Is remote code execution in UEFI firmware possible? Well, yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
Full details by @fdfalcon and @4Dgifts in our new blog post:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.
quarkslab
Gabriel Kerneis