CVE-2023-39950 : efibootguard is a simple UEFI boot loader with support for safely switching betw

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.

Published 2023-08-14 21:15:13

Updated 2023-08-22 14:40:10

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2023-39950

Siemens » Efibootguard
Versions before (<) 0.15
cpe:2.3:a:siemens:efibootguard:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-39950

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-39950

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.2	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L	0.9	4.2	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: Low
6.1	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L	0.9	4.7	GitHub, Inc.
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: Low

CWE ids for CVE-2023-39950

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-39950

https://github.com/siemens/efibootguard/blob/master/docs/API.md

efibootguard/docs/API.md at master · siemens/efibootguard · GitHub
Third Party Advisory
https://github.com/siemens/efibootguard/tags

Tags · siemens/efibootguard · GitHub
Third Party Advisory
https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md

efibootguard/docs/TOOLS.md at master · siemens/efibootguard · GitHub
Third Party Advisory
https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables

efibootguard/docs/TOOLS.md at master · siemens/efibootguard · GitHub
Third Party Advisory
https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7

Insufficient input validation may allow code injection into privileged user space libraries and tools · Advisory · siemens/efibootguard · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-39950

Products affected by CVE-2023-39950

Exploit prediction scoring system (EPSS) score for CVE-2023-39950

CVSS scores for CVE-2023-39950

CWE ids for CVE-2023-39950

References for CVE-2023-39950