Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability

We discussed this vulnerability as part of our weekly podcast on 17 November 2021

Leaving out many of the specifics about how Azure Sphere devices work. Under normal circumstances it appears that you shoudl neither be able to downgrade a devices firmware, nor install any firmware without providing the Microsoft-signed manifest beforehand.

The issue Talos Found was that it was posisble to install the “Trusted Keystore” image wihtout any manifest or version restriction. So by installing a different version will result in the Pluton processor (root of trust on Azure Sphere) using a bad key when checking the firmware image, leading to a failed verification and rebooting the device (repeating the process).