An gano lahani tara a cikin firmware na UEFI bisa tushen TianoCore EDK2 bude dandali, wanda aka saba amfani da shi akan tsarin sabar, tare da sunan PixieFAIL. Rashin lahani yana nan a cikin tarin firmware na cibiyar sadarwa da ake amfani da shi don tsara boot ɗin cibiyar sadarwa (PXE). Mafi haɗari mafi haɗari suna ba da izinin maharin da ba a iya tabbatar da shi ba don aiwatar da lambar nesa a matakin firmware akan tsarin da ke ba da damar yin amfani da PXE akan hanyar sadarwa ta IPv9.
Ƙananan matsaloli suna haifar da ƙin sabis (tarewa boot), ɗigon bayanai, guba na cache na DNS, da satar zaman TCP. Yawancin rashin lahani za a iya amfani da su daga cibiyar sadarwa ta gida, amma ana iya kai wa wasu lahani hari daga hanyar sadarwa ta waje. Halin yanayin hari na yau da kullun yana tasowa don sa ido kan zirga-zirgar ababen hawa a cibiyar sadarwar gida da aika fakitin ƙira na musamman lokacin da aka gano ayyukan da suka danganci booting tsarin ta PXE. Ba a buƙatar samun dama ga uwar garken zazzagewa ko uwar garken DHCP. Don nuna dabarar harin, an buga abubuwan amfani da samfur.
UEFI firmware bisa tsarin TianoCore EDK2 ana amfani dashi a cikin manyan kamfanoni da yawa, masu samar da girgije, cibiyoyin bayanai da gungu na kwamfuta. Musamman, ana amfani da tsarin NetworkPkg mai rauni tare da aiwatar da boot ɗin PXE a cikin firmware wanda ARM ya haɓaka, Insyde Software (Insyde H20 UEFI BIOS), Megatrends na Amurka (AMI Apio OpenEdition), Phoenix Technologies (SecureCore), Intel, Dell da Microsoft (Project Mu) ). An kuma yi imanin cewa raunin ya shafi dandalin ChromeOS, wanda ke da kunshin EDK2 a cikin ma'ajiyar, amma Google ya ce ba a amfani da wannan kunshin a cikin firmware don Chromebooks kuma dandamalin ChromeOS ba ya shafar matsalar.
Gane rashin lahani:
- CVE-2023-45230 - Madaidaicin buffer a cikin lambar abokin ciniki ta DHCPv6, wanda aka yi amfani da shi ta wuce dogon ID na sabar (zaɓin ID na uwar garken).
- CVE-2023-45234 - Matsakaicin buffer yana faruwa lokacin sarrafa zaɓi tare da sigogin uwar garken DNS da aka wuce cikin saƙon da ke sanar da kasancewar sabar DHCPv6.
- CVE-2023-45235 - Buffer ambaliya lokacin sarrafa zaɓin ID na uwar garke a cikin sanarwar sanarwar wakili na DHCPv6.
- CVE-2023-45229 lamba ce da ke gudana yayin aiwatar da zaɓuɓɓukan IA_NA/IA_TA a cikin saƙonnin DHCPv6 tallan sabar DHCP.
- CVE-2023-45231 yoyon bayanan baya-bayan nan yana faruwa lokacin sarrafa saƙonnin ND Redirect (Neighbor Discovery) tare da yanke ƙimar zaɓi.
- CVE-2023-45232 Madauki mara iyaka yana faruwa lokacin da ake tantance zaɓuɓɓukan da ba a san su ba a cikin taken Zaɓuɓɓukan Manufa.
- CVE-2023-45233 Madauki mara iyaka yana faruwa lokacin da za a tantance zaɓi na PadN a cikin taken fakiti.
- CVE-2023-45236 - Amfani da tsinkaya iri iri na TCP don ba da damar haɗin TCP.
- CVE-2023-45237 - Amfani da janareta na lamba bazuwar abin dogaro wanda ke samar da ƙima mai ƙima.
An gabatar da raunin ga CERT/CC a ranar 3 ga Agusta, 2023, kuma an tsara ranar bayyana ranar 2 ga Nuwamba. Koyaya, saboda buƙatar haɗin haɗin facin a tsakanin dillalai da yawa, an fara tura ranar sakin zuwa 1 ga Disamba, sannan aka tura zuwa Disamba 12th da Disamba 19th, 2023, amma a ƙarshe an bayyana a ranar 16 ga Janairu, 2024. A lokaci guda, Microsoft ya nemi da a jinkirta buga bayanan har zuwa Mayu.
source: budenet.ru