search

StarLabsLtd / firmware

71 stars 5 forks source link

[StarBook Mk VI - Intel - AMI] Possible firmware security issue #79

Closed winterknife closed 1 year ago

winterknife commented 1 year ago

After scanning the firmware image with fwhunt-scan, it appears to be vulnerable to BRLY-2022-001/CVE-2022-32569. Now, this rule might have very well been triggered by a false positive and I haven't done any analysis on the image. On a related note, LVFS page also shows that some FwHunt rule(s) have been triggered(not sure if it is the same one): https://fwupd.org/lvfs/devices/com.starlabs.B6-I.ami

[cci-dev06@starbook fwhunt-scan]$ python fwhunt_scan_analyzer.py scan-firmware --rules_dir rules/ test/bios_image_chipsec.bin
[I] Specify volume_guids in IntelAlderLakeLeak or use scan command
[I] Specify volume_guids in ESPecter or use scan command
Scanner result BRLY-2022-001 (variant: default) FwHunt rule has been triggered and threat detected! (Setup)
Scanner result BRLY-2021-043 (variant: default) No threat detected (UsbRtSmm)
Scanner result BRLY-2021-045 (variant: default) No threat detected (UsbRtSmm)
Scanner result BRLY-2022-004 (variant: default) No threat detected (UsbRtSmm)
Scanner result UsbRt-CVE-2017-5721 (variant: default) No threat detected (UsbRtSmm)
Scanner result UsbRt-INTEL-SA-00057 (variant: default) No threat detected (UsbRtSmm)
Scanner result UsbRt-SwSmi-CVE-2020-12301 (variant: default) No threat detected (UsbRtSmm)
Scanner result UsbRt-UsbSmi-CVE-2020-12301 (variant: default) No threat detected (UsbRtSmm)
Scanner result BRLY-2022-028 (RsbStuffingCheck) (variant: informational (the patch from EDK2 is missing)) No threat detected (PiSmmCpuDxeSmm)
Scanner result BRLY-2022-028 (RsbStuffingCheck) (variant: vulnerability (RSB Stuffing before RSM skipped in SMI Entry code)) No threat detected (PiSmmCpuDxeSmm)
Scanner result BRLY-2021-001 (variant: default) No threat detected (TrustedDeviceSetupApp)
Scanner result BRLY-2022-015 (variant: default) No threat detected (AMITSE)
Scanner result BRLY-2022-009 (variant: default) No threat detected (S3Resume2Pei)
Scanner result BRLY-2022-027 (variant: default) No threat detected (PlatformInitAdvancedPreMem)
Scanner result BRLY-2022-014 (variant: default) No threat detected (SbPei)
Sean-StarLabs commented 1 year ago

It's on the list; assuming it's a false positive as it doesn't flag with the whole binary or the raw capsule