Impact
Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bg_setenv or programs using libebgenv. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables.
A prominent user of libebgenv is SWUpdate. Although it does not make use of user variables itself, integrators may have chosen to leverage them via SWUpdate's bootloader environment modification mechanisms.
Furthermore, bg_printenv may crash over invalid read accesses or report invalid results.
Not affected by this issue is EFI Boot Guard's bootloader EFI binary.
Patches
EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required.
Workarounds
The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.
Credits
Many thanks to Code Intelligence for pointing out the issue while enabling a fuzz-testing case study with EFI Boot Guard.
onionpsy Finder
Impact
Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into
bg_setenvor programs usinglibebgenv. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables.A prominent user of
libebgenvis SWUpdate. Although it does not make use of user variables itself, integrators may have chosen to leverage them via SWUpdate's bootloader environment modification mechanisms.Furthermore,
bg_printenvmay crash over invalid read accesses or report invalid results.Not affected by this issue is EFI Boot Guard's bootloader EFI binary.
Patches
EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required.
Workarounds
The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.
Credits
Many thanks to Code Intelligence for pointing out the issue while enabling a fuzz-testing case study with EFI Boot Guard.