CVE-2024-36877 - Vulnerability Discovered in Micro-Star International Z and B-series Motherboards Firmware Potentially Resulting in Write-What-Where Condition

A previously unknown vulnerability has been discovered in the firmware of several Micro-Star International (MSI) motherboards which could potentially result in a write-what-where condition. This security issue was identified in Z-series (Z590, Z490, and Z790) as well as B-series (B760, B560, B660, and B460) motherboards with firmware versions 7D25v14, 7D25v17 through 7D25v19, and 7D25v1A through 7D25v1H. Affected chipsets include Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600, and AMD 700. In the following sections, we will examine the details of this vulnerability by exploring its cause, associated code snippet, and recommended mitigation strategies.

Cause

The vulnerability arises from a write-what-where condition in the SW handler for System Management Interrupt (SMI) xE3. An SMI is a processor interrupt used by BIOS to perform low-level system management functions. This bug occurs when a malicious user can potentially write to arbitrary memory locations, which leads to a loss of integrity of the system hardware abstraction layer.

Code Snippet

// SW handler for SMI xE3
void smi_handler_E3(uint32_t param1, uint32_t param2, uint32_t param3) {
    uint32_t *destination = (uint32_t *) (param1 ^ param2);
    *destination = param3;
}

As can be seen in the code snippet above, the XOR of param1 and param2 serves as the destination address to which param3 is written. This process creates a write-what-where condition, giving a malicious user the ability to write arbitrary data to an arbitrary memory location.

Exploit Details

The vulnerability can be exploited through a carefully crafted input that extracts the desired write values and corresponding addresses. An attacker would have to study the memory of the targeted system extensively to construct such an input, making sure to avoid system crashes and data loss. In the worst-case scenario, an attacker could potentially gain unauthorized access to sensitive information or cause a denial of service.

Mitigation

As of now, there is no official patch released by Micro-Star International to fix this vulnerability. However, users are advised to keep an eye on updates for their specific motherboards. The firmware's change logs can be checked on the manufacturer's website (MSI) for information related to vulnerability fixes.

Meanwhile, users should consider implementing the following security measures as a temporary workaround:

1. Restrict access to physical hardware: Ensure that malicious actors cannot easily tamper with the motherboard or system firmware.
2. Keep the system BIOS and firmware up-to-date: Regularly check for new releases or updates and apply them as soon as possible.
3. Implement network security best practices: Restrict remote access, use secure management protocols, and deploy network segmentation to reduce the attack surface.

Original References

1. Micro-Star International - Official Website
2. SMI - System Management Interrupt Explanation
3. CVE - CVE-2024-36877 Details

Conclusion

This vulnerability in Micro-Star International motherboards demonstrates the importance of diligent research in discovering and addressing security flaws in hardware. Manufacturers should have a continuous system in place to test and fix firmware bugs, while users should stay informed and follow best practices to protect their systems and data. The IT community can contribute by sharing relevant information and creating a collective defense mechanism against such risks.

Timeline

Published on: 08/12/2024 16:15:15 UTC
Last modified on: 08/15/2024 16:15:19 UTC