Security researchers Kate Temkin discovered a vulnerability in the NVIDIA Tegra chipsets that could be exploited for the execution of custom code on locked-down devices.
The expert devised an exploit, dubbed Fusée Gelée, that leverages a coldboot vulnerability to gain full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM).
The exploitation of the flaw could allow compromising of the entire root-of-trust for each processor that results in the exfiltration of sensitive data.
“As this vulnerability allows arbitrary code execution on the Boot and Power
Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor,and allows exfiltration of secrets e.g. burned into device fuses” reads a technical paper on the flaw.
The USB software stack implemented in the boot instruction rom (IROM/bootROM) contains a copy operation whose length can be controlled by the attacker.
An attacker can use a specially crafted USB control request that transfer the contents of a buffer controlled by the attacker to the active execution stack, gaining control of BPMP. The flaw requires physical access to the affected hardware, the expert highlighted that the flaw in the Tegra chipset is independent of the software stack.
“This execution can then be used to exfiltrate secrets and to load arbitrary code onto the main CPU Complex (CCPLEX) “application processors” at the highest possible level of privilege (typically as the TrustZone Secure Monitor at PL3/EL3). ” continues the paper.
According to the researcher, the affected component cannot be patched, the issue affects a large number of devices, including Nintendo Switch console.
“The relevant vulnerability is the result of a ‘coding mistake’ in the read-only bootromfound in most Tegra devices. This bootromcan have minor patches made to it in the factory (‘ipatches‘), but cannot be patched once a device has left the factory.” wrote Temkin.
Temkin ethically reported the issue to NVIDIA and Nintendo and did not accepted a reward for the discovery.
Temkin currently works at the hacking project ReSwitched, the team designing a customized Switch firmware called Atmosphère that leverages the Fusée Gelée exploit.
The flaw affects all NVIDIA Tegra SoCs released prior to the T186 / X2.
The expert plans to release technical details of the flaw on June 15, 2018, but it is likely that other actors are also in possession of the Fusée Gelée exploit.
Is it true there are disadvantages to Fusée Gelée?
“Fusée Gelée isn’t a perfect, ‘holy grail’ exploit– though in some cases it can be pretty damned close. The different variants of Fusée Gelée will each come with their own advantages and disadvantages. We’ll work to make sure you have enough information to decide which version is right for you around when we release Fusée Gelée to the public, so you can decide how to move forward,” concluded Temkin.
Let me suggest reading the FAQ published by the expert for further info on the vulnerability.