Ubuthakathaka (CVE-2023-4001) budalulwe kuma-patches e-bootloader ye-GRUB2 elungiselelwe yi-Red Hat. Ezinhlelweni eziningi ze-UEFI, ubuthakathaka buvumela ukudlula ukuhlolwa kwephasiwedi okusethwe ku-GRUB2 ukuze kukhawulelwe ukufinyelela kumenyu yokuqalisa noma umugqa womyalo we-bootloader. Ubuthakathaka bubangelwa ushintsho olungezwe yi-Red Hat kuphakheji ye-GRUB2 efakwe ku-RHEL kanye ne-Fedora. Linux. Проблема не проявляется в основном проекте GRUB2 и затрагивает только дистрибутивы, применившие дополнительные патчи Red Hat.
Inkinga ibangelwa iphutha kumqondo wokuthi i-UUID isetshenziswa kanjani isilayishi sokuqalisa ukuthola idivayisi enefayela lokumisa (isibonelo, "/boot/efi/EFI/fedora/grub.cfg") equkethe iphasiwedi. hashi. Ukuze kudlule ukuqinisekiswa, umsebenzisi onokufinyelela ngokomzimba kukhompuyutha angaxhuma idrayivu yangaphandle, njenge-USB Flash, ayibeke ku-UUID efana nesihlonzi se-boot partition/boot of the system ehlaselwe.
Izinhlelo eziningi ze-UEFI zicubungula amadrayivu angaphandle kuqala futhi ziwabeke ohlwini lwamadivayisi atholiwe ngaphambi kokushayela okumile, ngakho-ke ukuhlukaniswa kwe-boot okulungiselelwe umhlaseli kuzoba nokuhamba phambili okuphezulu kokucubungula, futhi ngokufanele, i-GRUB2 izozama ukulayisha ifayela lokumisa kusuka kulokhu kuhlukaniswa. Uma usesha ukwahlukanisa usebenzisa umyalo othi "sesha" ku-GRUB2, kunqunywa kuphela ukufana kokuqala kwe-UUID, ngemva kwalokho ukusesha kuyama. Uma ifayela lokucushwa eliyinhloko lingatholakali esabelweni esithile, i-GRUB2 izokhipha umyalo womyalo okuvumela ukuthi ube nokulawula okugcwele kuyo yonke inqubo yokuqalisa.
Insiza ye-"lsblk" ingasetshenziselwa ukunquma i-UUID yokuhlukanisa ngomsebenzisi wasendaweni ongenamalungelo, kodwa umsebenzisi wangaphandle ongakwazi ukufinyelela isistimu kodwa okwazi ukubona inqubo yokuqalisa angakwazi, kokunye ukusatshalaliswa, ukunquma i-UUID kusukela ekuxilongweni. imiyalezo ekhonjiswa ngesikhathi sokuqalisa. Ukuba sengozini kusingathwe yi-Red Hat ngokwengeza impikiswano entsha emyalweni othi "sesha" ovumela ukusebenza kweskena se-UUID ukuthi kuboshwe kuphela ekuvimbeni amadivayisi asetshenziselwa ukuqalisa umphathi (okungukuthi, ukuhlukaniswa kwe-/boot kufanele kube okufanayo kuphela. shayela njenge-EFI system partition ).
Source: opennet.ru
