I-AMD mayelana nokusebenza ekulungiseni uchungechunge lobuthakathaka ""(CVE-2020-12890), ekuvumela ukuthi ukwazi ukulawula i-firmware ye-UEFI futhi usebenzise ikhodi ezingeni le-SMM (Imodi Yokulawulwa Kwesistimu). Ukuhlasela kudinga ukufinyelela ngokomzimba okokusebenza noma ukufinyelela kusistimu enamalungelo omlawuli. Esimeni sokuhlasela okuphumelelayo, umhlaseli angasebenzisa isixhumi esibonakalayo (I-AMD Generic Encapsulated Software Architecture) ukuze ikhiphe ikhodi engaqondakali engakwazi ukudalulwa ohlelweni lokusebenza.
Ubungozi bukhona kukhodi efakwe ku-firmware ye-UEFI, esetshenziswe kuyo (Ring -2), enokubaluleka okuphezulu kunemodi ye-hypervisor kanye nokuvikela kwendandatho enguziro, futhi inokufinyelela okungakhawulelwe kuyo yonke inkumbulo yesistimu. Isibonelo, ngemva kokuthola ukufinyelela ku-OS ngenxa yokusebenzisa obunye ubungozi noma izindlela zobunjiniyela bomphakathi, umhlaseli angasebenzisa ubungozi be-SMM Callout ukuze adlule i-UEFI Secure Boot, ajove ikhodi enonya engabonakali yesistimu noma ama-rootkits ku-SPI Flash, futhi aqalise ukuhlasela. kuma-hypervisors ukuze kudlule izindlela zokuhlola ubuqotho bezindawo ezibonakalayo.
Ubungozi bubangelwa iphutha kukhodi ye-SMM ngenxa yokuntuleka kokuhlola ikheli lebhafa eliqondiwe lapho ubiza umsebenzi we-SmmGetVariable() kusibambi se-0xEF SMI. Lesi siphazamisi singavumela umhlaseli ukuthi abhale idatha engafanele kumemori yangaphakathi ye-SMM (i-SMRAM) futhi ayiqalise njengekhodi enamalungelo e-SMM. Ngokusho kwedatha yokuqala, inkinga ivela kwamanye ama-APU (AMD Fusion) kubathengi kanye nezinhlelo ezishumekiwe ezikhiqizwe kusuka ku-2016 kuya ku-2019. I-AMD isivele inikeze iningi labakhiqizi bebhodi lomama ngesibuyekezo se-firmware esilungisa inkinga, futhi isibuyekezo sihlelelwe ukuthunyelwa kubakhiqizi abasele ekupheleni kwenyanga.
Source: opennet.ru