AMD game da yin aiki don gyara jerin raunin da ya faru ""(CVE-2020-12890), wanda ke ba ku damar sarrafa firmware na UEFI da aiwatar da lamba a matakin SMM (Yanayin Gudanar da Tsarin). Harin yana buƙatar samun damar jiki zuwa kayan aiki ko samun dama ga tsarin tare da haƙƙin gudanarwa. Idan an sami nasarar kai hari, maharin na iya amfani da hanyar sadarwa (AMD Generic Encapsulated Software Architecture) don aiwatar da lambar sabani wacce ba za a iya bayyanawa daga tsarin aiki ba.
Lalacewar suna nan a cikin lambar da aka haɗa a cikin firmware na UEFI, wanda aka aiwatar a ciki (Ring -2), wanda ke da fifiko mafi girma fiye da yanayin hypervisor da sifilin zobe na kariya, kuma yana da damar shiga mara iyaka zuwa duk ƙwaƙwalwar ajiyar tsarin. Misali, bayan samun dama ga OS sakamakon amfani da wasu lahani ko hanyoyin injiniyanci na zamantakewa, maharin na iya amfani da raunin SMM Callout don ketare UEFI Secure Boot, shigar da lambar ɓoyayyiyar ɓoyayyiyar tsarin ko rootkits cikin SPI Flash, da kuma ƙaddamar da hare-hare. a kan hypervisors don ketare hanyoyin don bincika amincin mahallin kama-da-wane.
Kuskure ne ke haifar da rashin lahani a cikin lambar SMM saboda rashin duba adireshin buffer ɗin da ake buƙata lokacin kiran aikin SmmGetVariable() a cikin mai sarrafa 0xEF SMI. Wannan kwaro na iya ƙyale maharin ya rubuta bayanan sabani zuwa ƙwaƙwalwar ajiyar ciki ta SMM (SMRAM) kuma ya gudanar da ita azaman lamba tare da gata na SMM. Dangane da bayanan farko, matsalar tana bayyana a cikin wasu APUs (AMD Fusion) don mabukaci da tsarin da aka saka daga 2016 zuwa 2019. AMD ta riga ta samar da mafi yawan masana'antun motherboard tare da sabunta firmware wanda ke magance matsalar, kuma ana shirin aika sabuntawa zuwa sauran masana'antun a ƙarshen wata.
source: budenet.ru