Numerous System Management Mode (SMM) privilege escalation vulnerabilities in ASUS motherboards including Eee PC series Release Date: ~~~~~~~~~~~~~ 07.08.09 Timeline: ~~~~~~~~~ March 08, 2009: first attempt to contact vendor, no response March 16, 2009: second attempt to contact vendor, no response July 18, 2009: CERT contacted, full details of vulnerabilities disclosed to CERT and to the vendor July 21, 2009: CERT assigned VU#576329 August 07, 2009: public disclosure Severity: ~~~~~~~~~ Privilege Escalation and Code Execution in System Management Mode Vendor: ~~~~~~~ ASUS (www.asus.com) Systems Affected: ~~~~~~~~~~~~~~~~~ ASUS EeePC series ASUS P5* series ASUS B50A series ASUS P6T series other systems not tested Overview: ~~~~~~~~~ BIOS firmware on ASUS motherboards including on Eee PC series is affected by System Management Mode (SMM) privilege escalation vulnerabilities. Vulnerabilities allow an attacker with access to physical memory and port IO to run arbitrary code such as rootkit code in SMM memory with SMM privileges. Running arbitrary code with SMM privileges enables SMM Rootkits and circumvents operating systems and Virtual Machine Monitor (VMM) protections. Details: ~~~~~~~~ BIOS firmware on a motherboard contains special code with multiple SMI handlers that run in System Management Mode and are loaded at boot time into protected part of RAM (SMRAM). Disassembly of the code of $SMISS handler, one of SMI handlers in the BIOS firmware in ASUS Eee PC 1000HE system. 0003F073: 50 push ax 0003F074: B4A1 mov ah,0A1 ** 0003F076: 9A197D00F0 call 0F000:07D19 0003F07B: 2404 and al,004 0003F07D: 7414 je 00003F093 0003F07F: B434 mov ah,034 ** 0003F081: 9A708000F0 call 0F000:08070 0003F086: 2410 and al,010 0003F088: 7409 je 00003F093 0003F08A: B430 mov ah,030 ** 0003F08C: 9A708000F0 call 0F000:08070 0003F091: 2410 and al,010 0003F093: 3C01 cmp al,001 0003F095: 58 pop ax 0003F096: CB retf 0003F097: 0E push cs 0003F098: E8D8FF call 00003F073 0003F09B: B80100 mov ax,00001 0003F09E: 0F82C500 jb 00003F167 0003F0A2: B81034 mov ax,03410 ** 0003F0A5: 9A7B8000F0 call 0F000:0807B 0003F0AA: B81030 mov ax,03010 ** 0003F0AD: 9AAF8000F0 call 0F000:080AF 0003F0B2: 80265601FC and b,[0156],0FC 0003F0B7: 33DB xor bx,bx 0003F0B9: B88083 mov ax,08380 ** 0003F0BC: 9A89A100F0 call 0F000:0A189 ** 0003F0C1: 9AE0BD00F0 call 0F000:0BDE0 0003F0C6: 3C04 cmp al,004 0003F0C8: 750B jne 00003F0D5 0003F0CA: BB5400 mov bx,00054 0003F0CD: B88083 mov ax,08380 ** 0003F0D0: 9A89A100F0 call 0F000:0A189 ** 0003F0D5: 9AD0BD00F0 call 0F000:0BDD0 0003F0DA: 7505 jne 00003F0E1 0003F0DC: 800E560101 or b,[0156],001 0003F0E1: E8260E call 00003FF0A 0003F0E4: E82EFE call 00003EF15 0003F0E7: E8A200 call 00003F18C ** 0003F0EA: 9AE0BD00F0 call 0F000:0BDE0 0003F0EF: BEFFFF mov si,0FFFF 0003F0F2: 3C01 cmp al,001 0003F0F4: 740B je 00003F101 0003F0F6: B8B315 mov ax,015B3 ** 0003F0F9: 9A7DA100F0 call 0F000:0A17D 0003F0FE: 7501 jne 00003F101 0003F100: 46 inc si 0003F101: B9E800 mov cx,000E8 0003F104: BB0800 mov bx,00008 0003F107: E8ED00 call 00003F1F7 0003F10A: B9E900 mov cx,000E9 0003F10D: BB1000 mov bx,00010 0003F110: E8E400 call 00003F1F7 0003F113: B9EA00 mov cx,000EA 0003F116: BB0010 mov bx,01000 0003F119: E8DB00 call 00003F1F7 0003F11C: B9EB00 mov cx,000EB 0003F11F: BB0040 mov bx,04000 0003F122: E8D200 call 00003F1F7 0003F125: 9A1C0161AA call 0AA61:0011C ** 0003F12A: 9ACF0600F0 call 0F000:006CF ** 0003F12F: 9AE0BD00F0 call 0F000:0BDE0 0003F134: BBE282 mov bx,082E2 0003F137: 48 dec ax 0003F138: D0E0 shl al,1 0003F13A: 02D8 add bl,al 0003F13C: 80D700 adc bh,000 ** 0003F13F: 9AD0BD00F0 call 0F000:0BDD0 0003F144: 2EFF17 call w,cs:[bx] 0003F147: A05601 mov al,[0156] 0003F14A: 0C02 or al,002 0003F14C: E6B3 out 0B3,al 0003F14E: EB00 jmps 00003F150 0003F150: E8C100 call 00003F214 0003F150: E8C100 call 00003F214 0003F153: A1C600 mov ax,[00C6] 0003F156: 8B16CE00 mov dx,[00CE] 0003F15A: EF out dx,ax 0003F15B: B96400 mov cx,00064 0003F15E: E6ED out 0ED,al 0003F160: EB00 jmps 00003F162 0003F162: E2FA loop 00003F15E 0003F164: B80000 mov ax,00000 0003F167: CB retf The disassembly contains a bunch of calls to code segment 0F000 (instructions marked with **). Code segment 0F000 is translated to physical RAM addresses F0000h - 100000h. This region contains system BIOS code such as POST and BIOS interrupts. This segment is not protected by SMM memory protections like SMI code. Any process with sufficient privileges to access physical memory can replace contents of this region with own code. So, for instance, linear address 0F000:08070 in the above SMI handler is translated to physical address F8070h. During the boot this address gets loaded with BIOS code that reads registers in power management I/O space using ports 800h+offset: 00008387: BA0008 mov dx,00800 0000838A: 02D4 add dl,ah 0000838C: 80D600 adc dh,000 0000838F: C3 retn 00008390: 52 push dx 00008391: E8F3FF call 000008387 00008394: EC in al,dx 00008395: 5A pop dx 00008396: C3 retn ; These instructions are loaded to 0F000:08070 address ; (F8070h in physical memory) by the BIOS from ROM chip 00008397: E8F6FF call 000008390 0000839A: CB retf These BIOS instructions can be replaced with a jump to malicious code, so that this code will get executed by SMI handler with SMM privileges. Only one SMISS SMI handler has 14 SMM privilege escalation bugs! The very same bugs are present in other handlers, overall making the whole lot of 'em in ASUS BIOS. Vendor Status: ~~~~~~~~~~~~~~ No response from the vendor Credit: ~~~~~~~ core collapse ralf Links: ~~~~~~ A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers http://www.phrack.org/issues.html?issue=66&id=11#article [there's a bunch of other links in the article] Take care.