Masu bincike a Jami'ar Birmingham, wanda aka sani a baya don haɓaka hare-haren Plundervolt da VoltPillager, sun gano wani rauni (CVE-2022-43309) a cikin wasu uwar garken uwar garken da za su iya kashe CPU ta jiki ba tare da yuwuwar murmurewa ba. Lalacewar, mai suna PMFault, ana iya amfani da ita don lalata sabar sabar waɗanda maharin baya samun dama ta zahiri, amma yana da gata ga tsarin aiki, wanda aka samu, alal misali, sakamakon cin gajiyar rashin lahani da ba a fayyace ba ko kuma saɓan bayanan mai gudanarwa.
Ma'anar hanyar da aka tsara ita ce amfani da ƙirar PMBus, wanda ke amfani da ka'idar I2C, don ƙara ƙarfin lantarki da ake bayarwa ga mai sarrafawa zuwa ƙimar da ke haifar da lalacewa ga guntu. Ana aiwatar da ƙirar PMBus yawanci a cikin VRM (Voltage Regulator Module), wanda za'a iya samun dama ta hanyar magudin mai sarrafa BMC. Don kai hari kan allunan da ke goyan bayan PMBus, ban da haƙƙin mai gudanarwa a cikin tsarin aiki, dole ne ku sami damar yin amfani da shirye-shirye zuwa BMC (Baseboard Management Controller), alal misali, ta hanyar sadarwa ta IPMI KCS (Styll Controller Keyboard), ta hanyar Ethernet, ko ta hanyar Intanet. walƙiya BMC daga tsarin na yanzu.
Batun da ke ba da damar kai hari ba tare da sanin sigogin tantancewar BMC ba an tabbatar da su a cikin Supermicro motherboards tare da tallafin IPMI (X11, X12, H11 da H12) da ASRock, amma sauran allunan uwar garken da za su iya samun damar PMBus su ma sun shafi. A yayin gwajin, lokacin da wutar lantarki ya karu zuwa 2.84 volts, na'urorin sarrafa Intel Xeon guda biyu sun lalace akan waɗannan allunan. Don samun damar BMC ba tare da sanin sigogin tantancewa ba, amma tare da tushen samun damar tsarin aiki, an yi amfani da rauni a cikin injin tabbatar da firmware, wanda ya ba da damar saukar da sabunta firmware da aka gyara zuwa mai sarrafa BMC, da kuma yuwuwar. shiga mara inganci ta hanyar IPMI KCS.
Hakanan ana iya amfani da hanyar canjin wutar lantarki ta PMBus don aiwatar da harin Plundervolt, wanda ke ba da izini, ta hanyar rage ƙarfin wutar lantarki zuwa mafi ƙarancin ƙima, don haifar da lalacewa ga abubuwan da ke cikin sel bayanan da ke cikin CPU da aka yi amfani da su a cikin ƙididdigewa a cikin keɓancewar Intel SGX enclaves da haifar da kurakurai. a farkon daidai algorithms. Misali, idan kun canza ƙimar da aka yi amfani da ita a cikin ninkawa yayin aiwatar da ɓoyayyen ɓoyayyen abu, fitarwar za ta zama rubutun mara inganci. Ta hanyar samun damar kiran mai kulawa a cikin SGX don ɓoye bayanan su, maharin na iya, ta haifar da gazawa, tara ƙididdiga game da canji a cikin rubutun fitarwa kuma ya dawo da ƙimar mabuɗin da aka adana a cikin SGX enclave.
Ana buga kayan aiki don kai hari kan allon Supermicro da ASRock, da kuma abin amfani don bincika samun damar zuwa PMBus, akan GitHub.
source: budenet.ru