Cov ntaub ntawv tau tshaj tawm txog ob qhov tsis zoo hauv GRUB2 bootloader, uas tuaj yeem ua rau kev ua tiav cov lej thaum siv cov ntawv tsim tshwj xeeb thiab ua qee yam Unicode ua ntu zus. Vulnerabilities tuaj yeem siv los hla dhau UEFI Secure Boot Verified boot mechanism.
Txheeb xyuas qhov tsis zoo:
- CVE-2022-2601 - Ib qho tsis txaus nyob rau hauv grub_font_construct_glyph() ua haujlwm thaum ua cov ntawv tshwj xeeb tsim hauv pf2 hom, uas tshwm sim vim kev suav tsis raug ntawm max_glyph_size parameter thiab faib ntawm thaj chaw nco uas pom tseeb me dua qhov tsim nyog. haum glyphs.
- CVE-2022-3775 Ib qho kev sau ntawv tawm ntawm qhov tshwm sim tshwm sim thaum ua qee qhov Unicode ua ntu zus hauv cov ntawv tshwj xeeb. Qhov teeb meem yog nyob rau hauv font ua code thiab yog tshwm sim los ntawm ib tug tsis muaj kev soj ntsuam kom zoo los xyuas kom meej tias qhov dav thiab qhov siab ntawm lub glyph phim qhov luaj li cas ntawm cov bitmap muaj. Tus neeg tawm tsam tuaj yeem tsim cov tswv yim xws li ua rau tus Tsov tus tw ntawm cov ntaub ntawv sau mus rau sab nraud ntawm qhov tsis sib faib. Nws tau raug sau tseg tias txawm tias qhov nyuaj ntawm kev siv qhov tsis zoo, nqa qhov teeb meem rau kev ua tiav code tsis suav nrog.
Qhov kho tau raug luam tawm raws li thaj chaw. Cov xwm txheej ntawm kev tshem tawm qhov tsis zoo hauv kev faib khoom tuaj yeem ntsuas ntawm cov nplooj ntawv no: Ubuntu, SUSE, RHEL, Fedora, Debian. Txhawm rau txhim kho cov teeb meem hauv GRUB2, nws tsis txaus tsuas yog hloov lub pob; koj tseem yuav tau tsim cov ntawv kos npe digital tshiab thiab hloov kho cov installers, bootloaders, kernel pob, fwupd firmware thiab shim txheej.
Feem ntau Linux kev faib khoom siv me me shim txheej digitally kos npe los ntawm Microsoft rau kev txheeb xyuas booting hauv UEFI Secure Boot hom. Cov txheej txheem no txheeb xyuas GRUB2 nrog nws tus kheej daim ntawv pov thawj, uas tso cai rau cov neeg tsim khoom faib tawm kom tsis txhob muaj txhua lub ntsiav thiab GRUB hloov tshiab tau lees paub los ntawm Microsoft. Vulnerabilities hauv GRUB2 tso cai rau koj kom ua tiav qhov kev ua tiav ntawm koj cov cai ntawm theem tom qab kev ua tiav shim pov thawj, tab sis ua ntej thauj khoom ntawm kev khiav hauj lwm, wedging rau hauv cov saw ntawm kev ntseeg siab thaum Secure Boot hom yog nquag thiab tau txais kev tswj tag nrho ntawm cov txheej txheem khau raj ntxiv, suav nrog loading lwm OS, hloov kho kev khiav hauj lwm qhov system Cheebtsam thiab bypass Lockdown tiv thaiv.
Txhawm rau thaiv qhov tsis zoo yam tsis tau tshem tawm cov kos npe digital, kev faib tawm tuaj yeem siv SBAT (UEFI Secure Boot Advanced Targeting) mechanism, uas tau txais kev txhawb nqa rau GRUB2, shim thiab fwupd hauv Linux nrov tshaj plaws. SBAT tau tsim ua ke nrog Microsoft thiab koom nrog ntxiv cov metadata ntxiv rau cov ntaub ntawv ua tiav ntawm UEFI cov khoom, uas suav nrog cov ntaub ntawv hais txog cov chaw tsim khoom, cov khoom lag luam, cov khoom siv thiab cov qauv. Cov metadata uas tau teev tseg tau ntawv pov thawj nrog tus lej kos npe thiab tuaj yeem suav nrog hauv cov npe tso cai lossis txwv tsis pub siv rau UEFI Secure Boot.
SBAT tso cai rau koj los thaiv kev siv cov kos npe digital rau tus kheej cov lej version yam tsis tas yuav thim cov yuam sij rau Secure Boot. Kev thaiv qhov tsis zoo ntawm SBAT tsis tas yuav siv UEFI daim ntawv pov thawj tshem tawm daim ntawv teev npe (dbx), tab sis tau ua nyob rau theem ntawm kev hloov tus yuam sij sab hauv los tsim kev kos npe thiab hloov kho GRUB2, shim thiab lwm yam khoom siv khau raj muab los ntawm kev faib khoom. Ua ntej kev taw qhia ntawm SBAT, kev hloov kho daim ntawv pov thawj tshem tawm daim ntawv teev npe (dbx, UEFI Revocation List) yog qhov yuav tsum tau ua ua ntej rau kev thaiv qhov tsis zoo, txij li tus neeg tawm tsam, tsis hais txog kev siv lub tshuab siv, tuaj yeem siv cov xov xwm bootable nrog cov laus tsis muaj zog version ntawm GRUB2, tau lees paub los ntawm kev kos npe digital, kom cuam tshuam UEFI Secure Boot .
Tau qhov twg los: opennet.ru