1*91f16700SchasingluluAdvisory TFV-10 (CVE-2022-47630) 2*91f16700Schasinglulu================================ 3*91f16700Schasinglulu 4*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 5*91f16700Schasinglulu| Title | Incorrect validation of X.509 certificate extensions can | 6*91f16700Schasinglulu| | result in an out-of-bounds read. | 7*91f16700Schasinglulu+================+=============================================================+ 8*91f16700Schasinglulu| CVE ID | `CVE-2022-47630`_ | 9*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 10*91f16700Schasinglulu| Date | Reported on 12 Dec 2022 | 11*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 12*91f16700Schasinglulu| Versions | v1.2 to v2.8 | 13*91f16700Schasinglulu| Affected | | 14*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 15*91f16700Schasinglulu| Configurations | BL1 and BL2 with Trusted Boot enabled with custom, | 16*91f16700Schasinglulu| Affected | downstream usages of ``get_ext()`` and/or ``auth_nvctr()`` | 17*91f16700Schasinglulu| | interfaces. Not exploitable in upstream TF-A code. | 18*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 19*91f16700Schasinglulu| Impact | Out-of-bounds read. | 20*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 21*91f16700Schasinglulu| Fix Version | - `fd37982a19a4a291`_ "fix(auth): forbid junk after | 22*91f16700Schasinglulu| | extensions" | 23*91f16700Schasinglulu| | | 24*91f16700Schasinglulu| | - `72460f50e2437a85`_ "fix(auth): require at least one | 25*91f16700Schasinglulu| | extension to be present" | 26*91f16700Schasinglulu| | | 27*91f16700Schasinglulu| | - `f5c51855d36e399e`_ "fix(auth): properly validate X.509 | 28*91f16700Schasinglulu| | extensions" | 29*91f16700Schasinglulu| | | 30*91f16700Schasinglulu| | - `abb8f936fd0ad085`_ "fix(auth): avoid out-of-bounds read | 31*91f16700Schasinglulu| | in auth_nvctr()" | 32*91f16700Schasinglulu| | | 33*91f16700Schasinglulu| | Note that `72460f50e2437a85`_ is not fixing any | 34*91f16700Schasinglulu| | vulnerability per se but it is required for | 35*91f16700Schasinglulu| | `f5c51855d36e399e`_ to apply cleanly. | 36*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 37*91f16700Schasinglulu| Credit | Demi Marie Obenour, Invisible Things Lab | 38*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 39*91f16700Schasinglulu 40*91f16700SchasingluluThis security advisory describes a vulnerability in the X.509 parser used to 41*91f16700Schasingluluparse boot certificates in TF-A trusted boot: it is possible for a crafted 42*91f16700Schasinglulucertificate to cause an out-of-bounds memory read. 43*91f16700Schasinglulu 44*91f16700SchasingluluNote that upstream platforms are **not** affected by this. Only downstream 45*91f16700Schasingluluplatforms may be, if (and only if) the interfaces described below are used in a 46*91f16700Schasingluludifferent context than seen in upstream code. Details of such context is 47*91f16700Schasingluludescribed in the rest of this document. 48*91f16700Schasinglulu 49*91f16700SchasingluluTo fully understand this security advisory, it is recommended to refer to the 50*91f16700Schasinglulufollowing standards documents: 51*91f16700Schasinglulu 52*91f16700Schasinglulu - `RFC 5280`_, *Internet X.509 Public Key Infrastructure Certificate and 53*91f16700Schasinglulu Certificate Revocation List (CRL) Profile*. 54*91f16700Schasinglulu 55*91f16700Schasinglulu - `ITU-T X.690`_, *ASN.1 encoding rules: Specification of Basic Encoding Rules 56*91f16700Schasinglulu (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules 57*91f16700Schasinglulu (DER).* 58*91f16700Schasinglulu 59*91f16700SchasingluluBug 1: Insufficient certificate validation 60*91f16700Schasinglulu------------------------------------------ 61*91f16700Schasinglulu 62*91f16700SchasingluluThe vulnerability lies in the following source file: 63*91f16700Schasinglulu``drivers/auth/mbedtls/mbedtls_x509_parser.c``. By design, ``get_ext()`` does 64*91f16700Schasinglulunot check the return value of the various ``mbedtls_*()`` functions, as 65*91f16700Schasinglulu``cert_parse()`` is assumed to have guaranteed that they will always succeed. 66*91f16700SchasingluluHowever, it passes the end of an extension as the end pointer to these 67*91f16700Schasinglulufunctions, whereas ``cert_parse()`` passes the end of the ``TBSCertificate``. 68*91f16700SchasingluluFurthermore, ``cert_parse()`` does not check that the contents of the extension 69*91f16700Schasingluluhave the same length as the extension itself. It also does not check that the 70*91f16700Schasingluluextension block extends to the end of the ``TBSCertificate``. 71*91f16700Schasinglulu 72*91f16700SchasingluluThis is a problem, as ``mbedtls_asn1_get_tag()`` leaves ``*p`` and ``*len`` 73*91f16700Schasingluluundefined on failure. In practice, this results in ``get_ext()`` continuing to 74*91f16700Schasingluluparse at different offsets than were used (and validated) by ``cert_parse()``, 75*91f16700Schasingluluwhich means that the in-bounds guarantee provided by ``cert_parse()`` no longer 76*91f16700Schasingluluholds. The result is that it is possible for ``get_ext()`` to read memory past 77*91f16700Schasingluluthe end of the certificate. This could potentially access memory with dangerous 78*91f16700Schasingluluread side effects, or leak microarchitectural state that could theoretically be 79*91f16700Schasingluluretrieved through some side-channel attacks as part of a more complex attack. 80*91f16700Schasinglulu 81*91f16700SchasingluluBug 2: Missing bounds check in ``auth_nvctr()`` 82*91f16700Schasinglulu----------------------------------------------- 83*91f16700Schasinglulu``auth_nvctr()`` does not check that the buffer provided is 84*91f16700Schasinglululong enough to hold an ``ASN.1 INTEGER``. Since ``auth_nvctr()`` will only ever 85*91f16700Schasingluluread 6 bytes, it is possible to read up to 6 bytes past the end of the buffer. 86*91f16700Schasinglulu 87*91f16700SchasingluluExploitability Analysis 88*91f16700Schasinglulu----------------------- 89*91f16700Schasinglulu 90*91f16700SchasingluluUpstream TF-A Code 91*91f16700Schasinglulu~~~~~~~~~~~~~~~~~~ 92*91f16700Schasinglulu 93*91f16700SchasingluluIn upstream TF-A code, the only caller of ``auth_nvctr()`` takes its input from 94*91f16700Schasinglulu``get_ext()``, which means that the second bug is exploitable, so is the first. 95*91f16700SchasingluluTherefore, only the first bug need be considered. 96*91f16700Schasinglulu 97*91f16700SchasingluluAll standard chains of trust provided in TF-A source tree (that is, under 98*91f16700Schasinglulu``drivers/auth/``) require that the certificate's signature has already been 99*91f16700Schasingluluvalidated prior to calling ``get_ext()``, or any function that calls ``get_ext()``. 100*91f16700SchasingluluPlatforms taking their chain of trust from a dynamic configuration file (such as 101*91f16700Schasinglulu``fdts/cot_descriptors.dtsi``) are also safe, as signature verification will 102*91f16700Schasinglulualways be done prior to any calls to ``get_ext()`` or ``auth_nvctr()`` in this 103*91f16700Schasinglulucase, no matter the order of the properties in the file. Therefore, it is not 104*91f16700Schasinglulupossible to exploit this vulnerability pre-authentication in upstream TF-A. 105*91f16700Schasinglulu 106*91f16700SchasingluluFurthermore, the data read through ``get_ext()`` only 107*91f16700Schasingluluever gets used by the authentication framework (``drivers/auth/auth_mod.c``), 108*91f16700Schasingluluwhich greatly reduces the range of inputs it will ever receive and thus the 109*91f16700Schasingluluimpact this has. Specifically, the authentication framework uses ``get_ext()`` 110*91f16700Schasingluluin three cases: 111*91f16700Schasinglulu 112*91f16700Schasinglulu 1. Retrieving a hash from an X.509 certificate to check the integrity of a 113*91f16700Schasinglulu child certificate (see ``auth_hash()``). 114*91f16700Schasinglulu 115*91f16700Schasinglulu 2. Retrieving the signature details from an X.509 certificate to check its 116*91f16700Schasinglulu authenticity and integrity (see ``auth_signature()``). 117*91f16700Schasinglulu 118*91f16700Schasinglulu 3. Retrieving the security counter value from an X.509 certificate to protect 119*91f16700Schasinglulu it from unauthorized rollback to a previous version (see ``auth_nvctr()``). 120*91f16700Schasinglulu 121*91f16700SchasingluluNone of these uses authentication framework write to the out-of-bounds memory, 122*91f16700Schasingluluso no memory corruption is possible. 123*91f16700Schasinglulu 124*91f16700SchasingluluIn summary, there are 2 separate issues - one in ``get_ext()`` and another one 125*91f16700Schasingluluin ``auth_nvctr()`` - but neither of these can be exploited in the context of 126*91f16700SchasingluluTF-A upstream code. 127*91f16700Schasinglulu 128*91f16700SchasingluluOnly in the following 2 cases do we expect this vulnerability to be triggerable 129*91f16700Schasingluluprior to authentication: 130*91f16700Schasinglulu 131*91f16700Schasinglulu - The platform uses a custom chain of trust which uses the non-volatile counter 132*91f16700Schasinglulu authentication method (``AUTH_METHOD_NV_CTR``) before the cryptographic 133*91f16700Schasinglulu authentication method (``AUTH_METHOD_SIG``). 134*91f16700Schasinglulu 135*91f16700Schasinglulu - The chain of trust uses a custom authentication method that calls 136*91f16700Schasinglulu ``get_ext()`` before cryptographic authentication. 137*91f16700Schasinglulu 138*91f16700SchasingluluCustom Image Parsers 139*91f16700Schasinglulu~~~~~~~~~~~~~~~~~~~~ 140*91f16700Schasinglulu 141*91f16700SchasingluluIf the platform uses a custom image parser instead of the certificate parser, 142*91f16700Schasingluluthe bug in the certificate parser is obviously not relevant. The bug in 143*91f16700Schasinglulu``auth_nvctr()`` *may* be relevant, but only if the returned data is: 144*91f16700Schasinglulu 145*91f16700Schasinglulu- Taken from an untrusted source (meaning that it is read prior to 146*91f16700Schasinglulu authentication). 147*91f16700Schasinglulu 148*91f16700Schasinglulu- Not already checked to be a primitively-encoded ASN.1 tag. 149*91f16700Schasinglulu 150*91f16700SchasingluluIn particular, if the custom image parser implementation wraps a 32-bit integer 151*91f16700Schasingluluin an ASN.1 ``INTEGER``, it is not affected. 152*91f16700Schasinglulu 153*91f16700Schasinglulu.. _CVE-2022-47630: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630 154*91f16700Schasinglulu.. _fd37982a19a4a291: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=fd37982a19a4a291 155*91f16700Schasinglulu.. _72460f50e2437a85: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=72460f50e2437a85 156*91f16700Schasinglulu.. _f5c51855d36e399e: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f5c51855d36e399e 157*91f16700Schasinglulu.. _abb8f936fd0ad085: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085 158*91f16700Schasinglulu.. _RFC 5280: https://www.ietf.org/rfc/rfc5280.txt 159*91f16700Schasinglulu.. _ITU-T X.690: https://www.itu.int/ITU-T/studygroups/com10/languages/X.690_1297.pdf 160