2 kusasimba kwakagadziriswa muGRUB7 bootloader iyo inokutendera kuti upfuure iyo UEFI Chengetedza Boot maitiro uye kumhanya isina kuvimbiswa kodhi, semuenzaniso, shandisa malware inomhanya paiyo bootloader kana kernel level. Pamusoro pezvo, pane kusazvibata kumwe mune shim layer, iyo zvakare inobvumidza iwe kuti upfuure UEFI Yakachengeteka Boot. Iro boka rekusagadzikana raive codenamed Bootthole 3, yakafanana nematambudziko akafanana akamboonekwa mubootloader.
Kugadzirisa matambudziko muGRUB2 uye shim, kugovera kuchakwanisa kushandisa iyo SBAT (UEFI Yakachengeteka Boot Advanced Targeting), iyo inotsigirwa neGRUB2, shim uye fwupd. SBAT yakagadziridzwa pamwe chete neMicrosoft uye inosanganisira kuwedzera mamwe metadata kumafaira anogona kuitiswa ezvikamu zveUEFI, izvo zvinosanganisira ruzivo nezve mugadziri, chigadzirwa, chikamu uye shanduro. Iyo metadata yakatsanangurwa inosimbiswa nedhijitari siginicha uye inogona kuverengerwa zvakasiyana muzvinyorwa zvinotenderwa kana zvinorambidzwa zvikamu zveUEFI Secure Boot.
Mazhinji eLinux anogovera anoshandisa diki shim layer yakasainwa neMicrosoft yekusimbisa booting muUEFI Chengetedza Boot mode. Iyi nhanho inosimbisa GRUB2 nechitupa chayo, iyo inobvumira vanogadzira kugovera kuti vasave nechero kernel uye GRUB update yakasimbiswa neMicrosoft. Kusagadzikana muGRUB2 kunobvumidza iwe kuti uwane kuitiswa kwekodhi yako pachinhanho mushure mekubudirira shim verification, asi usati warodha sisitimu yekushandisa, kupinda muketani yekuvimba kana Chengetedza Boot mode ichishanda uye kuwana hutongi hwakazara pamusoro peimwe bhutsu maitiro, kusanganisira. kurodha imwe OS, kugadzirisa masisitimu ekushandisa masisitimu uye nekupfuura Lockdown dziviriro.
Kugadzirisa matambudziko mubootloader, kugovera kuchafanirwa kugadzira matsva emukati edhijitari siginicha uye kugadzirisa masisitimu, bootloaders, kernel mapakeji, fwupd firmware uye shim layer. Pasati paiswa SBAT, kuvandudza rondedzero yekudzoserwa kwechitupa (dbx, UEFI Revocation List) chaive chinhu chinodiwa kuti uvhare zvachose kusagadzikana, sezvo munhu anorwisa, zvisinei nehurongwa hwekushandisa hunoshandiswa, aigona kushandisa bootable media ine yekare inotambura vhezheni yeGRUB2, inosimbiswa nedhijitari siginicha, kukanganisa UEFI Yakachengeteka Boot.
Panzvimbo yekukanzura siginicha, SBAT inokutendera kuti uvhare mashandisiro ayo ega ega chikamu vhezheni nhamba pasina kudzoreredza makiyi eSecure Boot. Kuvharisa kusasimba kuburikidza neSBAT hakudi kushandiswa kweiyo UEFI chitupa revocation list (dbx), asi inoitwa pamwero wekutsiva kiyi yemukati kugadzira masiginecha uye kugadzirisa GRUB2, shim uye zvimwe zvinhu zvebhutsu zvinopihwa nekugovera. Parizvino, rutsigiro rweSBAT rwakatowedzerwa kune anonyanya kufarirwa Linux kugovera.
Zvinozivikanwa vulnerabilities:
- CVE-2021-3696, CVE-2021-3695 ndeye murwi-based buffer inofashukira kana ichigadzira yakanyatso gadzirwa mifananidzo yePNG, iyo inogona kushandiswa kuteera kodhi yekurwisa uye kunzvenga UEFI Yakachengeteka Boot. Zvinotaridzirwa kuti dambudziko rakaoma kushandisa, sezvo kugadzira kushandiswa kwekushanda kunoda kufunga nezvenhamba yakawanda yezvinhu uye kuwanikwa kwemashoko pamusoro pekugadzirisa kwekuyeuka.
- CVE-2021-3697 - Iyo buffer underflow muJPEG mufananidzo wekugadzirisa kodhi. Kushandisa nyaya kunoda ruzivo rwemagadzirirwo endangariro uye iri padanho rakafanana rekuomarara senyaya yePNG (CVSS 7.5).
- CVE-2022-28733 - Inofashukira mu grub_net_recv_ip4_packets() basa rinobvumira iyo rsm->total_len parameter kuti ikanganiswe nekutumira yakanyatsogadzirwa IP packet. Iyo nyaya inomisikidzwa seyakanyanya njodzi yekusagadzikana kwakaunzwa (CVSS 8.1). Kana ikashandiswa zvakabudirira, kusazvibata kunobvumira data kunyorwa kupfuura muganho webuffer nekugovera nemaune saizi diki yendangariro.
- CVE-2022-28734 - Single-byte buffer kufashukira paunenge uchigadzira yakabviswa misoro yeHTTP. Nyaya inogona kukonzera GRUB2 metadata huwori (kunyora null byte ichangobva kupera kwebuffer) paunenge uchiburitsa zvakagadzirirwa HTTP zvikumbiro.
- CVE-2022-28735 Imwe nyaya mune shim_lock verifier inobvumira isiri-kernel faira kurodha. Kusagadzikana kunogona kushandiswa kurodha isina kusaina kernel module kana isina kusimbiswa kodhi muUEFI Yakachengeteka Boot mode.
- CVE-2022-28736 Iyo yakatosunungurwa ndangariro kupinda mune grub_cmd_chainloader () basa kuburikidza nekudzokororwa kweiyo chainloader command, inoshandiswa kubhutsu masisitimu anoshanda asingatsigirwe neGRUB2. Kubiridzira kunogona kukonzera kurwisa kodhi kana munhu anorwisa achikwanisa kuona kugoverwa kwekurangarira muGRUB2.
- CVE-2022-28737 - Iyo buffer inofashukira mushim layer inoitika mukubata_image () basa kana uchirodha nekuita akagadzirwa EFI mifananidzo.
Source: opennet.ru