AMD malunga nokusebenza ukulungisa uthotho lobuthathaka ""(CVE-2020-12890), ekuvumela ukuba ufumane ulawulo lwe-firmware ye-UEFI kwaye wenze ikhowudi kwinqanaba le-SMM (iNdlela yoLawulo lweSistim). Ukuhlaselwa kufuna ukufikelela ngokomzimba kwisixhobo okanye ukufikelela kwinkqubo enamalungelo omlawuli. Kwimeko yokuhlaselwa okuyimpumelelo, umhlaseli unokusebenzisa i-interface (I-AMD Generic Encapsulated Software Architecture) ukwenza ikhowudi engafanelekanga engenako ukutyhilwa kwinkqubo yokusebenza.
Ubuthathaka bukhona kwikhowudi ebandakanyiweyo kwi-firmware ye-UEFI, eyenziwe kuyo (Ring -2), enokubaluleka okuphezulu kunemowudi ye-hypervisor kunye ne-ringi yokukhusela i-zero, kwaye inokufikelela okungathintelwanga kuyo yonke imemori yenkqubo. Ngokomzekelo, emva kokufumana ukufikelela kwi-OS ngenxa yokuxhaphaza obunye ubuthathaka okanye iindlela zobunjineli bezentlalo, umhlaseli unokusebenzisa ubuthathaka be-SMM Callout ukudlula i-UEFI eKhuselekileyo ye-UEFI, ifake ikhowudi engabonakaliyo engabonakaliyo okanye i-rootkits kwi-SPI Flash, kwaye iqalise ukuhlaselwa. kwiihypervisors ukudlula iindlela zokukhangela imfezeko yendalo esingqongileyo.
Ubuthathaka bubangelwa yimpazamo kwikhowudi yeSMM ngenxa yokunqongophala kokujonga idilesi yesithinteli ekujoliswe kuso xa ufowunela i SmmGetVariable() umsebenzi kwi 0xEF SMI isiphatho. Le bug inokuvumela umhlaseli ukuba abhale idatha engenasizathu kwimemori yangaphakathi yeSMM (SMRAM) kwaye ayiqhube njengekhowudi ngamalungelo eSMM. Ngokutsho kwedatha yokuqala, ingxaki ibonakala kwezinye ii-APU (i-AMD Fusion) kubathengi kunye neenkqubo ezifakwe kwi-2016 ukuya kwi-2019. I-AMD sele ibonelele uninzi lwabavelisi be-motherboard ngohlaziyo lwe-firmware olulungisa ingxaki, kwaye uhlaziyo lucetywa ukuba luthunyelwe kubavelisi abaseleyo ekupheleni kwenyanga.
umthombo: opennet.ru