AMD e phatlalalitse ho felisoa ha bofokoli ba 22 molokong oa pele, oa bobeli le oa boraro oa li-server tsa AMD EPYC, e lumellang ts'ebetso ea PSP (Platform Security Processor), SMU (System Management Unit) le SEV (Secure Encrypted Virtualization) hore e senyehe. . Mathata a 6 a ile a fumanoa ka 2020, le a 16 ka 2021. Nakong ea lipatlisiso tsa ts'ireletso ea kahare, likotsi tse 11 li ile tsa khetholloa ke basebetsi ba Google, 6 ke Oracle le 5 ke Microsoft.
Li-firmware tse ntlafalitsoeng tsa AGESA (AMD Generic Encapsulated Software Architecture) li lokollotsoe bakeng sa baetsi ba lisebelisoa tsa OEM, ho thibela ho hlaha ha mathata ka tsela e potolohang. Likhamphani tse kang HP, Dell, Supermicro le Lenovo li se li lokolotse liapdeite tsa BIOS le UEFI bakeng sa litsamaiso tsa bona tsa seva.
Bofokoli ba 4 bo hlalosoa bo le kotsi (lintlha ha li so senoloe):
- CVE-2020-12954 - bokhoni ba ho feta mekhoa ea ts'ireletso ea SPI ROM ka ho qhekella litlhophiso tse itseng tsa ka hare tsa chipset. Ho ba kotsing ho lumella mohlaseli ho etsa liphetoho ho SPI Flash ho hlahisa khoutu e mpe kapa li-rootkits tse sa bonahaleng ho sistimi.
- CVE-2020-12961 - ts'oaetso ho processor ea PSP (AMD Security processor), e sebelisetsoang ho tsamaisa tikoloho e sirelelitsoeng e ke keng ea fihlelleha ho tsoa ho OS e kholo, e lumella mohlaseli ho hlophisa registara efe kapa efe e lehlohonolo ho SMN (System Management Network) le ho feta. Tšireletso ea SPI ROM.
- CVE-2021-26331 - Phoso ho SMU (System Management Unit) e kenyellelitsoeng ho processor, e sebelisetsoang ho laola tšebeliso ea matla, motlakase le mocheso, e lumella mosebedisi ea se nang tokelo ho finyella ts'ebetsong ea khoutu ka litokelo tse phahameng.
- CVE-2021-26335 - netefatso ea lintlha tse kenyellelitsoeng ka nepo mochining oa kh'outu bakeng sa processor ea PSP e etsa hore ho khonehe ho sebelisa litekanyetso tse laoloang ke bahlaseli sethaleng pele u hlahloba signature ea dijithale le ho fihlela ts'ebetso ea khoutu ea bona ho PSP.
Ho hlokometsoe ka thoko ke ho felisoa ha tlokotsi (CVE-2021-26334) ka har'a AMD μProf toolkit, e fanoeng ho kenyeletsoa Linux le FreeBSD, 'me e sebelisetsoa tlhahlobo ea ts'ebetso le ts'ebeliso ea matla. ho fumana phihlello ho Rejisetara ea MSR (Model-Specific) ho hlophisa ts'ebetso ea khoutu ea hau boemong ba reng ea ts'ireletso ea zero (ring-0). Kotsi e tsitsitse ho amduprof-3.4-502 bakeng sa Linux le AMDuProf-3.4.494 bakeng sa Windows.
Ho sa le joalo, Intel e phatlalalitse litlaleho tsa kotara ka bofokoli lihlahisoa tsa eona, moo mathata a latelang a hlahang:
- CVE-2021-0146 ke ts'oaetso ho li-processor tsa Intel Pentium, Celeron le Atom bakeng sa lits'ebetso tsa mehala le tsa komporo tse lumellang mosebelisi ea nang le phihlello ea 'mele ea lisebelisoa ho fihlela tokelo ea ho nyoloha ka ho kenya mekhoa ea ho lokisa liphoso.
- CVE-2021-0157, CVE-2021-0158 ke bofokoli ho khoutu ea litšupiso ea BIOS e fanoeng bakeng sa ho qala Intel Xeon (E/W/Scalable), Core (7/10/11gen), Celeron (N) le Pentium Silver processors. Litaba li bakoa ke netefatso e fosahetseng ea ho kenya kapa taolo e fosahetseng ea phallo ho firmware ea BIOS mme e lumella ho eketseha ha tokelo ha phihlello ea lehae e fumaneha.
Source: opennet.ru