Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature


WDC Tracking Number: WDC-23001
Published: January 12, 2023

Last Updated:  January 12, 2023

Description

Western Digital has identified a weakness in systems using the UFS standard that could result in a security vulnerability. This vulnerability may exist in systems where the host boot ROM code implements the UFS Boot feature to boot from UFS-compliant storage devices. UFS devices are only affected when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices.

The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations.

Several scenarios have been identified in which adversaries may disable the boot capability or revert to an old boot loader code if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability.

Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple host processor vendors, and software solutions providers. Western Digital is publishing this bulletin as part of a multi-party coordinated vulnerability disclosure process to promote security in embedded storage applications.

Update Availability/Remediation

Updates should be provided by vendors of host systems which rely on the UFS boot feature as part of their architecture. Affected product vendors should reach out to the provider of their host processor or for details on remediation status.

Advisory Summary

This vulnerability may be present in any system using the UFS Boot feature, regardless of manufacturer. The UFS boot feature is provided by UFS devices to support platforms that need to download the system boot loader from an external non-volatile source. To accomplish this, the host reads the Boot Well Known Logical Unit (BOOT WKLU) data at system startup. This step is required for the platform to access the host SoC boot code.

The attack scenarios allow an attacker to completely disable the boot capability of the host platform, rendering the platform useless, or in some cases, it allows the attacker to revert to an old boot loader code. These scenarios may arise due to improper validation of UFS attributes in the host boot ROM code. The attack scenarios typically require elevated permissions on the UFS host, which may be obtained through a separate chain of vulnerabilities involving escalation of privileges. Physical access to the host platform or device is not required.

Disabling platform boot capability scenario:

An attacker which has the requisite permissions to access the bBootLunEn attribute may disable the UFS Boot feature by setting the bBootLunEn attribute to 0x0 in the UFS device. After platform power-up or reset, host Boot ROM code tries to read the Boot Well Known Logical Unit data from the UFS device, however, since the UFS Boot feature was disabled, the operation fails and the host is no longer able to boot.

Downgrade attack scenario:

In the downgrade attack scenario, the adversary sets bBootLunEn to the alternate Boot LU, causing the host platform to boot with a potentially old version of the boot code.

CVE Number: CVE-2022-23005
Reported by: Rotem Sela and Avri Altman of Western Digital
Link to White Paper: Host boot ROM code vulnerability