"PixieFail Flaws Impact PXE Network Boot in Enterprise Systems"

Quarkslab researchers discovered a set of vulnerabilities called PixieFail affecting the IPv6 network protocol stack of TianoCore's EDK II, an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification that is widely used in enterprise computers and servers. The flaws are in the PXE network boot process, which is critical for provisioning operating systems in data centers and high-performance computing environments. It is a standard procedure for loading operating system images from the network during boot. PixieFail attacks involve nine flaws that can be exploited locally on a network to cause Denial-of-Service (DoS), information disclosure, Remote Code Execution (RCE), Domain Name Server (DNS) cache poisoning, or network session hijacking. This article continues to discuss findings regarding the PixieFail vulnerabilities.

Bleeping Computer reports "PixieFail Flaws Impact PXE Network Boot in Enterprise Systems"

Submitted by grigby1

Submitted by Gregory Rigby on