%3CLINGO-SUB%20id%3D%22lingo-sub-1725628%22%20slang%3D%22en-US%22%3EAzure%20Sphere%2020.09%20security%20updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1725628%22%20slang%3D%22en-US%22%3E%3CP%3EAnother%20Azure%20Sphere%20release%20has%20occurred%20and%20to%20accommodate%20the%20release%20I%20am%20presenting%20another%20security%20blog%20post.%20We%20are%20committed%20to%20keep%20our%20system%20secure%20against%20evolving%20security%20threats%20which%20takes%20both%20internal%20and%20external%20effort%2C%20the%20most%20recent%20external%20effort%20being%20the%20Azure%20Sphere%20Security%20Research%20Challenge%20that%20has%20wrapped%20up.%20Let's%20get%20to%20the%20list%20of%20changes%20and%20fixes%20done%20on%20the%20system%20without%20wasting%20any%20further%20time.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20list%20of%20security%20enhancements%20and%20fixes%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUpgrade%20to%20Linux%20Kernel%205.4.59%3C%2FLI%3E%0A%3CLI%3EFix%20littlefs%20pagecache%20memory%20information%20leak%3C%2FLI%3E%0A%3CLI%3EModify%20littlefs%20to%20zero%20memory%20on%20truncate%3C%2FLI%3E%0A%3CLI%3EValidate%20file%20sizes%20during%20truncation%20in%20littlefs%3C%2FLI%3E%0A%3CLI%3EIdentified%20and%20added%20more%20input%20validations%20in%20Pluton%20Runtime%3C%2FLI%3E%0A%3CLI%3EAdd%20missing%20mprotect%20check%20from%20previously%20reported%20unsigned%20code%20execution%20bug%20by%20Cisco%20Talos%3C%2FLI%3E%0A%3CLI%3EMore%20memory%20pointer%20validations%20in%20SW%20to%20avoid%20using%20pointers%20pointing%20to%20improper%20areas%20between%20NW%20and%20SW%3C%2FLI%3E%0A%3CLI%3ESet%20proper%20Azure%20Sphere%20capabilities%20on%20azcore%20when%20executed%20by%20the%20kernel%20per%20report%20from%20McAfee%20ATR%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EWe%20are%20always%20striving%20in%20our%20work%20to%20improve%20our%20security%20promises%20and%20to%20enhance%20the%20platform.%20It%20is%20known%20that%20we%20have%20been%20doing%20fuzzing%20for%20awhile%2C%20however%20all%20of%20our%20fuzzing%20has%20been%20pieces%20of%20the%20system.%20We%20have%20been%20working%20hard%20and%20have%20now%20advanced%20our%20ability%20to%20allow%20full%20end%20to%20end%20fuzzing%20of%20the%20system%2C%20expanding%20our%20testing%20abilities%20and%20giving%20us%20one%20more%20tool%20to%20use%20to%20help%20identify%20coding%20flaws.%20Coding%20flaws%20are%20only%20part%20of%20the%20issue%20though%2C%20tools%20looking%20for%20a%20crash%20will%20never%20catch%20information%20leakage%20nor%20catch%20bugs%20that%20allow%20for%20privilege%20escalation%20due%20to%20improper%20validations%20which%20opens%20up%20whole%20new%20arenas%20of%20validations%20that%20need%20to%20be%20reviewed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20I've%20heard%20a%20lot%20recently%20%22onwards%20and%20upwards%22.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EJewell%20Seay%3CBR%20%2F%3EAzure%20Sphere%20OSP%20Security%20Lead%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1725628%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Annotation%202019-10-22%20123923.png%22%20style%3D%22width%3A%20958px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F223120i1FCD3974DE7E727A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Annotation%202019-10-22%20123923.png%22%20alt%3D%22Annotation%202019-10-22%20123923.png%22%20%2F%3E%3C%2FSPAN%3EAnother%20Azure%20Sphere%20release%20has%20occurred%20and%20to%20accommodate%20the%20release%20I%20am%20presenting%20another%20security%20blog%20post.%20We%20are%20committed%20to%20keep%20our%20system%20secure%20against%20evolving%20security%20threats%20which%20takes%20both%20internal%20and%20external%20effort%2C%20the%20most%20recent%20external%20effort%20being%20the%20Azure%20Sphere%20Security%20Research%20Challenge%20that%20has%20wrapped%20up.%20Let's%20get%20to%20the%20list%20of%20changes%20and%20fixes%20done%20on%20the%20system%20without%20wasting%20any%20further%20time.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1725628%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sphere%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sphere%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIoT%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIoT%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Another Azure Sphere release has occurred and to accommodate the release I am presenting another security blog post. We are committed to keep our system secure against evolving security threats which takes both internal and external effort, the most recent external effort being the Azure Sphere Security Research Challenge that has wrapped up. Let's get to the list of changes and fixes done on the system without wasting any further time.

 

Our list of security enhancements and fixes:

  • Upgrade to Linux Kernel 5.4.59
  • Fix littlefs pagecache memory information leak
  • Modify littlefs to zero memory on truncate
  • Validate file sizes during truncation in littlefs
  • Identified and added more input validations in Pluton Runtime
  • Add missing mprotect check from previously reported unsigned code execution bug by Cisco Talos
  • More memory pointer validations in SW to avoid using pointers pointing to improper areas between NW and SW
  • Set proper Azure Sphere capabilities on azcore when executed by the kernel per report from McAfee ATR

We are always striving in our work to improve our security promises and to enhance the platform. It is known that we have been doing fuzzing for awhile, however all of our fuzzing has been pieces of the system. We have been working hard and have now advanced our ability to allow full end to end fuzzing of the system, expanding our testing abilities and giving us one more tool to use to help identify coding flaws. Coding flaws are only part of the issue though, tools looking for a crash will never catch information leakage nor catch bugs that allow for privilege escalation due to improper validations which opens up whole new arenas of validations that need to be reviewed.

 

As I've heard a lot recently "onwards and upwards".

 

Jewell Seay
Azure Sphere OSP Security Lead