CVE-2022-31243 - How DMA Attacks Can Corrupt SMRAM Via SMI Handler In FvbServicesRuntimeDxe

In May 2022, a critical firmware vulnerability (CVE-2022-31243) was disclosed, affecting systems using the FvbServicesRuntimeDxe UEFI driver. The flaw allows malicious actors to exploit Direct Memory Access (DMA) transactions to corrupt the critical System Management RAM (SMRAM), compromising firmware security at a fundamental level. Discovered by Insyde Engineering with input from Intel’s iSTARE group, this vulnerability highlights systemic risks in firmware handling of input buffers—especially when exposed to high-privilege SMI handlers.

This article breaks down the vulnerability, how the exploit works (including a code example), and how to protect your systems.

[What is CVE-2022-31243?](#what-is-cve-2022-31243)

2. [Understanding FvbServicesRuntimeDxe and SMI Handlers](#understanding-fvbservicesruntimedxe-and-smi-handlers)

What is CVE-2022-31243?

CVE-2022-31243 is a vulnerability present in certain firmware versions containing the FvbServicesRuntimeDxe driver. Specifically, the flaw relates to how DMA transactions can target *input buffers* for the software SMI (System Management Interrupt) handler, potentially corrupting SMRAM—the protected memory region used by the system firmware.

If an attacker is able to time DMA writes to these input buffers, a Time Of Check To Time Of Use (TOCTOU) attack can occur, allowing the modification of data after it is checked but before it is used. This can result in:

What is FvbServicesRuntimeDxe?

- FvbServicesRuntimeDxe is a DXE driver responsible for firmware volume block (FVB) services in UEFI firmware.
- FVB drivers allow firmware updates, NVRAM variable storage, and other block-level flash memory operations.

What is SMI and SMRAM?

- System Management Interrupt (SMI): A special CPU interrupt that switches the processor into SMM, a high-privilege and isolated execution mode.
- System Management RAM (SMRAM): A protected physical memory area where SMM code and data are stored.

Typically, only very privileged code in SMM can access SMRAM. Any corruption here can lead to major breaches in system security.

How DMA Transactions Are Abused

DMA, or Direct Memory Access, lets peripherals read or write memory without CPU involvement, often for performance reasons. However, DMA-capable devices (like PCIe network cards) can be subverted to write directly into sensitive memory regions.

Attack Steps

1. Locate Input Buffers: Identify system memory areas used by the SMI handler during firmware operations (like FVB operations).

Monitor for SMI Operation: Detect when a legitimate FVB operation is about to occur.

3. Issue Malicious DMA Transaction: Use a PCIe or Thunderbolt device to issue a DMA write, modifying the buffer between the time the SMI handler checks its contents and uses it.
4. Corrupt SMRAM or Trigger Malicious Action: The corrupted buffer is used by the SMI handler, leading to memory corruption within SMRAM.

Technical Details & Code Example

Here’s a simplified example to show how such an attack could work using a PCIe device with DMA capability.

Vulnerable SMI Handler Pseudocode

// Vulnerable SMI handler
EFI_STATUS HandleSmi(
    UINT8 *InputBuffer, 
    UINTN BufferSize
) {
    // Step 1: Check user-provided data
    if (!IsValid(InputBuffer, BufferSize)) {
        return EFI_INVALID_PARAMETER;
    }

    // ... time passes ...

    // Step 2: Use InputBuffer to perform an SMM operation
    CopyMem((VOID*)SMRAM_Address, InputBuffer, BufferSize);

    return EFI_SUCCESS;
}

Example: Using PCILeech for DMA (for research purposes only!)

# On a system with a DMA-capable PCIe device and PCILeech (https://github.com/ufrisk/pcileech)
pcileech.exe dma --vdev <your-device> --memwrite -a <InputBufferAddress> -f malicious_payload.bin

*This is a dangerous action; do not run in production or on unauthorized machines.*

Let’s walk through an end-to-end exploit scenario

1. Preparation: The attacker needs physical access or a compromised device with PCIe passthrough rights (e.g., via Thunderbolt or a plugged-in malicious PCIe expansion card).
2. SMI Handler Trigger: The attacker triggers a firmware function, such as NVRAM write via FVBServicesRuntimeDxe.
3. TOCTOU Window: The attacker monitors the buffer, waiting for the SMI handler to validate it (step 1 in pseudocode).
4. DMA Attack: In the brief window between validation and use, the attacker rushes in a DMA payload that rewrites the InputBuffer with malicious data.
5. SMRAM Corruption: The SMI handler unwittingly copies the attacker-controlled data into SMRAM, possibly overwriting SMM dispatch tables or injecting a persistent SMM backdoor.

| 5.5 | 05.52.21 |

See Insyde Security Advisory SA-2022044 for details.

Security Recommendations

- Update Firmware: Install the latest UEFI updates from your device vendor or motherboard manufacturer.
- Enable Hardware Protections: Use IOMMU or VT-d (Intel) / AMD-Vi for DMA remapping to prevent rogue DMA.
- Restrict Physical Access: Disallow untrusted PCIe/Thunderbolt devices, especially in high-security environments.
- Monitor Devices: Use audit and intrusion detection solutions for unusual PCIe/Thunderbolt activity.

References

- Insyde Security Advisory SA-2022044
- Intel Security Advisories
- PCILeech (DMA attack tool)
- UEFI Firmware Security
- Time-of-Check Time-of-Use (TOCTOU) Attacks Explained (OWASP)

Conclusion

CVE-2022-31243 is a stark reminder of the dangers posed by hardware-level attacks, especially those leveraging DMA. By exploiting timing gaps in SMI handler code, attackers can gain some of the highest privileges on a system. Always keep your firmware up to date, lock down DMA-capable interfaces, and never connect untrusted hardware to sensitive machines.

Stay safe and keep learning about securing your firmware!

Timeline

Published on: 11/15/2022 00:15:00 UTC
Last modified on: 02/14/2023 12:15:00 UTC