Zowonongeka za 2 zakhazikitsidwa mu bootloader ya GRUB7 yomwe imalola kudutsa njira ya UEFI Secure Boot ndi kulola kachidindo yosatsimikiziridwa kuti igwire ntchito, mwachitsanzo, kubaya pulogalamu yaumbanda yomwe imagwira ntchito pa bootloader kapena kernel level. Kuphatikiza apo, pali chiwopsezo chimodzi pagulu la shim, lomwe limakupatsaninso mwayi wodutsa UEFI Safe Boot. Gulu lachiwopsezo linali lotchedwa Bootthole 3, lofanana ndi mavuto omwewo omwe adadziwika kale mu bootloader.
Kukonza mavuto mu GRUB2 ndi shim, kugawa kudzatha kugwiritsa ntchito njira ya SBAT (UEFI Secure Boot Advanced Targeting), yomwe imathandizidwa ndi GRUB2, shim ndi fwupd. SBAT inapangidwa mogwirizana ndi Microsoft ndipo imaphatikizapo kuwonjezera metadata ku gawo la UEFI mafayilo omwe angathe kuchitidwa, omwe amaphatikizapo zambiri za wopanga, malonda, chigawo, ndi mtundu. Metadata yotchulidwayo imasaina pakompyuta ndipo ikhoza kuphatikizidwa padera pamndandanda wazinthu zololedwa kapena zoletsedwa za UEFI Secure Boot.
Zogawa zambiri za Linux zimagwiritsa ntchito kagawo kakang'ono ka shim, kosainidwa ndi Microsoft, pa boot yotsimikizika mu UEFI Safe Boot mode. Chigawochi chimatsimikizira GRUB2 ndi satifiketi yake, yomwe imalola opanga magawo kuti asatsimikizire kernel iliyonse ndikusintha kwa GRUB ndi Microsoft. Zowopsa mu GRUB2 zimakulolani kuti mugwiritse ntchito nambala yanu panthawiyi mutatsimikizira bwino za shim, koma musanalowetse makina ogwiritsira ntchito, kulowetsedwa muzitsulo zodalirika ndi Secure Boot mode yogwira ntchito ndikukhala ndi mphamvu zonse pa bootloading ina, kuphatikizapo kuyambitsa ina. OS, kusintha magawo a machitidwe ogwiritsira ntchito ndi chitetezo chotchinga chotseka.
Kukonza zovuta mu bootloader, kugawa kumayenera kupanga siginecha zatsopano zamkati za digito ndikusintha zoyikira, zojambulira, mapaketi a kernel, fwupd-firmware ndi shim-layer. Asanakhazikitsidwe SBAT, kukonzanso mndandanda wa ziphaso zochotsedwa (dbx, UEFI Revocation List) kunali kofunikira kuti mutseke chiwopsezo, popeza wowukira, mosasamala kanthu za makina ogwiritsira ntchito, amatha kugwiritsa ntchito boot media ndi mtundu wakale wa GRUB2 yotsimikiziridwa ndi siginecha ya digito kuti isokoneze UEFI Safe Boot.
M'malo mochotsa siginecha, SBAT imakupatsani mwayi woletsa kugwiritsa ntchito manambala amtundu uliwonse popanda kufunikira kubweza makiyi a Safe Boot. Kuletsa zofooka kudzera mu SBAT sikufuna kugwiritsa ntchito UEFI CRL (dbx), koma kumachitidwa pamlingo wosintha makiyi amkati kuti apange siginecha ndikusintha GRUB2, shim, ndi zida zina za boot zomwe zimaperekedwa ndi magawo. Thandizo la SBAT lawonjezedwa ku magawo otchuka a Linux.
Zowopsa zomwe zidazindikirika:
- CVE-2021-3696, CVE-2021-3695 - Mulu wa buffer umasefukira mukakonza zithunzi zopangidwa mwapadera za PNG, zomwe zitha kugwiritsidwa ntchito pokonzekera kuchitidwa kwa code yowukira ndikudutsa UEFI Safe Boot. Zimadziwika kuti vutoli ndi lovuta kugwiritsa ntchito, chifukwa kupanga ntchito yogwiritsira ntchito kumafuna kuganizira zinthu zambiri komanso kupezeka kwa chidziwitso chokhudza kukumbukira kukumbukira.
- CVE-2021-3697 - Buffer underflow mu JPEG code processing image. Kugwiritsa ntchito vutoli kumafuna chidziwitso cha kamangidwe ka kukumbukira ndipo kuli pafupi ndi msinkhu wofanana ndi vuto la PNG (CVSS 7.5).
- CVE-2022-28733 - Kusefukira kwa chiwerengero mu grub_net_recv_ip4_packets() ntchito yomwe imakupatsani mwayi wowongolera rsm->total_len parameter potumiza paketi ya IP yopangidwa mwapadera. Nkhaniyi idadziwika kuti ndiyowopsa kwambiri pazowopsa zomwe zawonetsedwa (CVSS 8.1). Ngati atagwiritsidwa ntchito bwino, kusatetezekako kumapangitsa kuti deta ilembedwe kunja kwa malire a buffer pogawa dala kukula kwakung'ono kwa kukumbukira.
- CVE-2022-28734 - Single byte buffer kusefukira pamene mukukonza mitu yogawanika ya HTTP. Vutoli litha kupangitsa kuti metadata ya GRUB2 iwonongeke (lembani null byte itangotha ββββmapeto a buffer) popereka zopempha zopangidwa mwapadera za HTTP.
- CVE-2022-28735 - Nkhani mu shim_lock verifier yomwe imalola kutsitsa mafayilo omwe si a kernel. Chiwopsezochi chitha kugwiritsidwa ntchito poyambitsa ma module a kernel osasainidwa kapena ma code osatsimikizika mu UEFI Secure Boot mode.
- CVE-2022-28736 - Kufikira malo okumbukira omasulidwa kale mu grub_cmd_chainloader () ntchito poyendetsanso lamulo la chainloader lomwe limagwiritsidwa ntchito kutsitsa makina ogwiritsira ntchito osathandizidwa ndi GRUB2. Kugwiritsa ntchito masuku pamutu kungayambitse kuphedwa kwa nambala yowukira ngati wowukirayo atha kudziwa zomwe zagawika kukumbukira mu GRUB2.
- CVE-2022-28737 - Buffer kusefukira mu shim wosanjikiza mu handle_image() ntchito potsitsa ndikuchita zithunzi za EFI.
Source: opennet.ru