ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities hauv GRUB2 uas tso cai rau koj hla UEFI Secure Boot

Vulnerabilities hauv GRUB2 uas tso cai rau koj hla UEFI Secure Boot

2 qhov tsis zoo tau raug kho nyob rau hauv GRUB7 bootloader uas tso cai rau koj hla dhau UEFI Secure Boot mechanism thiab khiav cov lej tsis tau lees paub, piv txwv li, qhia malware khiav ntawm bootloader lossis kernel qib. Tsis tas li ntawd, muaj ib qho tsis zoo nyob rau hauv txheej shim, uas tseem tso cai rau koj hla UEFI Secure Boot. Cov pab pawg ntawm qhov tsis zoo yog codenamed Boothole 3, zoo ib yam li cov teeb meem zoo sib xws uas tau txheeb xyuas yav dhau los hauv bootloader.

Txhawm rau daws cov teeb meem hauv GRUB2 thiab shim, kev faib tawm yuav siv tau SBAT (UEFI Secure Boot Advanced Targeting) mechanism, uas yog txhawb rau GRUB2, shim thiab fwupd. SBAT tau tsim ua ke nrog Microsoft thiab koom nrog ntxiv cov metadata ntxiv rau cov ntaub ntawv ua tiav ntawm UEFI cov khoom, uas suav nrog cov ntaub ntawv hais txog cov chaw tsim khoom, cov khoom lag luam, cov khoom siv thiab cov qauv. Cov metadata uas tau teev tseg tau ntawv pov thawj nrog tus lej kos npe thiab tuaj yeem suav nrog hauv cov npe tso cai lossis txwv tsis pub siv rau UEFI Secure Boot.

Feem ntau Linux kev faib khoom siv me me shim txheej digitally kos npe los ntawm Microsoft rau kev txheeb xyuas booting hauv UEFI Secure Boot hom. Cov txheej txheem no txheeb xyuas GRUB2 nrog nws tus kheej daim ntawv pov thawj, uas tso cai rau cov neeg tsim khoom faib tawm kom tsis txhob muaj txhua lub ntsiav thiab GRUB hloov tshiab tau lees paub los ntawm Microsoft. Vulnerabilities hauv GRUB2 tso cai rau koj kom ua tiav qhov kev ua tiav ntawm koj cov cai ntawm theem tom qab kev ua tiav shim pov thawj, tab sis ua ntej thauj khoom ntawm kev khiav hauj lwm, wedging rau hauv cov saw ntawm kev ntseeg siab thaum Secure Boot hom yog nquag thiab tau txais kev tswj tag nrho ntawm cov txheej txheem khau raj ntxiv, suav nrog loading lwm OS, hloov kho kev khiav hauj lwm qhov system Cheebtsam thiab bypass Lockdown tiv thaiv.

Txhawm rau txhim kho cov teeb meem hauv bootloader, kev faib tawm yuav tsum tsim cov ntawv kos npe digital tshiab thiab hloov kho cov installers, bootloaders, pob pob, fwupd firmware thiab shim txheej. Ua ntej kev qhia ntawm sbat, kho dua daim ntawv kho npe daim ntawv tshem tawm (vim tias muaj kev tawm tsam kom zoo, tuaj yeem siv bootable media nrog tus qub tsis muaj zog ntawm grub2, tau ntawv pov thawj los ntawm kos npe digital, kom cuam tshuam UEFI Secure Boot .

Hloov chaw ntawm kev tshem tawm ib qho kev kos npe, SBAT tso cai rau koj los thaiv nws txoj kev siv rau tus kheej tus lej version yam tsis tas yuav thim cov yuam sij rau Secure Boot. Kev thaiv qhov tsis zoo ntawm SBAT tsis tas yuav siv daim ntawv pov thawj UEFI tshem tawm (dbx), tab sis tau ua nyob rau theem ntawm kev hloov tus yuam sij sab hauv los tsim kev kos npe thiab hloov kho GRUB2, shim thiab lwm yam khoom siv khau raj muab los ntawm kev faib khoom. Tam sim no, SBAT kev them nyiaj yug twb tau ntxiv rau Linux nrov tshaj plaws.

Txheeb xyuas qhov tsis zoo:

  • CVE-2021-3696, CVE-2021-3695 yog heap-based buffer overflows thaum ua cov duab tshwj xeeb tsim PNG, uas tuaj yeem siv theoretically siv los tua cov cai tawm tsam thiab hla UEFI Secure Boot. Nws tau raug sau tseg tias qhov teeb meem yog qhov nyuaj rau kev siv, txij li thaum tsim kom muaj kev siv dag zog ua haujlwm yuav tsum tau coj mus rau hauv tus account ntau yam thiab muaj cov ntaub ntawv hais txog lub cim xeeb layout.
  • CVE-2021-3697 - Ib qho kev tsis sib haum xeeb hauv JPEG cov lej ua cov duab. Kev siv qhov teeb meem yuav tsum muaj kev paub txog lub cim xeeb layout thiab yog nyob rau ntawm tib theem ntawm complexity li PNG qhov teeb meem (CVSS 7.5).
  • CVE-2022-28733 - Ib qho integer overflow hauv grub_net_recv_ip4_packets() muaj nuj nqi tso cai rau rsm->total_len parameter cuam tshuam los ntawm kev xa cov pob ntawv IP tshwj xeeb. Qhov teeb meem raug cim tias yog qhov txaus ntshai tshaj plaws ntawm qhov tsis zoo uas tau nthuav tawm (CVSS 8.1). Yog tias siv tau zoo, qhov tsis muaj peev xwm tso cai rau cov ntaub ntawv sau dhau ntawm qhov tsis muaj ciam teb los ntawm kev faib lub cim xeeb me me.
  • CVE-2022-28734 - Ib-byte tsis txaus thaum ua tiav HTTP headers. Ib qho teeb meem tuaj yeem ua rau GRUB2 metadata kev noj nyiaj txiag (sau ib qho null byte tsuas yog tom qab qhov kawg ntawm qhov tsis) thaum parsing tshwj xeeb crafted HTTP thov.
  • CVE-2022-28735 Ib qho teeb meem hauv shim_lock verifier tso cai rau cov ntaub ntawv tsis-kernel thauj khoom. Qhov tsis zoo tuaj yeem siv los thauj cov ntsiav tsis tau kos npe lossis tsis tau lees paub code hauv UEFI Secure Boot hom.
  • CVE-2022-28736 Ib qho uas twb tau tso lub cim xeeb nkag rau hauv grub_cmd_chainloader() ua haujlwm los ntawm kev rov ua dua ntawm cov lus txib chainloader, siv rau khau raj kev ua haujlwm tsis tau txais kev txhawb nqa los ntawm GRUB2. Kev siv dag zog tuaj yeem ua rau tus neeg tawm tsam kev ua txhaum cai yog tias tus neeg tawm tsam tuaj yeem txiav txim siab faib lub cim xeeb hauv GRUB2
  • CVE-2022-28737 - Ib qho tsis txaus nyob hauv txheej shim tshwm sim hauv handle_image() muaj nuj nqi thaum thauj khoom thiab ua tiav cov duab crafted EFI.

Tau qhov twg los: opennet.ru

Ntxiv ib saib