Cuaj qhov tsis zoo tau raug txheeb xyuas nyob rau hauv UEFI firmware raws li TianoCore EDK2 qhib platform, feem ntau siv rau cov tshuab server, sib sau ua ke codenamed PixieFAIL. Vulnerabilities muaj nyob rau hauv lub network firmware pawg siv los teeb tsa lub network khau raj (PXE). Qhov kev pheej hmoo txaus ntshai tshaj plaws tso cai rau tus neeg tawm tsam tsis muaj pov thawj los ua cov cai nyob deb ntawm qib firmware ntawm cov tshuab uas tso cai rau PXE booting dhau IPv9 network.
Cov teeb meem loj tsawg ua rau tsis lees txais kev pabcuam (khau raj thaiv), cov ntaub ntawv xau, DNS cache lom, thiab TCP kev sib ntsib hijacking. Feem ntau qhov tsis zoo tuaj yeem raug siv los ntawm lub network hauv zos, tab sis qee qhov tsis zoo kuj tuaj yeem raug tawm tsam los ntawm lwm lub network. Ib qho xwm txheej tawm tsam raug kub hnyiab los saib xyuas kev khiav tsheb ntawm lub network hauv zos thiab xa cov pob ntawv tsim tshwj xeeb thaum muaj kev cuam tshuam txog kev booting lub kaw lus ntawm PXE raug kuaj pom. Kev nkag mus rau lub download server lossis DHCP server tsis tas yuav tsum muaj. Txhawm rau ua kom pom cov txheej txheem tawm tsam, cov qauv siv tau raug luam tawm.
UEFI firmware raws li TianoCore EDK2 platform yog siv nyob rau hauv ntau lub tuam txhab loj, cov chaw muab kev pabcuam huab, cov chaw khaws ntaub ntawv thiab kev suav nrog. Tshwj xeeb, qhov tsis muaj zog NetworkPkg module nrog PXE khau raj siv yog siv hauv firmware tsim los ntawm ARM, Insyde Software (Insyde H20 UEFI BIOS), American Megatrends (AMI Aptio OpenEdition), Phoenix Technologies (SecureCore), Intel, Dell thiab Microsoft (Project Mu. ). Cov qhov tsis zoo kuj tau ntseeg tias yuav cuam tshuam rau ChromeOS platform, uas muaj EDK2 pob hauv qhov chaw cia khoom, tab sis Google tau hais tias pob no tsis siv rau hauv firmware rau Chromebooks thiab ChromeOS platform tsis cuam tshuam los ntawm qhov teeb meem.
Txheeb xyuas qhov tsis zoo:
- CVE-2023-45230 - Ib qho tsis txaus nyob rau hauv DHCPv6 tus neeg siv code, siv los ntawm kev hla dhau tus neeg rau zaub mov ID (Server ID xaiv).
- CVE-2023-45234 - Ib qho tsis tuaj yeem tshwm sim thaum ua cov kev xaiv nrog DNS server tsis dhau hauv cov lus tshaj tawm txog qhov muaj DHCPv6 server.
- CVE-2023-45235 - Tsis pub dhau thaum ua cov kev xaiv neeg rau zaub mov ID hauv DHCPv6 cov lus tshaj tawm npe.
- CVE-2023-45229 yog integer underflow uas tshwm sim thaum lub sij hawm ua cov kev xaiv IA_NA/IA_TA hauv DHCPv6 cov lus tshaj tawm DHCP server.
- CVE-2023-45231 Cov ntaub ntawv tawm-ntawm-tsis-nruab paug tshwm sim thaum ua tiav ND Redirect (Neighbor Discovery) cov lus nrog cov kev xaiv qhov tseem ceeb.
- CVE-2023-45232 Ib lub voj tsis kawg tshwm sim thaum txheeb xyuas cov kev xaiv tsis paub nyob rau hauv qhov chaw xaiv qhov chaw header.
- CVE-2023-45233 Ib lub voj tsis kawg tshwm sim thaum txheeb xyuas qhov kev xaiv PadN hauv pob ntawv header.
- CVE-2023-45236 - Siv cov noob qoob loo TCP uas tau ua tiav kom tso cai rau TCP kev sib txuas kab.
- CVE-2023-45237 - Siv lub tshuab hluav taws xob tsis zoo pseudo-random tus lej uas ua rau muaj txiaj ntsig kwv yees.
Cov qhov tsis zoo no tau xa mus rau CERT/CC thaum Lub Yim Hli 3, 2023, thiab hnub tshaj tawm tau teem rau lub Kaum Ib Hlis 2. Txawm li cas los xij, vim qhov xav tau kev sib koom ua ke tso tawm thoob plaws ntau tus neeg muag khoom, hnub tso tawm tau pib thawb rov qab rau Lub Kaum Ob Hlis 1st, tom qab ntawd thawb rov qab rau Lub Kaum Ob Hlis 12 thiab Lub Kaum Ob Hlis 19th, 2023, tab sis thaum kawg tau tshaj tawm thaum Lub Ib Hlis 16, 2024. Tib lub sijhawm, Microsoft thov kom ncua kev tshaj tawm cov ntaub ntawv mus txog lub Tsib Hlis.
Tau qhov twg los: opennet.ru