An bayyana bayanai game da lahani guda biyu a cikin bootloader na GRUB2, wanda zai iya haifar da aiwatar da code lokacin amfani da ƙirar ƙira ta musamman da sarrafa wasu jerin Unicode. Ana iya amfani da rashin lahani don ketare ingantacciyar hanyar taya ta UEFI Secure Boot.
Gane rashin lahani:
- CVE-2022-2601 - A buffer ambaliya a cikin grub_font_construct_glyph () aiki a lokacin da sarrafa musamman tsara fonts a cikin pf2 format, wanda ya faru saboda kuskure lissafi na max_glyph_size siga da kuma kasafi na memory yanki wanda a fili karami fiye da zama dole. saukar da glyphs.
- CVE-2022-3775 Rubutun baya-baya yana faruwa lokacin yin wasu jerin Unicode a cikin salo na musamman. Matsalar tana cikin lambar sarrafa rubutu kuma tana faruwa ne sakamakon rashin ingantaccen bincike don tabbatar da cewa faɗin da tsayin glyph ɗin ya yi daidai da girman bitmap ɗin da ke akwai. Mai hari zai iya ƙirƙira shigarwar ta hanyar da zai sa a rubuta wutsiyar bayanan zuwa wajen wurin da aka keɓe. An lura cewa duk da rikitarwa na yin amfani da raunin da ya faru, ba a cire matsalar kawo matsala ga code kisa.
An buga gyaran a matsayin faci. Ana iya kimanta matsayin kawar da rashin ƙarfi a cikin rarrabawa akan waɗannan shafuka: Ubuntu, SUSE, RHEL, Fedora, Debian. Don gyara matsaloli a cikin GRUB2, bai isa kawai sabunta kunshin ba; Hakanan kuna buƙatar ƙirƙirar sabbin sa hannu na dijital na ciki da sabunta masu sakawa, bootloaders, fakitin kernel, fwupd firmware da shim Layer.
Yawancin rarrabawar Linux suna amfani da ƙaramin shim Layer da Microsoft ya sa hannu a dijital don tabbatar da yin booting a cikin UEFI Secure Boot yanayin. Wannan Layer yana tabbatar da GRUB2 tare da takaddun shaida, wanda ke ba masu haɓaka rarraba damar samun kowane kwaya da sabunta GRUB ta Microsoft. Rashin lahani a cikin GRUB2 yana ba ku damar cimma aiwatar da lambar ku a matakin bayan nasarar tabbatar da shim, amma kafin shigar da tsarin aiki, shiga cikin sarkar amincewa lokacin da Secure Boot yanayin ke aiki kuma yana samun cikakken iko akan ci gaba da aikin taya, gami da loda wani OS, gyaggyara tsarin sassan tsarin aiki da ketare Kariyar Kulle.
Don toshe lahani ba tare da soke sa hannun dijital ba, rarrabawa na iya amfani da tsarin SBAT (UEFI Secure Boot Advanced Targeting), wanda ke tallafawa don GRUB2, shim da fwupd a cikin mafi yawan shahararrun rabawa na Linux. SBAT an haɓaka shi tare da Microsoft kuma ya haɗa da ƙara ƙarin metadata zuwa fayilolin aiwatarwa na abubuwan UEFI, wanda ya haɗa da bayani game da masana'anta, samfuri, sashi da sigar. Ƙayyadadden metadata an ƙware tare da sa hannu na dijital kuma ana iya haɗa shi daban a cikin jerin abubuwan da aka yarda ko aka haramta don UEFI Secure Boot.
SBAT yana ba ku damar toshe amfani da sa hannu na dijital don yawan adadin lambobin haɗin mutum ba tare da yin tawaye don karɓar takalmin amintaccen ba. Kashe raunin ta hanyar SBAT baya buƙatar amfani da lissafin soke takardar shedar UEFI (dbx), amma ana yin shi a matakin maye gurbin maɓallin ciki don samar da sa hannu da sabunta GRUB2, shim da sauran kayan aikin taya da aka kawo ta hanyar rarrabawa. Kafin gabatar da SBAT, sabunta jerin sokewar takardar shaidar (dbx, UEFI List of Revocation) wani abu ne da ake buƙata don toshe raunin gaba ɗaya, tunda mai hari, ba tare da la'akari da tsarin aiki da aka yi amfani da shi ba, zai iya amfani da kafofin watsa labarai mai bootable tare da tsohuwar sigar GRUB2 mai rauni, bokan ta hanyar sa hannun dijital, don daidaitawa UEFI Secure Boot.
source: budenet.ru