AMD nezve kushanda pakugadzirisa zvakatevedzana zvehurema ""(CVE-2020-12890), iyo inokutendera iwe kuti uwane kutonga kweiyo UEFI firmware uye kuita kodhi paSMM (System Management Mode) nhanho. Kurwiswa kunoda kuwanikwa kwemuviri kumidziyo kana kuwana kune sisitimu ine kodzero dzemaneja. Muchiitiko chekurwisa kwakabudirira, anorwisa anogona kushandisa iyo interface (AMD Generic Encapsulated Software Architecture) kuita zvekupokana kodhi isingagone kuburitswa kubva kune inoshanda sisitimu.
Kusagadzikana kuripo mune kodhi inosanganisirwa muEFI firmware, inoitwa mukati (Ring -2), iyo ine yepamusoro pekutanga kupfuura hypervisor modhi uye yekudzivirira mhete zero, uye ine isina kuganhurirwa kuwana kune ese system memory. Semuenzaniso, mushure mekuwana mukana weiyo OS nekuda kwekushandisa kumwe kusasimba kana nzira dzeinjiniya dzemagariro, munhu anorwisa anogona kushandisa SMM Callout vulnerabilities kunzvenga UEFI Secure Boot, kubaya system-isingaoneki yakaipa kodhi kana rootkits muSPI Flash, uye zvakare kutanga kurwisa. pane hypervisors yekunzvenga nzira dzekutarisa kutendeseka kwezvakatipoteredza nharaunda.
Kusagadzikana uku kunokonzerwa nekukanganisa muSMM kodhi nekuda kwekushaikwa kwekutarisa kero yeinongedzo buffer pakufonera SmmGetVariable() basa mu0xEF SMI mubato. Iyi bug inogona kubvumira anorwisa kuti anyore zvekupokana dhata kuSMM yemukati ndangariro (SMRAM) uye kuimhanyisa sekodhi ine SMM ropafadzo. Zvinoenderana nedata rekutanga, dambudziko rinoonekwa mune mamwe maAPU (AMD Fusion) evatengi uye akamisikidzwa masisitimu anogadzirwa kubva 2016 kusvika 2019. AMD yakatopa vazhinji vanogadzira mamabhodhi ane firmware update inogadzirisa dambudziko, uye iyo update yakarongwa kutumirwa kune vakasara vanogadzira panopera mwedzi.
Source: opennet.ru