ProHoster > Блог > labaran intanet > Rashin lahani a cikin firmware na UEFI dangane da tsarin InsydeH2O, ba da izinin aiwatar da lambar a matakin SMM.

Rashin lahani a cikin firmware na UEFI dangane da tsarin InsydeH2O, ba da izinin aiwatar da lambar a matakin SMM.

A cikin tsarin InsydeH2O, masana'antun da yawa ke amfani da su don ƙirƙirar firmware na UEFI don kayan aikin su (mafi yawan aiwatar da UEFI BIOS), an gano raunin 23 waɗanda ke ba da izinin aiwatar da lambar a matakin SMM (Yanayin Gudanar da Tsarin), wanda ke da fifiko mafi girma (Ring -2) fiye da yanayin hypervisor da zoben kariya na sifili, da samun damar shiga mara iyaka zuwa duk ƙwaƙwalwar ajiya. Matsalar ta shafi UEFI firmware da masana'antun ke amfani da su kamar Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel da Bull Atos.

Yin amfani da rashin lahani yana buƙatar samun shiga cikin gida tare da haƙƙin mai gudanarwa, wanda ke sa al'amurra suka shahara a matsayin rashin ƙarfi na mataki na biyu, waɗanda aka yi amfani da su bayan cin gajiyar sauran lahani a cikin tsarin ko amfani da hanyoyin injiniyan zamantakewa. Samun dama a matakin SMM yana ba ku damar aiwatar da lambar a matakin da tsarin aiki bai sarrafa ba, wanda za'a iya amfani dashi don gyara firmware da barin ɓoye ɓoyayyiyar code ko rootkits a cikin Flash SPI waɗanda tsarin aiki ba su gano ba, haka kuma. don musaki tabbaci a matakin taya (UEFI Secure Boot, Intel BootGuard) da kuma kai hari kan masu sa ido don ketare hanyoyin bincika amincin mahallin kama-da-wane.

Rashin lahani a cikin firmware na UEFI dangane da tsarin InsydeH2O, ba da izinin aiwatar da lambar a matakin SMM.

Za'a iya yin amfani da rashin lahani daga tsarin aiki ta amfani da SMI da ba a tantance ba (System Management Interrupt) masu kulawa, da kuma a matakin farko na tsarin aiki a lokacin farkon matakai na booting ko dawowa daga yanayin barci. Matsalolin ƙwaƙwalwar ajiya ne ke haifar da dukkan lahani kuma an kasu kashi uku:

  • SMM Callout - aiwatar da lambar ku tare da haƙƙin SMM ta hanyar turawa aiwatar da SWSMI masu katsewa zuwa lamba wajen SMRAM;
  • Lalacewar ƙwaƙwalwar ajiya wanda ke bawa maharin damar rubuta bayanan su zuwa SMRAM, yanki mai keɓantaccen wurin ƙwaƙwalwar ajiya wanda ake aiwatar da lamba tare da haƙƙin SMM.
  • Lalacewar ƙwaƙwalwar ajiya a lambar da ke gudana a matakin DXE (Driver eXecution Environment).

Don nuna ƙa'idodin shirya harin, an buga misali na cin zarafi, wanda ke ba da damar, ta hanyar hari daga zoben kariya na uku ko sifili, don samun dama ga DXE Runtime UEFI kuma aiwatar da lambar ku. Amfanin yana sarrafa cunkoso (CVE-2021-42059) a cikin direban UEFI DXE. A lokacin harin, maharin na iya sanya lambar sa a cikin direban DXE, wanda ke ci gaba da aiki bayan an sake kunna tsarin aiki, ko yin canje-canje a yankin NVRAM na SPI Flash. Yayin aiwatarwa, lambar mai hari na iya yin canje-canje zuwa gatatattun wuraren ƙwaƙwalwar ajiya, gyara ayyukan EFI Runtime, kuma yana shafar tsarin taya.

source: budenet.ru

Add a comment