Cov ntaub ntawv tau tshaj tawm txog 8 qhov tsis zoo hauv GRUB2 bootloader, uas tso cai rau koj hla dhau UEFI Secure Boot mechanism thiab khiav cov lej tsis tau lees paub, piv txwv li, siv malware khiav ntawm bootloader lossis kernel qib.
Cia peb nco qab tias nyob rau hauv feem ntau Linux faib, rau kev txheeb xyuas booting nyob rau hauv UEFI Secure Boot hom, ib tug me me shim txheej yog siv, digitally kos npe los ntawm Microsoft. Cov txheej txheem no txheeb xyuas GRUB2 nrog nws tus kheej daim ntawv pov thawj, uas tso cai rau cov neeg tsim khoom faib tawm kom tsis txhob muaj txhua lub ntsiav thiab GRUB hloov tshiab tau lees paub los ntawm Microsoft. Vulnerabilities hauv GRUB2 tso cai rau koj kom ua tiav qhov kev ua tiav ntawm koj cov cai ntawm theem tom qab kev ua tiav shim pov thawj, tab sis ua ntej thauj khoom ntawm kev khiav hauj lwm, wedging rau hauv cov saw ntawm kev ntseeg siab thaum Secure Boot hom yog nquag thiab tau txais kev tswj tag nrho ntawm cov txheej txheem khau raj ntxiv, suav nrog loading lwm OS, hloov kho kev khiav hauj lwm qhov system Cheebtsam thiab bypass Lockdown tiv thaiv.
Raws li nrog rau xyoo tas los BootHole qhov tsis zoo, kev hloov kho lub bootloader tsis txaus los thaiv qhov teeb meem, txij li tus neeg tawm tsam, tsis hais lub operating system siv, tuaj yeem siv cov xov xwm bootable nrog cov laus, digitally kos npe, qhov tsis zoo ntawm GRUB2 los cuam tshuam UEFI Secure Boot. Qhov teeb meem tsuas yog daws tau los ntawm kev hloov kho daim ntawv pov thawj tshem tawm daim ntawv teev npe (dbx, UEFI Revocation List), tab sis nyob rau hauv cov ntaub ntawv no lub peev xwm los siv cov qub installation media nrog Linux yuav ploj.
Ntawm cov tshuab nrog firmware uas muaj daim ntawv pov thawj tshem tawm tshiab, tsuas yog kho tshiab tsim ntawm Linux faib tuaj yeem thauj khoom hauv UEFI Secure Boot hom. Kev faib tawm yuav tsum tau hloov kho cov installers, bootloaders, pob pob khoom, fwupd firmware thiab shim txheej, tsim cov npe digital tshiab rau lawv. Cov neeg siv yuav tsum tau hloov kho cov duab teeb tsa thiab lwm cov xov xwm bootable, nrog rau thauj daim ntawv pov thawj tshem tawm (dbx) rau hauv UEFI firmware. Ua ntej hloov kho dbx rau UEFI, lub kaw lus tseem muaj kev cuam tshuam tsis hais txog kev teeb tsa kev hloov tshiab hauv OS. Cov xwm txheej ntawm qhov tsis zoo tuaj yeem raug soj ntsuam ntawm cov nplooj ntawv no: Ubuntu, SUSE, RHEL, Debian.
Txhawm rau daws cov teeb meem uas tshwm sim thaum faib cov ntawv pov thawj raug tshem tawm, yav tom ntej nws tau npaj yuav siv SBAT (UEFI Secure Boot Advanced Targeting), kev txhawb nqa uas tau ua tiav rau GRUB2, shim thiab fwupd, thiab pib los ntawm kev hloov tshiab tom ntej no. siv es tsis txhob ntawm lub functionality muab los ntawm lub pob dbxtool. SBAT tau tsim ua ke nrog Microsoft thiab koom nrog ntxiv cov metadata tshiab rau cov ntaub ntawv ua tiav ntawm UEFI cov khoom, uas suav nrog cov ntaub ntawv hais txog cov chaw tsim khoom, cov khoom lag luam, cov khoom siv thiab cov qauv. Cov ntaub ntawv teev tseg tau raug lees paub nrog tus lej kos npe thiab tuaj yeem suav nrog hauv cov npe tso cai lossis txwv tsis pub siv rau UEFI Secure Boot. Yog li, SBAT yuav tso cai rau koj los tswj hwm cov lej version ntawm tus lej thaum lub sijhawm tshem tawm yam tsis tas yuav tsim cov yuam sij rau Secure Boot thiab tsis tsim cov npe tshiab rau cov ntsiav, shim, grub2 thiab fwupd.
Txheeb xyuas qhov tsis zoo:
- CVE-2020-14372 - Siv cov lus txib acpi hauv GRUB2, tus neeg siv muaj cai ntawm lub kaw lus hauv zos tuaj yeem thauj khoom hloov kho ACPI cov lus los ntawm kev tso SSDT (Secondary System Description Table) hauv /boot/efi directory thiab hloov chaw hauv grub.cfg. Txawm hais tias Secure Boot hom tau ua haujlwm, qhov kev thov SSDT yuav raug tua los ntawm cov ntsiav thiab tuaj yeem siv los kaw LockDown tiv thaiv uas thaiv UEFI Secure Boot bypass txoj hauv kev. Raws li qhov tshwm sim, tus neeg tawm tsam tuaj yeem ua tiav kev thauj khoom ntawm nws cov ntsiav module lossis khiav code los ntawm kexec mechanism, yam tsis tau kuaj xyuas qhov kos npe digital.
- CVE-2020-25632 yog kev siv-tom qab-dawb lub cim xeeb nkag rau hauv kev ua raws li cov lus txib rmmod, uas tshwm sim thaum muaj kev sim ua kom tshem tawm ib qho module yam tsis xav txog cov kev cuam tshuam nrog nws. Qhov tsis txaus ntseeg tsis suav nrog kev tsim cov kev siv dag zog uas tuaj yeem ua rau kev ua txhaum cai hla dhau kev pov thawj Secure Boot.
- CVE-2020-25647 Ib qho kev tawm-ntawm-hloov sau rau hauv grub_usb_device_initialize() muaj nuj nqi hu ua thaum pib siv cov khoom siv USB. Qhov teeb meem tuaj yeem raug siv los ntawm kev sib txuas cov khoom siv tshwj xeeb USB uas tsim cov kev txwv uas nws qhov loj me tsis sib haum rau qhov loj ntawm qhov tsis faib rau USB cov qauv. Tus neeg tawm tsam tuaj yeem ua tiav qhov kev ua tiav ntawm cov lej uas tsis tau lees paub hauv Secure Boot los ntawm kev siv USB li.
- CVE-2020-27749 yog qhov tsis sib xws hauv grub_parser_split_cmdline() muaj nuj nqi, uas tuaj yeem tshwm sim los ntawm kev qhia txog qhov sib txawv loj dua 2 KB ntawm GRUB1 cov kab hais kom ua. Qhov tsis muaj peev xwm tso cai rau kev ua tiav code kom dhau los ntawm Secure Boot.
- CVE-2020-27779 - Cov lus txib cutmem tso cai rau tus neeg tawm tsam tshem tawm ntau qhov chaw nyob ntawm lub cim xeeb kom hla kev ruaj ntseg khau raj.
- CVE-2021-3418 - Hloov pauv rau shim_lock tsim ib qho vector ntxiv los siv rau xyoo tas los qhov tsis zoo CVE-2020-15705. Los ntawm kev txhim kho daim ntawv pov thawj siv los kos npe GRUB2 hauv dbx, GRUB2 tso cai rau txhua lub kernel thauj khoom ncaj qha yam tsis tau txheeb xyuas qhov kos npe.
- CVE-2021-20225 - Muaj peev xwm sau cov ntaub ntawv tawm ntawm cov ciam teb thaum khiav cov lus txib nrog ntau txoj kev xaiv.
- CVE-2021-20233 - Muaj peev xwm sau cov ntaub ntawv tawm ntawm cov ciam teb vim qhov tsis raug qhov ntsuas qhov loj me thaum siv cov lus qhia. Thaum xam qhov loj me, nws tau xav tias peb lub cim yuav tsum tau khiav tawm ib qho kev tsocai, thaum qhov tseeb plaub yuav tsum tau ua.
Tau qhov twg los: opennet.ru