IGEL OS, Secure Boot Bypass, CVE-2021-41800 (Critical)

By /

Listen to this Post

How the mentioned CVE works:

The vulnerability, CVE-2021-41800, resides in the `igel-flash-driver` kernel module of IGEL OS. This module is responsible for handling the boot process, including the verification of the root filesystem’s cryptographic signature before it is mounted. The flaw is an improper signature verification routine. An attacker can create a malicious, crafted SquashFS image designed to be the root filesystem. Because the `igel-flash-driver` does not correctly validate the digital signature of this image, the system’s Secure Boot mechanism is bypassed. Consequently, the OS will mount the unverified, attacker-controlled SquashFS image during boot. This grants the attacker complete control over the boot process and the operating system environment from the earliest stages, effectively subverting the security guarantees of Secure Boot and allowing for the execution of arbitrary kernel-level code.
Platform: IGEL OS
Version: < 11.08.100
Vulnerability: Secure Boot Bypass
Severity: Critical

date: 2021-09-29

Prediction: 2021-10-20

What Undercode Say:

`unsquashfs crafted_rootfs.squashfs`

` Modify files for root access`

`mksquashfs ./squashfs-root/ new_rootfs.squashfs -comp xz`

` Replace original rootfs on boot device`

How Exploit:

Attacker crafts a malicious SquashFS root filesystem image and places it on a bootable device, such as a USB drive. Upon booting from this device, the flawed `igel-flash-driver` module fails to properly check the image’s cryptographic signature. The system then mounts the malicious root filesystem, bypassing Secure Boot and giving the attacker full control of the OS kernel and initial RAM disk (initrd).

Protection from this CVE:

Upgrade to IGEL OS version 11.08.100 or later. This update contains a patched `igel-flash-driver` module that performs proper cryptographic signature validation, enforcing Secure Boot policy and preventing the mounting of unauthorized root filesystems.

Impact:

Complete system compromise. Bypasses Secure Boot, enabling persistent rootkit installation, data theft, and unauthorized access to the thin client device and potentially the connected network.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top