Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges


Level 9
Thread author
Nov 3, 2019
The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.
Vulnerabilities in the Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access (DMA) capability.
DMA is a processing-efficiency approach for peripherals (such as PCI cards or network interface cards) that, as the name suggests, offers direct high-speed access to a system’s memory.
“For example, a network adapter or Firewire device may need to read and write information quickly,” according to an Eclypsium report, issued Thursday. “Passing this traffic up to the OS and back down again is slow and inefficient. Instead, DMA allows devices to directly communicate with the system’s memory without passing through the operating system [or main CPU].”

While useful for conserving processing power, DMA can offer cyberattackers a high-speed ticket to reading and writing memory off a victim system directly. It can also allow attackers to bypass hardware-based root-of-trust and chain-of-trust protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start and Microsoft Virtualization-Based Security, Eclypsium found in its research.