Kwisakhelo se-InsydeH2O, esetyenziswa ngabavelisi abaninzi ukwenza i-UEFI firmware yezixhobo zabo (ukuphunyezwa okuqhelekileyo kwe-UEFI BIOS), ubuthathaka be-23 ichongiwe evumela ukuba ikhowudi iqhutywe kwinqanaba le-SMM (iNdlela yoLawulo lweNkqubo), ene- okuphambili okuphezulu (Ring -2) kunendlela ye-hypervisor kunye neringi ye-zero yokukhusela, kunye nokufikelela okungenamkhawulo kuyo yonke imemori. Umba uchaphazela i-UEFI firmware esetyenziswa ngabavelisi abafana neFujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel kunye neBull Atos.
Ukuxhaphazwa kobuthathaka kufuna ukufikelela kwendawo kunye namalungelo omlawuli, okwenza imiba idume njengobuthathaka benqanaba lesibini, elisetyenziswe emva kokusetyenziswa kobunye ubuthathaka kwinkqubo okanye ukusetyenziswa kweendlela zobunjineli bezentlalo. Ukufikelela kwinqanaba le-SMM likuvumela ukuba wenze ikhowudi kwinqanaba elingalawulwa yinkqubo yokusebenza, enokuthi isetyenziswe ukuguqula i-firmware kwaye ushiye ikhowudi efihliweyo ekhohlakeleyo okanye i-rootkits kwi-SPI Flash engabonwanga yinkqubo yokusebenza, kunye ukukhubaza ukuqinisekiswa kwinqanaba le-boot (UEFI Secure Boot, Intel BootGuard) kunye nokuhlaselwa kwee-hypervisors ukugqithisa iindlela zokukhangela ingqibelelo yeemeko ezingqongileyo.
Ukuxhaphazwa kobuthathaka kunokuqhutywa kwinkqubo yokusebenza kusetyenziswa abaphathi be-SMI (i-System Management Interrupt) abangaqinisekanga, kunye nakwinqanaba lokwenziwa kwangaphambili kwenkqubo yokusebenza ngexesha lezigaba zokuqala zokuqalisa okanye ukubuya kwimodi yokulala. Bonke ubuthathaka bubangelwa ziingxaki zenkumbulo kwaye bohlulwe ngokweendidi ezintathu:
- I-SMM Callout - ukuphunyezwa kwekhowudi yakho ngamalungelo e-SMM ngokuhambisa ngokutsha ukuphunyezwa kwe-SWSMI yokuphazamisa abaphathi kwikhowudi ngaphandle kwe-SMRAM;
- Urhwaphilizo lwememori oluvumela umhlaseli ukuba abhale idatha yakhe kwi-SMRAM, indawo ekhethekileyo yememori eyedwa apho ikhowudi iphunyezwa ngamalungelo e-SMM.
- Urhwaphilizo lwememori kwikhowudi esebenza kwinqanaba le-DXE (i-Driver execution Environment).
Ukubonisa imigaqo yokuququzelela ukuhlaselwa, umzekelo wokuxhaphaza ushicilelwe, ovumela, ngokuhlaselwa kwindandatho yesithathu okanye i-zero yokukhusela, ukufumana ukufikelela kwi-DXE Runtime UEFI kwaye wenze ikhowudi yakho. I-exploit ixhaphaza i-stack overflow (CVE-2021-42059) kumqhubi we-UEFI DXE. Ngethuba lohlaselo, umhlaseli unokubeka ikhowudi yakhe kumqhubi we-DXE, ohlala esebenza emva kokuba inkqubo yokusebenza iqaliswe kwakhona, okanye wenze utshintsho kwindawo ye-NVRAM ye-SPI Flash. Ngexesha lokubulawa, ikhowudi yomhlaseli inokwenza utshintsho kwiindawo zememori ezinelungelo, iguqule iinkonzo ze-EFI Runtime, kwaye ichaphazele inkqubo yokuqalisa.
umthombo: opennet.ru
