ProHoster > Блог > xov xwm hauv internet > Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Muaj nees nkaum peb qhov tsis zoo tau pom nyob rau hauv InsydeH2O framework, uas ntau lub tuam txhab tsim khoom siv los tsim UEFI firmware rau lawv cov khoom siv (qhov kev siv UEFI BIOS feem ntau). Cov tsis zoo no tso cai rau kev ua tiav cov lej ntawm SMM (System Management Mode), uas muaj qhov tseem ceeb dua (Ring -2) dua li hypervisor mode thiab protection ring zero, thiab muaj kev nkag mus rau txhua lub cim xeeb tsis txwv. Qhov teeb meem cuam tshuam rau UEFI firmware uas cov tuam txhab tsim khoom siv xws li Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel, thiab Bull Atos.

Kev siv cov qhov tsis muaj zog no yuav tsum tau nkag mus rau hauv zos nrog cov cai tswjfwm, ua rau lawv nrhiav tau ntau heev raws li qhov tsis muaj zog theem ob, siv tom qab siv lwm qhov tsis muaj zog ntawm lub kaw lus lossis siv cov txheej txheem kev tsim kho hauv zej zog. Kev nkag mus rau theem SMM tso cai rau kev ua tiav cov lej ntawm qib uas tsis yog lub operating system tswj hwm, uas tuaj yeem siv los hloov kho firmware thiab tso cov lej zais lossis rootkits hauv SPI Flash memory uas lub operating system tsis pom. Qhov no kuj tseem siv tau los kaw qhov kev txheeb xyuas lub sijhawm khau raj (UEFI Secure Boot, Intel BootGuard) thiab tawm tsam hypervisors kom hla dhau kev kuaj xyuas kev ncaj ncees rau cov chaw virtual.

Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Cov teeb meem tsis muaj zog tuaj yeem raug siv los ntawm hauv lub operating system siv cov SMI (System Management Interrupt) handlers uas tsis tau txheeb xyuas, nrog rau ua ntej lub operating system raug ua haujlwm thaum lub sijhawm khau raj thawj zaug lossis thaum lub sijhawm rov qab los ntawm hom pw tsaug zog. Txhua qhov tsis muaj zog yog tshwm sim los ntawm cov teeb meem kev tswj hwm nco thiab muab faib ua peb pawg:

  • SMM Callout - kev ua tiav ntawm koj cov lej nrog SMM txoj cai los ntawm kev xa rov qab kev ua tiav ntawm SWSMI interrupt handlers rau cov lej sab nraud ntawm SMRAM;
  • Kev puas tsuaj ntawm lub cim xeeb tso cai rau tus neeg tawm tsam sau lawv cov ntaub ntawv rau hauv SMRAM, ib qho chaw cim xeeb tshwj xeeb uas cov lej nrog SMM txoj cai khiav.
  • Kev puas tsuaj ntawm lub cim xeeb hauv cov lej khiav ntawm DXE (Driver eXecution Environment) theem.

Yuav kom qhia tau txog cov ntsiab cai ntawm kev tawm tsam, muaj ib qho piv txwv ntawm kev siv tsis raug uas tso cai rau cov neeg tawm tsam nkag mus rau UEFI DXE Runtime thiab ua cov lej los ntawm kev tawm tsam los ntawm lub nplhaib thib peb lossis xoom ntawm kev tiv thaiv. Qhov kev siv tsis raug no siv stack overflow (CVE-2021-42059) hauv UEFI DXE driver. Thaum lub sijhawm tawm tsam, tus neeg tawm tsam tuaj yeem txhaj lawv cov lej rau hauv DXE driver, uas tseem ua haujlwm tom qab lub operating system rov pib dua, lossis hloov kho thaj chaw NVRAM hauv SPI Flash. Thaum lub sijhawm ua haujlwm, tus lej ntawm tus neeg tawm tsam tuaj yeem hloov kho thaj chaw nco tshwj xeeb, hloov kho cov kev pabcuam EFI Runtime, thiab cuam tshuam rau cov txheej txheem khau raj.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster