ProHoster > Блог > labaran intanet > Rashin lahani a cikin aiwatar da fasahar AMD SEV da ke shafar na'urori na AMD EPYC

Rashin lahani a cikin aiwatar da fasahar AMD SEV da ke shafar na'urori na AMD EPYC

AMD ta yi gargadin cewa an gano hanyoyin kai hari guda biyu waɗanda za su iya ƙetare tsarin tsaro na AMD SEV (Secure Encrypted Virtualization). Matsalar ta shafi ƙarni na farko, na biyu da na uku na na'urori masu sarrafawa na AMD EPYC (dangane da microarchitecture na Zen1 - Zen3), da kuma na'urori masu sarrafawa na AMD EPYC.

AMD SEV a matakin hardware yana ba da ɓoyayyiyar ɓoyayyiyar ƙwaƙwalwar na'ura mai kama-da-wane, wanda kawai tsarin baƙo na yanzu yana da damar yin amfani da bayanan da aka ɓoye, da sauran injunan kama-da-wane da hypervisor suna karɓar ɓoyayyen saitin bayanai yayin ƙoƙarin samun damar wannan ƙwaƙwalwar. Abubuwan da aka gano suna ba da damar mai kai hari tare da haƙƙin gudanarwa akan sabar da sarrafa hypervisor don ketare hani na AMD SEV kuma ya aiwatar da lambar su a cikin mahallin injunan kama-da-wane.

Abubuwan da aka gano:

  • CVE-2021-26311 (harrin da ba a iya amfani da shi ba) - ta hanyar yin amfani da canza tsarin tubalan ƙwaƙwalwar ajiya a cikin adireshin sarari na tsarin baƙo, idan kuna da iko akan hypervisor, zaku iya aiwatar da lambar ku a cikin injin kama-da-wane baƙo, duk da amfani. Kariyar AMD SEV/SEV-ES. Masu bincike sun shirya wani samfuri na cin zarafi na duniya wanda ke tattara tubalan UEFI da aka ɗora da su kuma suna amfani da dabarun dawowa (ROP - Return-Oriented Programming) don tsara aiwatar da code na sabani.
  • CVE-2020-12967 (SVerity Harin) - rashin ingantaccen kariya na tebur mai kwakwalwar ƙwaƙwalwar ajiya a cikin AMD SEV/SEV-ES yana ba da damar, idan kuna da damar yin amfani da hypervisor, don tsara maye gurbin lambar a cikin kwaya tsarin baƙo da tsarawa. canja wurin sarrafawa zuwa wannan lambar. Hanyar tana ba ku damar samun cikakken iko akan tsarin baƙo mai kariya da kuma fitar da bayanan sirri daga gare ta.

Don magance hanyoyin kai hari da aka tsara, AMD ta shirya tsawaita SEV-SNP (Secure Nested Paging), wanda ake samu azaman sabuntawar firmware don ƙarni na uku na masu sarrafa AMD EPYC da samar da ingantaccen aiki tare da teburan shafi na ƙwaƙwalwar ajiya. Bugu da ƙari ga ɓoyayyen ƙwaƙwalwar ajiya na gabaɗaya da SEV-ES (Encrypted State) tsawo wanda ke kare rajistar CPU, SEV-SNP yana ba da ƙarin kariyar amincin ƙwaƙwalwar ajiya wanda zai iya jure wa hare-hare daga hypervisors kuma yana ba da ƙarin kariya daga harin tashoshi na gefe.

source: budenet.ru

Add a comment