Cilmi-baarayaasha Jaamacadda Birmingham, oo hore loogu yaqaanay horumarinta weerarrada Plundervolt iyo VoltPillager, ayaa aqoonsaday baylahda (CVE-2022-43309) ee qaar ka mid ah Motherboard-yada server-yada kuwaas oo jir ahaan curyaami kara CPU iyada oo aan suurtagal ahayn soo kabashada dambe. Nuglaanta, oo magaceedu yahay PMFault, waxaa loo isticmaali karaa in lagu waxyeeleeyo server-yada uusan qofka weerarka soo qaaday uusan marin jireed u lahayn, balse uu mudnaan u leeyahay gelitaanka nidaamka qalliinka, oo la helay, tusaale ahaan, natiijada ka faa'iidaysiga nuglaanta aan la daboolin ama faragelinta aqoonsiga maamulaha.
Nuxurka habka la soo jeediyay waa in la isticmaalo interface PMBus, kaas oo adeegsada borotokoolka I2C, si loo kordhiyo korantada la keeno processor-ka ilaa qiyamka keena burburka chip-ka. Interface-ka PMBus waxaa inta badan lagu fuliyaa VRM (Voltage Regulator Module), kaas oo lagu geli karo wax-is-daba marin lagu sameeyo kontaroolaha BMC. Si aad u weerarto looxyada taageera PMBus, marka lagu daro xuquuqaha maamulaha ee nidaamka hawlgalka, waa in aad marin barnaamijeed u leedahay BMC (Xakamaynta Maaraynta Baseboardka), tusaale ahaan, iyada oo loo sii marayo interface-ka IPMI KCS (Keyboard Controller Style), iyada oo loo sii marayo Ethernet, ama iyada oo loo sii marayo biligleynaya BMC ka nidaamka hadda jira.
Arrin u oggolaanaya weerar aan aqoon u lahayn cabbirrada xaqiijinta ee BMC ayaa lagu xaqiijiyay Motherboard-yada Supermicro oo leh taageerada IPMI (X11, X12, H11 iyo H12) iyo ASRock, laakiin looxyada kale ee server-ka ee PMBus laga heli karo ayaa sidoo kale saameeya. Intii lagu guda jiray tijaabooyinka, markii korantadu kor u kacday ilaa 2.84 volts, laba processor oo Intel Xeon ah ayaa waxyeelo soo gaartay looxyadaas. Si aad u gasho BMC iyada oo aan la garanaynin xuduudaha xaqiijinta, laakiin iyada oo la heli karo xididka nidaamka qalliinka, nuglaanta habka xaqiijinta firmware-ka ayaa la isticmaalay, taas oo suurtogal ka dhigtay in la soo dejiyo casriyeynta firmware-ka wax laga beddelay kontaroolaha BMC, iyo sidoo kale suurtagalnimada galitaanka aan la hubin ee IPMI KCS.
Habka isbeddelka korantada ee loo maro PMBus sidoo kale waxaa loo isticmaali karaa in lagu fuliyo weerarka Plundervolt, kaas oo u oggolaanaya, hoos u dhigista korantada ilaa qiimaha ugu yar, si ay u dhaawacdo waxa ku jira unugyada xogta ee CPU ee loo isticmaalo xisaabinta gudaha Intel SGX ee go'doonsan oo dhalisa khaladaad Algorithms-yada ugu horreeya ee saxda ah. Tusaale ahaan, haddii aad bedesho qiimaha lagu isticmaalo isku dhufashada inta lagu jiro habka sirta, wax soo saarku wuxuu noqon doonaa qoraal aan sax ahayn. Lahaanshaha awoodda uu ugu yeero maamulaha SGX si uu u xafido xogtooda, weeraryahanku wuxuu, isagoo sababaya guuldarrooyin, ururin kara tirakoobyada ku saabsan isbeddelka qoraalka wax soo saarka oo uu soo ceshado qiimaha furaha lagu kaydiyo SGX enclave.
Qalabka lagu weerarro looxyada Supermicro iyo ASRock, iyo sidoo kale utility lagu hubinayo gelitaanka PMBus, ayaa lagu daabacay GitHub.
Source: opennet.ru