CVE-2021-37107: Huawei Peripheral DMA Memory Access Permission Bypass

Summary Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the Trusted Execution Environment from the Baseband. The vulnerability was fixed in February 2022. Vulnerability Details The peripheral DMA lives up to its name, as it is mainly used to interact between multiple communication peripherals (e.

CVE-2021-37109: Huawei Baseband MPU Security Protection Bypass via EDMA

Summary There is a vulnerability in the Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allows the baseband to bypass the Baseband’s MPU memory protections and circumvent RO and NX protections. The vulnerability was fixed in February 2022. Vulnerability Details CVE-2021-22430 is a vulnerability in the Huawei Kirin SoC’s basebands which allowed to circumvent MPU restrictions. The vulnerability in CVE-2021-22430 was that MPU configuration was restored from a writable table for sleep cycles and therefore overwriting the cached entries resulted in new settings taking effect. This worked because the implementation normally only wrote the table once (not every time the core went to sleep) but restored the MPU configuration from it every time it was woken up.

CVE-2021-37115: Huawei DMSS Memory Access Management Configuration Unathorized Rewrite Via ASP DMA

Summary Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the SoC platform runtime (including all cores running in Secure World) directly from the Baseband. The vulnerability was fixed in February 2022. Vulnerability Details This vulnerability is very similar to CVE-2021-39991 (“Huawei DMSS Memory Access Management Configuration Unathorized Rewrite Via Peripheral DMA”).

CVE-2021-39986: Huawei Baseband Memory Access Permission Bypass And DMSS Memory Access Management Configuration Unathorized Rewrite Via LPMCU

Summary Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the SoC platform runtime (including all cores running in Secure World) directly from the Baseband. The vulnerability was fixed in February 2022. Vulnerability Details We have identified two related vulnerabilities related to the LPMSS subsystem of Huawei Kirin SoCs.

CVE-2021-39991: Huawei DMSS Memory Access Management Configuration Unathorized Rewrite Via Peripheral DMA

Summary Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the SoC platform runtime (including all cores running in Secure World) directly from the Baseband. The vulnerability was fixed in February 2022. Vulnerability Details This vulnerability is very similar to CVE-2021-37107 (“Huawei Peripheral DMA Memory Access Permission Bypass”).

CVE-2021-39992: Huawei Kernel Memory Access Permission Bypass via EDMA

Summary There is a vulnerability in the Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allows the Linux kernel to bypass memory access restrictions and directly compromise multiple privileged subsystems of the SoC. As demonstrated by CVE-2021-3710, CVE-2021-39991, CVE-2021-37115, and CVE-2021-39986, read and write of critical system memory, including secure memory regions, is possible via those subsystems. Therefore, this vulnerability combined with one of CVE-2021-3710, CVE-2021-39991, CVE-2021-37115, or CVE-2021-39986 results in a fully realized chain of elevation of privileges from a kernel-level write primitive to total control of the secure world (TEE). The vulnerability was fixed in February 2022.

CVE-2021-40045: Huawei Recovery Update Zip Signature Verification Bypass

Summary In this advisory we are disclosing a signature verification bypass vulnerability in the Huawei recovery mode. The vulnerability can be used not only to apply unauthentic firmware updates but also to achieve arbitrary code execution in the recovery mode. Combining this advisory with the vulnerability detailed in CVE-2021-40055, an attacker can achieve remote code execution without user interraction from the position of a network MITM. The vulnerability was fixed in February 2022. Vulnerability Details Huawei devices - both those running Android and those running HarmonyOS - implement a proprietary update solution which can be applied in various ways. The methods are all public and differ in how the process is triggered (manually or automatically) and how the update media file to be applied is supplied (downloaded over Wi-Fi or supplied from a memory card).

CVE-2021-40055: Huawei OTA Insecure SSL Configuration Man-In-The-Middle Vulnerability

Summary In this advisory we are disclosing a vulnerability in the Huawei Over-The-Air (OTA) update implementation that allows bypassing SSL protections and execute a Man-In-The-Middle attack. The vulnerability was fixed in March 2022. Vulnerability Details Huawei devices - both those running Android and those running HarmonyOS - use Huawei’s custom implementation for applying OTA updates. OTA updates are packaged into a zip container. The update mechanism has several checks that are meant to ensure the authenticity of OTA images before they are applied: the over-the-air download is supposed to happen over a secure connection to prevent Man-In-The-Middle attacks, the zip file has a cryptographic signature that is verified by the update process, and finally the contents of the zip file include further authentications tags.

CVE-2021-22434: Huawei Arbitrary Write in BootROM USB Stack

Summary During the regular boot sequence, Huawei’s BootROM initializes the UFS hardware and the crypto engine in order to load and verify the next stage bootloader image from flash. However, when run in download mode, which maybe used for factory flashing and repair purposes, a connected host can communicate with the BootROM via USB over a serial communication channel. The basis of the communication is a slightly modified version of XMODEM protocol. The first frame to be sent must be the head chunk, which defines the destination address and the size of the file to be downloaded via the following data chunks.

CVE-2021-22388: Huawei NPU Kernel Driver Function Pointer Overwrite

Summary The NPU device’s kernel driver implements a set of ioctl handlers one of which uses unsanitized user data as an index into a function pointer array. The user provided values can exceed the boundaries of the legitimate array and might cause user controlled values to be called as function pointers. A malicious actor can use this vulnerability to hijack the control flow of the kernel and call arbitrary functions with controlled parameters. The function pointer callsite is protected by clang’s CFI, which reduces the number of function that can be called through this primitive. The mmap handler is exposed through the /dev/davinci0 character device.