I-AMD imemezele ukuqedwa kobungozi obungama-22 esizukulwaneni sokuqala, sesibili nesesithathu se-AMD EPYC yochungechunge lwama-server processors, okuvumela ukusebenza kwe-PSP (Platform Security Processor), i-SMU (I-System Management Unit) kanye nobuchwepheshe be-SEV (Secure Encrypted Virtualization) ukuthi kubekwe engcupheni. . Izinkinga eziyisi-6 zikhonjwe ngo-2020, kwathi eziyi-16 ngo-2021. Phakathi nocwaningo lwangaphakathi lwezokuvikela, ubungozi obuyi-11 bakhonjwe abasebenzi be-Google, abangu-6 ngu-Oracle nabangu-5 yi-Microsoft.
Amasethi abuyekeziwe we-AGESA (AMD Generic Encapsulated Software Architecture) akhishelwe abakhiqizi bemishini ye-OEM, okuvimba ukubonakaliswa kwezinkinga ngendlela ezungezayo. Izinkampani ezifana ne-HP, i-Dell, i-Supermicro ne-Lenovo sezivele zikhiphe izibuyekezo ze-BIOS kanye ne-UEFI ye-firmware yezinhlelo zabo zeseva.
Ubungozi obu-4 buhlukaniswa buyingozi (imininingwane ayikadalulwa):
- I-CVE-2020-12954 - ikhono lokudlula izindlela zokuvikela i-SPI ROM ngokukhohlisa izilungiselelo ezithile zangaphakathi ze-chipset. Ukuba sengozini kuvumela umhlaseli ukuthi enze izinguquko ku-SPI Flash ukuze ethule ikhodi enonya noma ama-rootkits angabonakali ohlelweni.
- I-CVE-2020-12961 - ubungozi kuphrosesa ye-PSP (I-AMD Security Processor), esetshenziselwa ukusebenzisa indawo evikelekile eyodwa engafinyeleleki ku-OS eyinhloko, ivumela umhlaseli ukuthi asethe kabusha noma iyiphi irejista yephrosesa enelungelo ku-SMN (Inethiwekhi Yokulawulwa Kwesistimu) futhi adlule. Ukuvikelwa kwe-SPI ROM.
- I-CVE-2021-26331 - Iphutha kusistimu engaphansi ye-SMU (Iyunithi Yokulawulwa Kwesistimu) ehlanganiswe kusiprosesa, esetshenziselwa ukuphatha ukusetshenziswa kwamandla, i-voltage kanye nezinga lokushisa, ivumela umsebenzisi ongenalo ilungelo ukuthi afinyelele ukukhishwa kwekhodi ngamalungelo aphezulu.
- I-CVE-2021-26335 - Ukuqinisekiswa kwedatha yokufaka okungalungile kusilayishi sekhodi yephrosesa ye-PSP kwenza kube nokwenzeka ukusebenzisa amanani alawulwa umhlaseli esiteji ngaphambi kokuhlola isiginesha yedijithali futhi kuzuzwe ukusetshenziswa kwekhodi yawo ku-PSP.
Okuphawuleka ngokwehlukana ukuqedwa kokuba sengozini (CVE-2021-26334) kukhithi yamathuluzi ye-AMD ΞΌProf, ehlinzekwe kuhlanganisa iLinux neFreeBSD, futhi isetshenziselwe ukuhlaziya ukusebenza nokusetshenziswa kwamandla. Inkinga ikhona kumshayeli we-AMDPowerProfiler futhi ivumela umsebenzisi ongenamalungelo ukuze uthole ukufinyelela kuRejista yerejista ye-MSR (Model-Specific) ukuze uhlele ukwenziwa kwekhodi yakho ezingeni lendandatho enguziro yokuvikela (ring-0). Ukuba sengozini kulungiswe ku-amduprof-3.4-502 ye-Linux kanye ne-AMDuProf-3.4.494 ye-Windows.
Ngaleso sikhathi, i-Intel ishicilele imibiko yekota mayelana nokuba sengozini emikhiqizweni yayo, lapho kuvela khona izinkinga ezilandelayo:
- I-CVE-2021-0146 isengozini kuma-Intel Pentium, Celeron kanye nama-Atom processors kumasistimu eselula nawedeskithophu avumela umsebenzisi ngokufinyelela ngokomzimba okokusebenza ukuze azuze ukukhushulwa kwelungelo ngokwenza kusebenze izindlela zokususa iphutha.
- I-CVE-2021-0157, CVE-2021-0158 iwubungozi kukhodi yesithenjwa ye-BIOS ehlinzekwe ukuze kuqaliswe i-Intel Xeon (E/W/Scalable), i-Core (7/10/11gen), i-Celeron (N) ne-Pentium Silver processors. Izinkinga zibangelwa ukuqinisekiswa kokufaka okungalungile noma ukulawulwa kokugeleza okungalungile ku-firmware ye-BIOS futhi kuvumela ukukhuphuka kwelungelo lapho ukufinyelela kwendawo kutholakala.
Source: opennet.ru