1+----------------+-------------------------------------------------------------+ 2| Title | Malformed Firmware Update SMC can result in copy or | 3| | authentication of unexpected data in secure memory in | 4| | AArch32 state | 5+================+=============================================================+ 6| CVE ID | `CVE-2017-9607`_ | 7+----------------+-------------------------------------------------------------+ 8| Date | 20 Jun 2017 | 9+----------------+-------------------------------------------------------------+ 10| Versions | None (only between 22 May 2017 and 14 June 2017) | 11| Affected | | 12+----------------+-------------------------------------------------------------+ 13| Configurations | Platforms that use AArch32 BL1 plus untrusted normal world | 14| Affected | firmware update code executing before BL31 | 15+----------------+-------------------------------------------------------------+ 16| Impact | Copy or authentication of unexpected data in the secure | 17| | memory | 18+----------------+-------------------------------------------------------------+ 19| Fix Version | `Pull Request #979`_ (merged on 14 June 2017) | 20+----------------+-------------------------------------------------------------+ 21| Credit | ARM | 22+----------------+-------------------------------------------------------------+ 23 24The ``include/lib/utils_def.h`` header file provides the 25``check_uptr_overflow()`` macro, which aims at detecting arithmetic overflows 26that may occur when computing the sum of a base pointer and an offset. This 27macro evaluates to 1 if the sum of the given base pointer and offset would 28result in a value large enough to wrap around, which may lead to unpredictable 29behaviour. 30 31The macro code is at line 52, referring to the version of the code as of `commit 32c396b73`_: 33 34.. code:: c 35 36 /* 37 * Evaluates to 1 if (ptr + inc) overflows, 0 otherwise. 38 * Both arguments must be unsigned pointer values (i.e. uintptr_t). 39 */ 40 #define check_uptr_overflow(ptr, inc) \ 41 (((ptr) > UINTPTR_MAX - (inc)) ? 1 : 0) 42 43This macro does not work correctly for AArch32 images. It fails to detect 44overflows when the sum of its two parameters fall into the ``[2^32, 2^64 - 1]`` 45range. Therefore, any AArch32 code relying on this macro to detect such integer 46overflows is actually not protected. 47 48The buggy code has been present in ARM Trusted Firmware (TF) since `Pull Request 49#678`_ was merged (on 18 August 2016). However, the upstream code was not 50vulnerable until `Pull Request #939`_ was merged (on 22 May 2017), which 51introduced AArch32 support for the Trusted Board Boot (TBB) feature. Before 52then, the ``check_uptr_overflow()`` macro was not used in AArch32 code. 53 54The vulnerability resides in the BL1 FWU SMC handling code and it may be 55exploited when *all* the following conditions apply: 56 57- Platform code uses TF BL1 with the ``TRUSTED_BOARD_BOOT`` build option. 58 59- Platform code uses the Firmware Update (FWU) code provided in 60 ``bl1/bl1_fwu.c``, which is part of the TBB support. 61 62- TF BL1 is compiled with the ``ARCH=aarch32`` build option. 63 64In this context, the AArch32 BL1 image might fail to detect potential integer 65overflows in the input validation checks while handling the 66``FWU_SMC_IMAGE_COPY`` and ``FWU_SMC_IMAGE_AUTH`` SMCs. 67 68The ``FWU_SMC_IMAGE_COPY`` SMC handler is designed to copy an image into secure 69memory for subsequent authentication. This is implemented by the 70``bl1_fwu_image_copy()`` function, which has the following function prototype: 71 72.. code:: c 73 74 static int bl1_fwu_image_copy(unsigned int image_id, 75 uintptr_t image_src, 76 unsigned int block_size, 77 unsigned int image_size, 78 unsigned int flags) 79 80``image_src`` is an SMC argument and therefore potentially controllable by an 81attacker. A very large 32-bit value, for example ``2^32 -1``, may result in the 82sum of ``image_src`` and ``block_size`` overflowing a 32-bit type, which 83``check_uptr_overflow()`` will fail to detect. Depending on its implementation, 84the platform-specific function ``bl1_plat_mem_check()`` might get defeated by 85these unsanitized values and allow the following memory copy operation, that 86would wrap around. This may allow an attacker to copy unexpected data into 87secure memory if the memory is mapped in BL1's address space, or cause a fatal 88exception if it's not. 89 90The ``FWU_SMC_IMAGE_AUTH`` SMC handler is designed to authenticate an image 91resident in secure memory. This is implemented by the ``bl1_fwu_image_auth()`` 92function, which has the following function prototype: 93 94.. code:: c 95 96 static int bl1_fwu_image_auth(unsigned int image_id, 97 uintptr_t image_src, 98 unsigned int image_size, 99 unsigned int flags) 100 101Similarly, if an attacker has control over the ``image_src`` or ``image_size`` 102arguments through the SMC interface and injects high values whose sum overflows, 103they might defeat the ``bl1_plat_mem_check()`` function and make the 104authentication module read data outside of what's normally allowed by the 105platform code or crash the platform. 106 107Note that in both cases, a separate vulnerability is required to leverage this 108vulnerability; for example a way to get the system to change its behaviour based 109on the unexpected secure memory accesses. Moreover, the normal world FWU code 110would need to be compromised in order to send a malformed FWU SMC that triggers 111an integer overflow. 112 113The vulnerability is known to affect all ARM standard platforms when enabling 114the ``TRUSTED_BOARD_BOOT`` and ``ARCH=aarch32`` build options. Other platforms 115may also be affected if they fulfil the above conditions. 116 117.. _CVE-2017-9607: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9607 118.. _commit c396b73: https://github.com/ARM-software/arm-trusted-firmware/commit/c396b73 119.. _Pull Request #678: https://github.com/ARM-software/arm-trusted-firmware/pull/678 120.. _Pull Request #939: https://github.com/ARM-software/arm-trusted-firmware/pull/939 121.. _Pull Request #979: https://github.com/ARM-software/arm-trusted-firmware/pull/979 122