Kafaffen lahani guda 7 a cikin GRUB2 wanda har ma ya ba da damar allurar malware

Darkcrizt

4 minti

Kwanan nan An fitar da sanarwar cewa an gyara lalurar 7 a ciki bootloader GRUB2 wanda ke ba da damar ƙetare tsarin UEFI Secure Boot kuma yana ba da izinin aiwatar da lambar da ba a tantance ba, misali ta allurar malware da ke aiki a matakin bootloader ko kernel.

Har ila yau, akwai lahani a cikin shim Layer, wanda kuma ya ba da damar UEFI Secure Boot a ketare. An sanya wa rukunin raunin suna Boothole 3, kama da irin batutuwan da aka gano a baya a cikin bootloader.

Ƙididdiga na metadata an sanya hannu a cikin dijital kuma ana iya haɗa shi daban a cikin jerin abubuwan da aka yarda ko aka haramta don UEFI Secure Boot.

Yawancin rarrabawar Linux suna amfani da ƙaramin faci, wanda Microsoft ta sa hannu ta dijital, don ingantacciyar taya a cikin UEFI Secure Boot yanayin. Wannan Layer yana tabbatar da GRUB2 tare da takardar shaidar kansa, wanda ke ba masu haɓaka rarraba damar ba da tabbacin kowane kwaya da sabunta GRUB tare da Microsoft.

Rashin lahani a cikin GRUB2 yana ba da izinin aiwatar da lambar tabbatarwa nasara shim, amma kafin loda tsarin aiki, shigar da sarkar amana tare da ingantaccen yanayin taya aiki kuma sami cikakken iko akan tsarin taya na gaba wanda ya haɗa da booting wani tsarin aiki, gyaggyara abubuwan tsarin na tsarin aiki da kariya ta kullewa.

Maimakon soke sa hannun. SBAT yana ba da damar toshe amfani da shi don lambobi sigar ɓangarori ɗaya babu buƙatar soke maɓallan don Secure Boot. Kashe raunin ta hanyar SBAT baya buƙatar amfani da UEFI CRL (dbx), amma ana yin shi a matakin maɓalli na ciki don samar da sa hannu da sabunta GRUB2, shim, da sauran kayan aikin taya da aka kawo. An ƙara tallafin SBAT zuwa mafi yawan shahararrun rabawa na Linux.

da Abubuwan da aka gano su ne kamar haka:

  • CVE-2021-3696, CVE-2021-3695- Heap buffer ya cika lokacin sarrafa hotunan PNG da aka kera na musamman, waɗanda a ka'idar za a iya amfani da su don aiwatar da hukuncin kisa da ƙetare UEFI Secure Boot. An lura cewa matsalar yana da wuya a yi amfani da ita, kamar yadda ƙirƙirar aikin aiki yana buƙatar yin la'akari da adadi mai yawa da kuma samun bayanan shimfidar ƙwaƙwalwar ajiya.
  • CVE-2021-3697: buffer mai gudana a cikin lambar sarrafa hoto na JPEG. Yin amfani da matsalar yana buƙatar sanin tsarin ƙwaƙwalwar ajiya kuma yana kusan daidai matakin rikitarwa da matsalar PNG (CVSS 7.5).
  • CVE-2022-28733: Matsakaicin adadin lamba a cikin aikin grub_net_recv_ip4_packets() wanda ke ba ku damar yin tasiri ga ma'aunin rsm->total_len ta hanyar aika fakitin IP na musamman. An yiwa batun alama a matsayin mafi haɗari na raunin da aka ƙaddamar (CVSS 8.1). Idan an yi nasarar yin amfani da su, raunin yana ba da damar rubuta bayanai a waje da kan iyaka ta hanyar keɓance ƙaramin girman ƙwaƙwalwar ajiya da gangan.
  • BAKU-2022-28734: Matsakaicin byte guda ɗaya ya mamaye yayin sarrafa raba kawunan HTTP. Batun na iya haifar da metadata na GRUB2 ta lalace (rubuta ramin byte bayan ƙarshen buffer) lokacin da aka kera buƙatun HTTP na musamman.
  • BAKU-2022-28735: matsala a cikin shim_lock Checker wanda ke ba da damar loda fayilolin da ba na kernel ba. Za a iya yin amfani da rashin lafiyar don taya ƙirar kwaya mara sa hannu ko lambar da ba a tantance ba a cikin UEFI Secure Boot yanayin.
  • CVE-2022-28736: Samun damar zuwa wurin ƙwaƙwalwar ajiya da aka riga an sake shi a cikin aikin grub_cmd_chainloader () ta hanyar sake aiwatar da umarnin sarƙoƙi wanda ake amfani da shi don loda tsarin aiki wanda GRUB2 bai goyan bayan ba. Yin amfani da shi zai iya haifar da aiwatar da lambar maharin idan maharin zai iya ƙayyade cikakkun bayanai na adadin ƙwaƙwalwar ajiya a cikin GRUB2.
  • BAKU-2022-28737: Gyara madaidaicin buffer a cikin aikin handle_image() lokacin lodawa da gudanar da hotunan EFI na al'ada.

Don warware matsalar GRUB2 da shim, Rarrabawa za su iya amfani da tsarin SBAT (Usefi Secure Boot Advanced Targeting), wanda ya dace da GRUB2, shim, da fwupd. An haɓaka SBAT tare da haɗin gwiwar Microsoft kuma ya haɗa da ƙara ƙarin metadata zuwa fayilolin aiwatar da abubuwan UEFI, gami da masana'anta, samfuri, ɓangaren, da bayanin sigar.

A ƙarshe, idan kuna da sha'awar sanin ƙarin abubuwa game da shi, kuna iya tuntuɓar cikakkun bayanai A cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.