AMD mō te mahi ki te whakatika i tētahi raupapa o ngā ngoikoretanga "(CVE-2020-12890), e āhei ai te whakahaere i te pūmanawa UEFI me te whakahaere i te waehere i te taumata SMM (Aratau Whakahaere Pūnaha). Me uru ā-tinana ki te taputapu, ki te uru pakiaka rānei ki te pūnaha mō te whakaeke. Ka taea e te whakaeke angitu te whakamahi i te atanga. (AMD Generic Encapsulated Software Architecture) hei whakahaere i ngā waehere matapōkere kāore e taea te kite mai i te pūnaha whakahaere.
Kei roto i te waehere kei roto i te pūmanawa UEFI e whakahaerehia ana i roto i te (Mīhini -2), he nui ake tōna mana i te aratau hypervisor me te tiakitanga Ring 0, ā, he urunga mutunga kore ki ngā mahara pūnaha katoa. Hei tauira, i muri i te urunga ki te OS mā te whakamahi i ētahi atu ngoikoretanga, i ngā tikanga hangarau pāpori rānei, ka taea e te kaiwhakaeke te whakamahi i ngā ngoikoretanga SMM Callout hei karo i te UEFI Secure Boot, te wero i ngā waehere kino e kore e kitea, i ngā rootkit rānei ki roto i te SPI Flash, me te whakaeke i ngā hypervisor hei karo i ngā tirotiro pono mō ngā taiao mariko.
Nā te hapa i roto i te waehere SMM e pā ana ki te kore whakamana o te wāhitau pūrua ūnga i te wā e karanga ana i te mahi SmmGetVariable() i roto i te kaiwhakahaere 0xEF SMI i puta ai ngā ngoikoretanga. Nā tēnei hapa, ka taea e te kaiwhakaeke te tuhi raraunga matapōkere ki te mahara ā-roto o te SMM (SMRAM) me te whakahaere hei waehere me ngā mana SMM. E ai ki ngā raraunga tuatahi, ka pā te raruraru ki ētahi APU AMD Fusion mō ngā pūnaha kaihoko me ngā pūnaha tāmau i hangaia i waenga i te tau 2016 me te 2019. Kua tohatoha kē a AMD i tētahi whakahoutanga pūmanawa ki te nuinga o ngā kaihanga papahoahoa me tētahi whakatika, ā, kua whakaritea kia whiwhi ngā kaihanga e toe ana i te whakahoutanga i mua i te mutunga o te marama.
Source: opennet.ru
