Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Munguva pfupi yapfuura ruzivo rwekusagadzikana rwakaburitswa (yatove yakanyorwa pasi peCVE-2021-33164) yakaonekwa muEFI firmware, chikanganiso chakaonekwa chinobvumira kuuraya kodhi paSMM (System Management Mode) nhanho, iyo ine yepamusoro yepamusoro kupfuura hypervisor modhi uye yekudzivirira mhete zero, uye inopa mukana usingagumi zvese system memory.
The vulnerability, ayo kodhi zita ndiRingHopper, ndizvo zvine chekuita nekugona kwekurwisa nguva uchishandisa DMA (Direct Memory Access) kushatisa ndangariro mune kodhi inomhanya paSMM layer.
Mamiriro emujaho anosanganisira kuwana uye kusimbiswa kweSMRAM kunogona kuwanikwa neDMA nguva yekurwiswa kunoenderana nenguva-yekushandisa (TOCTOU) mamiriro. Anorwisa anogona kushandisa kuvhota panguva kuyedza kunyora zvirimo muSMRAM nedata risingawirirane, zvichitungamira kune anorwisa kodhi inomhanya neiyo yakakwira ropafadzo inowanikwa kuCPU (kureva, Ring -2 modhi). Iyo asynchronous chimiro cheSMRAM yekuwana kuburikidza neDMA controllers inobvumira munhu anorwisa kuita kudaro asina kutenderwa kupinda uye nekunzvenga macheki anowanzo kupihwa neSMI controller API.
Intel-VT neIntel VT-d matekinoroji anopa dziviriro pakurwiswa neDMA nekushandisa Input Output Memory Management Unit (IOMMU) kugadzirisa kutyisidzira kweDMA. Kunyangwe IOMMU ichigona kudzivirira kubva kune Hardware DMA kurwiswa, SMI vatongi vari panjodzi yeRingHopper vanogona kuramba vachishungurudzwa.
Kudzvinyirirwa inogona kushandiswa kubva kune inoshanda sisitimu uchishandisa SMI madhiraivha panjodzi (System Administration Interrupt), izvo zvinoda kodzero dzemaneja kuwana. Kurwiswa inogonawo kuitwa kana paine kuwanikwa kwemuviri panguva yekutanga yebhutsu, pane imwe nhanho isati yatanga kushandiswa kwekushanda. Kuvharisa nyaya, vashandisi veLinux vanokurudzirwa kugadzirisa firmware kuburikidza neLVFS (Linux Vendor Firmware Service) vachishandisa fwupdmgr (fwupdmgr kuwana-zvigadziriso) kubva pafwupd package.
Kuda kuve nekodzero dzemutungamiri kuita kurwisa inoderedza ngozi dambudziko, asi haidziviriri kushandiswa kwayo sekusagadzikana kwechipiri chinongedzo, kuchengetedza kuvepo kwavo mushure mekushandisa humwe hurema muhurongwa kana kushandisa social media engineering nzira.
Kuwana SMM (Ring -2) inobvumira kodhi kuti iitwe pamwero usingadzorwe neiyo inoshanda sisitimu, iyo inogona kushandiswa kugadzirisa firmware uye kuisa yakaipa kodhi kana rootkits yakavanzwa muSPI Flash iyo isingaonekwe neiyo inoshanda sisitimu. . , pamwe nekudzima ongororo padanho rebhoot (UEFI Secure Boot, Intel BootGuard) uye kurwiswa kwe hypervisors kuti ipfuure nzira dzekutendeseka dzemamiriro ekunze.
Dambudziko riripo nekuda kwechimiro chemujaho muSMI controller (system manejimendi kukanganisa) inoitika pakati pekutarisa yekuwana uye kuwana SMRAM. Side chiteshi kuongororwa neDMA inogona kushandiswa kuona nguva chaiyo pakati pekutarisa mamiriro uye kushandiswa kwecheki mhinduro.
Nekuda kweizvozvo, nekuda kweiyo asynchronous hunhu hweSMRAM yekuwana kuburikidza neDMA, anorwisa anogona nguva uye kunyora pamusoro zviri mukati meSMRAM kuburikidza neDMA, achipfuura iyo SMI mutyairi API.
Intel-VT neIntel VT-d inogonesa processors inosanganisira dziviriro kubva kuDMA kurwiswa kunoenderana nekushandiswa kweIOMMU (Input Output Memory Management Unit), asi dziviriro iyi inoshanda mukuvhara hardware DMA kurwisa kunoitwa neyakagadzirirwa kurwisa michina, uye haidziviriri kurwiswa kuburikidza neSMI controllers.
Kusagadzikana kwakasimbiswa mukati firmware Intel, Dell uye Insyde Software (Nyaya inonzi inobata vagadziri 8, asi vashanu vasara havasati vaburitswa.) firmware ye AMD, Phoenix uye Toshiba haina kukanganiswa nedambudziko.
mabviro: https://kb.cert.org/