230SJoel Hutton+================+=============================================================+
912fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-9607`_                                            |
104fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
114fe91230SJoel Hutton| Date           | 20 Jun 2017                                                 |
124fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
134fe91230SJoel Hutton| Versions       | None (only between 22 May 2017 and 14 June 2017)            |
144fe91230SJoel Hutton| Affected       |                                                             |
154fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
164fe91230SJoel Hutton| Configurations | Platforms that use AArch32 BL1 plus untrusted normal world  |
174fe91230SJoel Hutton| Affected       | firmware update code executing before BL31                  |
184fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
194fe91230SJoel Hutton| Impact         | Copy or authentication of unexpected data in the secure     |
204fe91230SJoel Hutton|                | memory                                                      |
214fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
224fe91230SJoel Hutton| Fix Version    | `Pull Request #979`_ (merged on 14 June 2017)               |
234fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
244fe91230SJoel Hutton| Credit         | ARM                                                         |
254fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
264fe91230SJoel Hutton
274fe91230SJoel HuttonThe ``include/lib/utils_def.h`` header file provides the
284fe91230SJoel Hutton``check_uptr_overflow()`` macro, which aims at detecting arithmetic overflows
294fe91230SJoel Huttonthat may occur when computing the sum of a base pointer and an offset. This
304fe91230SJoel Huttonmacro evaluates to 1 if the sum of the given base pointer and offset would
314fe91230SJoel Huttonresult in a value large enough to wrap around, which may lead to unpredictable
324fe91230SJoel Huttonbehaviour.
334fe91230SJoel Hutton
344fe91230SJoel HuttonThe macro code is at line 52, referring to the version of the code as of `commit
354fe91230SJoel Huttonc396b73`_:
364fe91230SJoel Hutton
374fe91230SJoel Hutton.. code:: c
384fe91230SJoel Hutton
394fe91230SJoel Hutton    /*
404fe91230SJoel Hutton     * Evaluates to 1 if (ptr + inc) overflows, 0 otherwise.
414fe91230SJoel Hutton     * Both arguments must be unsigned pointer values (i.e. uintptr_t).
424fe91230SJoel Hutton     */
434fe91230SJoel Hutton    #define check_uptr_overflow(ptr, inc)       \
444fe91230SJoel Hutton        (((ptr) > UINTPTR_MAX - (inc)) ? 1 : 0)
454fe91230SJoel Hutton
464fe91230SJoel HuttonThis macro does not work correctly for AArch32 images. It fails to detect
474fe91230SJoel Huttonoverflows when the sum of its two parameters fall into the ``[2^32, 2^64 - 1]``
484fe91230SJoel Huttonrange. Therefore, any AArch32 code relying on this macro to detect such integer
494fe91230SJoel Huttonoverflows is actually not protected.
504fe91230SJoel Hutton
514fe91230SJoel HuttonThe buggy code has been present in ARM Trusted Firmware (TF) since `Pull Request
524fe91230SJoel Hutton#678`_ was merged (on 18 August 2016). However, the upstream code was not
534fe91230SJoel Huttonvulnerable until `Pull Request #939`_ was merged (on 22 May 2017), which
544fe91230SJoel Huttonintroduced AArch32 support for the Trusted Board Boot (TBB) feature. Before
554fe91230SJoel Huttonthen, the ``check_uptr_overflow()`` macro was not used in AArch32 code.
564fe91230SJoel Hutton
574fe91230SJoel HuttonThe vulnerability resides in the BL1 FWU SMC handling code and it may be
584fe91230SJoel Huttonexploited when *all* the following conditions apply:
594fe91230SJoel Hutton
604fe91230SJoel Hutton- Platform code uses TF BL1 with the ``TRUSTED_BOARD_BOOT`` build option.
614fe91230SJoel Hutton
624fe91230SJoel Hutton- Platform code uses the Firmware Update (FWU) code provided in
634fe91230SJoel Hutton  ``bl1/bl1_fwu.c``, which is part of the TBB support.
644fe91230SJoel Hutton
654fe91230SJoel Hutton- TF BL1 is compiled with the ``ARCH=aarch32`` build option.
664fe91230SJoel Hutton
674fe91230SJoel HuttonIn this context, the AArch32 BL1 image might fail to detect potential integer
684fe91230SJoel Huttonoverflows in the input validation checks while handling the
694fe91230SJoel Hutton``FWU_SMC_IMAGE_COPY`` and ``FWU_SMC_IMAGE_AUTH`` SMCs.
704fe91230SJoel Hutton
714fe91230SJoel HuttonThe ``FWU_SMC_IMAGE_COPY`` SMC handler is designed to copy an image into secure
724fe91230SJoel Huttonmemory for subsequent authentication. This is implemented by the
734fe91230SJoel Hutton``bl1_fwu_image_copy()`` function, which has the following function prototype:
744fe91230SJoel Hutton
754fe91230SJoel Hutton.. code:: c
764fe91230SJoel Hutton
774fe91230SJoel Hutton     static int bl1_fwu_image_copy(unsigned int image_id,
784fe91230SJoel Hutton                        uintptr_t image_src,
794fe91230SJoel Hutton                        unsigned int block_size,
804fe91230SJoel Hutton                        unsigned int image_size,
814fe91230SJoel Hutton                        unsigned int flags)
824fe91230SJoel Hutton
834fe91230SJoel Hutton``image_src`` is an SMC argument and therefore potentially controllable by an
844fe91230SJoel Huttonattacker. A very large 32-bit value, for example ``2^32 -1``, may result in the
854fe91230SJoel Huttonsum of ``image_src`` and ``block_size`` overflowing a 32-bit type, which
864fe91230SJoel Hutton``check_uptr_overflow()`` will fail to detect.  Depending on its implementation,
874fe91230SJoel Huttonthe platform-specific function ``bl1_plat_mem_check()`` might get defeated by
884fe91230SJoel Huttonthese unsanitized values and allow the following memory copy operation, that
894fe91230SJoel Huttonwould wrap around.  This may allow an attacker to copy unexpected data into
904fe91230SJoel Huttonsecure memory if the memory is mapped in BL1's address space, or cause a fatal
914fe91230SJoel Huttonexception if it's not.
924fe91230SJoel Hutton
934fe91230SJoel HuttonThe ``FWU_SMC_IMAGE_AUTH`` SMC handler is designed to authenticate an image
944fe91230SJoel Huttonresident in secure memory. This is implemented by the ``bl1_fwu_image_auth()``
954fe91230SJoel Huttonfunction, which has the following function prototype:
964fe91230SJoel Hutton
974fe91230SJoel Hutton.. code:: c
984fe91230SJoel Hutton
994fe91230SJoel Hutton    static int bl1_fwu_image_auth(unsigned int image_id,
1004fe91230SJoel Hutton                        uintptr_t image_src,
1014fe91230SJoel Hutton                        unsigned int image_size,
1024fe91230SJoel Hutton                        unsigned int flags)
1034fe91230SJoel Hutton
1044fe91230SJoel HuttonSimilarly, if an attacker has control over the ``image_src`` or ``image_size``
1054fe91230SJoel Huttonarguments through the SMC interface and injects high values whose sum overflows,
1064fe91230SJoel Huttonthey might defeat the ``bl1_plat_mem_check()`` function and make the
1074fe91230SJoel Huttonauthentication module read data outside of what's normally allowed by the
1084fe91230SJoel Huttonplatform code or crash the platform.
1094fe91230SJoel Hutton
1104fe91230SJoel HuttonNote that in both cases, a separate vulnerability is required to leverage this
1114fe91230SJoel Huttonvulnerability; for example a way to get the system to change its behaviour based
1124fe91230SJoel Huttonon the unexpected secure memory accesses.  Moreover, the normal world FWU code
1134fe91230SJoel Huttonwould need to be compromised in order to send a malformed FWU SMC that triggers
1144fe91230SJoel Huttonan integer overflow.
1154fe91230SJoel Hutton
1164fe91230SJoel HuttonThe vulnerability is known to affect all ARM standard platforms when enabling
1174fe91230SJoel Huttonthe ``TRUSTED_BOARD_BOOT`` and ``ARCH=aarch32`` build options.  Other platforms
1184fe91230SJoel Huttonmay also be affected if they fulfil the above conditions.
1194fe91230SJoel Hutton
12012fc6ba7SPaul Beesley.. _CVE-2017-9607: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9607
1214fe91230SJoel Hutton.. _commit c396b73: https://github.com/ARM-software/arm-trusted-firmware/commit/c396b73
1224fe91230SJoel Hutton.. _Pull Request #678: https://github.com/ARM-software/arm-trusted-firmware/pull/678
1234fe91230SJoel Hutton.. _Pull Request #939: https://github.com/ARM-software/arm-trusted-firmware/pull/939
1244fe91230SJoel Hutton.. _Pull Request #979: https://github.com/ARM-software/arm-trusted-firmware/pull/979
125