Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Zowopsa mu UEFI firmware kutengera InsydeH2O chimango, kulola kuphedwa kwa ma code pamlingo wa SMM.

Zowopsa mu UEFI firmware kutengera InsydeH2O chimango, kulola kuphedwa kwa ma code pamlingo wa SMM.

Mu InsydeH2O chimango, chogwiritsidwa ntchito ndi opanga ambiri kuti apange UEFI firmware ya zida zawo (kukhazikitsa kofala kwa UEFI BIOS), zofooka za 23 zadziwika zomwe zimalola kuti code ichitike pamlingo wa SMM (System Management Mode), womwe uli ndi Chofunika kwambiri (Ring -2) kuposa mawonekedwe a hypervisor ndi mphete ya ziro yachitetezo, komanso kukhala ndi mwayi wokumbukira zonse. Nkhaniyi imakhudza firmware ya UEFI yogwiritsidwa ntchito ndi opanga monga Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel ndi Bull Atos.

Kugwiritsa ntchito ziwopsezo kumafuna mwayi wopezeka m'deralo ndi ufulu wa olamulira, zomwe zimapangitsa kuti nkhanizo zikhale zodziwika bwino ngati zofooka za gawo lachiwiri, zomwe zimagwiritsidwa ntchito pambuyo potengera zovuta zina m'dongosolo kapena kugwiritsa ntchito njira zama engineering. Kufikira pamlingo wa SMM kumakupatsani mwayi wopanga ma code pamlingo wosayendetsedwa ndi makina ogwiritsira ntchito, omwe angagwiritsidwe ntchito kusinthira fimuweya ndikusiya zobisika zobisika kapena ma rootkits mu SPI Flash omwe samazindikiridwa ndi opareshoni, komanso kuletsa kutsimikizira pa boot stage (UEFI Safe Boot, Intel BootGuard) ndi kuwukira kwa hypervisors kuti adutse njira zowonera kukhulupirika kwa malo enieni.

Zowopsa mu UEFI firmware kutengera InsydeH2O chimango, kulola kuphedwa kwa ma code pamlingo wa SMM.

Kugwiritsa ntchito ziwopsezo kutha kuchitidwa kuchokera pamakina ogwiritsira ntchito pogwiritsa ntchito ma SMI (System Management Interrupt) osatsimikizika, komanso pagawo lokonzekera pulogalamu yoyambira panthawi yoyambira kapena kubwerera kumayendedwe ogona. Zofooka zonse zimayamba chifukwa cha vuto la kukumbukira ndipo zimagawidwa m'magulu atatu:

  • Kuyitanira kwa SMM - kuchita ma code anu ndi maufulu a SMM potumizanso machitidwe a ma SWSMI osokoneza ma code kunja kwa SMRAM;
  • Ziphuphu zamakumbukiro zomwe zimalola wowukira kuti alembe zomwe akudziwa ku SMRAM, malo apadera okumbukira omwe ali ndi ufulu wa SMM.
  • Kuwonongeka kwa kukumbukira mu code yomwe ikuyenda pamlingo wa DXE (Driver eXecution Environment).

Kuti muwonetse mfundo zokonzekera kuukira, chitsanzo cha chinyengo chasindikizidwa, chomwe chimalola, kupyolera muchitetezo chachitatu kapena zero, kuti mupeze mwayi wa DXE Runtime UEFI ndikuchita nambala yanu. Kuchita bwino kumayendetsa kusefukira kwa stack (CVE-2021-42059) mu driver wa UEFI DXE. Panthawi yakuukira, wowukirayo amatha kuyika nambala yake mu driver wa DXE, yomwe imakhalabe yogwira ntchito ikayambiranso, kapena kusintha gawo la NVRAM la SPI Flash. Pakuphedwa, nambala yowukira imatha kusintha malo okumbukira bwino, kusintha ntchito za EFI Runtime, ndikukhudza momwe ma boot ayambira.

Source: opennet.ru

Kuwonjezera ndemanga