Ruzivo rwekusagadzikana (CVE-2023-4001) muzvigamba zveGRUB2 bootloader yakagadzirwa neRed Hat yaburitswa. Kusagadzikana kunobvumira akawanda masisitimu ane UEFI kuti apfuure cheki yepassword yakaiswa muGRUB2 kurambidza kupinda kune iyo boot menyu kana bhoti loader command line. Kusagadzikana kunokonzerwa neshanduko yakawedzerwa neRed Hat kune GRUB2 package inotumirwa neRHEL uye Fedora Linux. Dambudziko harioneki muchirongwa chikuru cheGRUB2 uye rinongokanganisa kugovera kwakashandisa mamwe maRed Hat mapeche.
Dambudziko rinokonzerwa nekukanganisa mune logic yekuti UUID inoshandiswa sei nebootloader kutsvaga mudziyo une faira yekumisikidza (semuenzaniso, "/boot/efi/EFI/fedora/grub.cfg") ine password. hash. Kuti upfuure huchokwadi, mushandisi ane mukana wekuita pakombuta anogona kubatanidza dhiraivha yekunze, senge USB Flash, ichiisa kuUUID inofananidzira chiziviso cheiyo boot partition / boot yeyakarwiswa system.
Mazhinji UEFI masisitimu anogadzira madhiraivha ekunze kutanga uye oaisa mune rondedzero yemidziyo yakaonekwa isati yamira madhiraivha, saka iyo / boot partition yakagadzirirwa neanorwisa ichave nepamusoro pekutanga kugadzirisa, uye nekudaro, GRUB2 inoedza kurodha faira yekumisikidza kubva muchikamu ichi. Paunenge uchitsvaga kupatsanura uchishandisa "search" command muGRUB2, chete yekutanga UUID match inotarwa, mushure meizvozvo kutsvaga kunomira. Kana iyo huru yekumisikidza faira isingawanikwe mune imwe partition, GRUB2 ichaburitsa yekuraira kukurumidza iyo inobvumidza iwe kuve nekutonga kwakazara pamusoro peimwe nzira yebhoti.
Iyo "lsblk" yekushandisa inogona kushandiswa kuona iyo UUID yekuparadzanisa nemushandisi wemuno asina rusarura, asi mushandisi wekunze asina mukana kune system asi anogona kuona maitiro ebhoot anogona, pane kumwe kugovera, kuona iyo UUID kubva mukuongororwa. mameseji anoratidzwa panguva yebhutsu. Kusagadzikana kwakagadziriswa neRed Hat nekuwedzera nharo nyowani ku "search" murairo unobvumira iyo UUID scan operation kuti isungirwe chete kuvharisa maturusi anoshandiswa kumhanyisa boot manager (kureva kuti /boot partition inofanira kungove yakafanana. tyaira seEFI system partition).
Source: opennet.ru