ASUS Eee PC and other series: BIOS SMM privilege escalation vulnerabilities

Numerous System Management Mode (SMM) privilege escalation
vulnerabilities in ASUS motherboards including Eee PC series

Release Date:

March 08, 2009: first attempt to contact vendor, no response
March 16, 2009: second attempt to contact vendor, no response
July 18, 2009: CERT contacted, full details of vulnerabilities 
disclosed to CERT and to the vendor
July 21, 2009: CERT assigned VU#576329
August 07, 2009: public disclosure

Privilege Escalation and Code Execution in System Management Mode


Systems Affected:
ASUS EeePC series
ASUS P5* series
ASUS B50A series
ASUS P6T series
other systems not tested

BIOS firmware on ASUS motherboards including on Eee PC series is
affected by System Management Mode (SMM) privilege escalation

Vulnerabilities allow an attacker with access to physical memory
and port IO to run arbitrary code such as rootkit code in SMM memory
with SMM privileges.

Running arbitrary code with SMM privileges enables SMM Rootkits and 
circumvents operating systems and Virtual Machine Monitor (VMM)


BIOS firmware on a motherboard contains special code with multiple
SMI handlers that run in System Management Mode and are loaded at
boot time into protected part of RAM (SMRAM).

Disassembly of the code of $SMISS handler, one of SMI handlers in
the BIOS firmware in ASUS Eee PC 1000HE system.

 0003F073: 50                           push        ax
 0003F074: B4A1                         mov         ah,0A1
** 0003F076: 9A197D00F0                   call        0F000:07D19
 0003F07B: 2404                         and         al,004
 0003F07D: 7414                         je          00003F093
 0003F07F: B434                         mov         ah,034
** 0003F081: 9A708000F0                   call        0F000:08070
 0003F086: 2410                         and         al,010
 0003F088: 7409                         je          00003F093
 0003F08A: B430                         mov         ah,030
** 0003F08C: 9A708000F0                   call        0F000:08070
 0003F091: 2410                         and         al,010
 0003F093: 3C01                         cmp         al,001
 0003F095: 58                           pop         ax
 0003F096: CB                           retf

 0003F097: 0E                           push        cs
 0003F098: E8D8FF                       call        00003F073
 0003F09B: B80100                       mov         ax,00001
 0003F09E: 0F82C500                     jb          00003F167
 0003F0A2: B81034                       mov         ax,03410
** 0003F0A5: 9A7B8000F0                   call        0F000:0807B
 0003F0AA: B81030                       mov         ax,03010
** 0003F0AD: 9AAF8000F0                   call        0F000:080AF
 0003F0B2: 80265601FC                   and         b,[0156],0FC
 0003F0B7: 33DB                         xor         bx,bx
 0003F0B9: B88083                       mov         ax,08380
** 0003F0BC: 9A89A100F0                   call        0F000:0A189
** 0003F0C1: 9AE0BD00F0                   call        0F000:0BDE0
 0003F0C6: 3C04                         cmp         al,004
 0003F0C8: 750B                         jne         00003F0D5
 0003F0CA: BB5400                       mov         bx,00054
 0003F0CD: B88083                       mov         ax,08380
** 0003F0D0: 9A89A100F0                   call        0F000:0A189
** 0003F0D5: 9AD0BD00F0                   call        0F000:0BDD0
 0003F0DA: 7505                         jne         00003F0E1
 0003F0DC: 800E560101                   or          b,[0156],001
 0003F0E1: E8260E                       call        00003FF0A
 0003F0E4: E82EFE                       call        00003EF15
 0003F0E7: E8A200                       call        00003F18C
** 0003F0EA: 9AE0BD00F0                   call        0F000:0BDE0
 0003F0EF: BEFFFF                       mov         si,0FFFF
 0003F0F2: 3C01                         cmp         al,001
 0003F0F4: 740B                         je          00003F101
 0003F0F6: B8B315                       mov         ax,015B3
** 0003F0F9: 9A7DA100F0                   call        0F000:0A17D
 0003F0FE: 7501                         jne         00003F101
 0003F100: 46                           inc         si
 0003F101: B9E800                       mov         cx,000E8
 0003F104: BB0800                       mov         bx,00008
 0003F107: E8ED00                       call        00003F1F7
 0003F10A: B9E900                       mov         cx,000E9
 0003F10D: BB1000                       mov         bx,00010
 0003F110: E8E400                       call        00003F1F7
 0003F113: B9EA00                       mov         cx,000EA
 0003F116: BB0010                       mov         bx,01000
 0003F119: E8DB00                       call        00003F1F7
 0003F11C: B9EB00                       mov         cx,000EB
 0003F11F: BB0040                       mov         bx,04000
 0003F122: E8D200                       call        00003F1F7
 0003F125: 9A1C0161AA                   call        0AA61:0011C
** 0003F12A: 9ACF0600F0                   call        0F000:006CF
** 0003F12F: 9AE0BD00F0                   call        0F000:0BDE0
 0003F134: BBE282                       mov         bx,082E2
 0003F137: 48                           dec         ax
 0003F138: D0E0                         shl         al,1
 0003F13A: 02D8                         add         bl,al
 0003F13C: 80D700                       adc         bh,000
** 0003F13F: 9AD0BD00F0                   call        0F000:0BDD0
 0003F144: 2EFF17                       call        w,cs:[bx]
 0003F147: A05601                       mov         al,[0156]
 0003F14A: 0C02                         or          al,002
 0003F14C: E6B3                         out         0B3,al
 0003F14E: EB00                         jmps        00003F150
 0003F150: E8C100                       call        00003F214
 0003F150: E8C100                       call        00003F214
 0003F153: A1C600                       mov         ax,[00C6]
 0003F156: 8B16CE00                     mov         dx,[00CE]
 0003F15A: EF                           out         dx,ax
 0003F15B: B96400                       mov         cx,00064
 0003F15E: E6ED                         out         0ED,al
 0003F160: EB00                         jmps        00003F162
 0003F162: E2FA                         loop        00003F15E
 0003F164: B80000                       mov         ax,00000
 0003F167: CB                           retf

The disassembly contains a bunch of calls to code segment 0F000
(instructions marked with **).

Code segment 0F000 is translated to physical RAM addresses F0000h -
100000h. This region contains system BIOS code such as POST and
BIOS interrupts. This segment is not protected by SMM memory
protections like SMI code. Any process with sufficient privileges
to access physical memory can replace contents of this region with
own code.

So, for instance, linear address 0F000:08070 in the above SMI
handler is translated to physical address F8070h. During the boot
this address gets loaded with BIOS code that reads registers in
power management I/O space using ports 800h+offset:

 00008387: BA0008                       mov         dx,00800
 0000838A: 02D4                         add         dl,ah
 0000838C: 80D600                       adc         dh,000
 0000838F: C3                           retn
 00008390: 52                           push        dx
 00008391: E8F3FF                       call        000008387
 00008394: EC                           in          al,dx
 00008395: 5A                           pop         dx
 00008396: C3                           retn

; These instructions are loaded to 0F000:08070 address
; (F8070h in physical memory) by the BIOS from ROM chip
 00008397: E8F6FF                       call        000008390
 0000839A: CB                           retf

These BIOS instructions can be replaced with a jump to malicious
code, so that this code will get executed by SMI handler with
SMM privileges.

Only one SMISS SMI handler has 14 SMM privilege escalation bugs!
The very same bugs are present in other handlers, overall making
the whole lot of em in ASUS BIOS.

Vendor Status:
No response from the vendor

core collapse

A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers 
[theres a bunch of other links in the article]

Take care.