PixieFail UEFI remote code execution vulnerability millions at risk
Several security issues have been identified in the TCP/IP network protocol stack used in an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI), a standard widely adopted in contemporary computers.
Termed 'PixieFail' by Quarkslab, these nine vulnerabilities are found in the TianoCore EFI Development Kit II (EDK II). They pose risks including remote code execution, denial-of-service (DoS) attacks, DNS cache poisoning, and exposure of confidential data.
UEFI firmware, crucial for initiating the operating system boot process, from manufacturers like AMI, Intel, Insyde, and Phoenix Technologies, is affected by these flaws.
The EDK II contains a specific TCP/IP stack known as NetworkPkg. This stack facilitates network functions during the Preboot eXecution Environment (PXE, pronounced "pixie") phase. PXE is used for carrying out management tasks before an operating system is running.
From a cybersecurity perspective, PXE acts as a client-server interface that enables devices to boot from their network interface card (NIC) and permits remote configuration and booting of computers without an operating system by an administrator.
This PXE code is typically embedded in the UEFI firmware on the motherboard or within the NIC firmware's read-only memory (ROM).