VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Multiple vulnerabilities discovered in Tianocore EDKII's TCP/IP stack (NetworkPkg) can lead to remote code execution, denial of service (DoS), DNS cache poisoning, or sensitive information leakage. These vulnerabilities, collectively known as PixieFail, stem from issues like buffer overflow, predictable randomization, and improper parsing. The affected code is used in firmware implementations by various vendors. Successful exploitation requires the PXE boot option to be enabled, and the impact depends on the firmware build and PXE boot configuration. Local and, in some cases, remote attackers can exploit these vulnerabilities. Disabling PXE boot, enforcing network isolation, and deploying secure OS deployments are recommended mitigations. Users should consult vendor-specific advisories and apply updates to the latest stable firmware version. Downstream users of Tianocore EDKII should update to the latest version with fixes. Employing secure OS deployment practices and migrating to modern network boot environments like UEFI HTTPS Boot can enhance security. Quarkslab is acknowledged for researching and reporting these vulnerabilities.