Azure Sphere Elevation of Privilege Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the uid_map functionality of Microsoft Azure Sphere 20.06. The uid_map file, which maps Linux user IDs to application component IDs, lacks proper input validation. A specially crafted uid_map file can cause multiple applications to be assigned the same UID, bypassing the intended isolation [1].

Exploitation

An attacker who can modify the contents of /mnt/config/uid_map (a capability demonstrated in previous advisories) can craft a malicious uid_map file that assigns duplicate UIDs to different applications. No authentication is needed beyond the ability to write to that file, which may be achieved through other vulnerabilities [1].

Impact

Successful exploitation broadens the attack surface by breaking UID-based isolation between applications. This can lead to elevation of privilege, as shared UIDs may allow one application to interfere with or access resources of another, potentially resulting in information disclosure, data tampering, or arbitrary code execution at a higher privilege level [1].

Mitigation

Microsoft has not publicly disclosed a fix for this vulnerability as of the advisory date. Affected users should consider applying any security updates released by Microsoft for Azure Sphere. No workarounds are provided in the available reference [1].