In case MCUBOOT_MEASURED_BOOT is defined the TLV structure is parsed in order to retrieve the information from the image in flash and use it for saving the status information.
Two TLV fields are retrieved by the mcuboot, namely IMAGE_TLV_BOOT_RECORD and IMAGE_TLV_SHA256. Since the length of the TLV field is defined by the TLV itself it is possible that length record_len in IMAGE_TLV_BOOT_RECORD is reasonably arbitrary.
The TLV data in the image stored in flash cannot be fully trusted since there is no authentication of the TLV data performed by the mcuboot bootloader. In case of an external SPI flash the tlv data can be easily modified by the attacker as well.
The value record_len is checked to be not larger than the receiving buffer buf, but not checked if it is smaller than the expected length.
Finally an offset is computed by the following code:
/* Update the measurement value (hash of the image) data item in the
* boot record. It is always the last item in the structure to make
* it easy to calculate its position.
* The image hash is computed over the image header, the image itself and
* the protected TLV area (which should already include the image hash as
* part of the boot record TLV). For this reason this field has been
* filled with zeros during the image signing process.
*/
offset = record_len - sizeof(image_hash);
/* The size of 'buf' has already been checked when
* the BOOT_RECORD TLV was read, it won't overflow.
*/
memcpy(buf + offset, image_hash, sizeof(image_hash));In case record_len is smaller than sizeof(image_hash) integer underflow will take place resulting in a negative value interpreted as an unsigned value. Once the offset is added to the pointer buff the destination pointer value will overflow and up to 31 bytes of attacker controlled data will be written on the stack out of bounds, resulting in the stack memory corruption and depending on the stack layout can lead to an arbitrary code execution.
Patches
Workarounds
References
For more information
If you have any questions or comments about this advisory:
embargo: 2022-01-15
volokitinss Analyst
In case
MCUBOOT_MEASURED_BOOTis defined the TLV structure is parsed in order to retrieve the information from the image in flash and use it for saving the status information.Two TLV fields are retrieved by the mcuboot, namely
IMAGE_TLV_BOOT_RECORDandIMAGE_TLV_SHA256. Since the length of the TLV field is defined by the TLV itself it is possible that length record_len inIMAGE_TLV_BOOT_RECORDis reasonably arbitrary.The TLV data in the image stored in flash cannot be fully trusted since there is no authentication of the TLV data performed by the mcuboot bootloader. In case of an external SPI flash the tlv data can be easily modified by the attacker as well.
The value
record_lenis checked to be not larger than the receiving buffer buf, but not checked if it is smaller than the expected length.Finally an offset is computed by the following code:
In case record_len is smaller than sizeof(image_hash) integer underflow will take place resulting in a negative value interpreted as an unsigned value. Once the offset is added to the pointer buff the destination pointer value will overflow and up to 31 bytes of attacker controlled data will be written on the stack out of bounds, resulting in the stack memory corruption and depending on the stack layout can lead to an arbitrary code execution.
Patches
Workarounds
References
For more information
If you have any questions or comments about this advisory:
embargo: 2022-01-15