Yakagadziriswa 7 kusasimba muGRUB2 iyo yakatobvumira malware kubaiwa

Darkcrizt

4 maminitsi

Munguva pfupi yapfuura nhau dzakaburitswa kuti 7 vulnerabilities yakagadziriswa mukati iyo boot loader GRUB2 iyo inobvumira iyo UEFI Yakachengeteka Boot nzira kuti ipfuure uye kubvumira isina kusimbiswa kodhi kuuraya, semuenzaniso nekubaya jekiseni malware inoshanda paiyo bootloader kana kernel level.

Uyewo, pane kusagadzikana mune shim layer, iyo inobvumirawo UEFI Yakachengeteka Boot kuti ipfuure. Iro boka rekusagadzikana raive codenamed Bootthole 3, yakafanana nenyaya dzakafanana dzakamboonekwa mubootloader.

Iyo metadata yakatsanangurwa yakasainwa nedigital uye inogona kuverengerwa zvakasiyana mumazita ezvinotenderwa kana zvinorambidzwa zvikamu zveUEFI Secure Boot.

Mazhinji ekugoverwa kweLinux anoshandisa diki chigamba layer, chakasainwa neMicrosoft, kune yakasimbiswa bhutsu muUEFI Yakachengeteka Boot mode. Iyi nhanho inosimbisa GRUB2 nechitupa chayo, iyo inobvumira vanogadzira kugovera kuti vasabvumidze kernel yega yega uye GRUB update neMicrosoft.

Kusagadzikana muGRUB2 inobvumira kuitisa-yekusimbisa kodhi kodhi yakabudirira shim, asi usati warodha sisitimu yekushandisa, pinda mucheni yekuvimba neyakachengeteka bhutsu modhi inoshanda uye uwane hutongi hwakazara pamusoro peinozotevera bhutsu process inosanganisira kubhowa imwe sisitimu yekushandisa, kugadzirisa masisitimu eiyo sisitimu yekushandisa uye bypass lock yekudzivirira.

Pane kukanzura signature, SBAT inobvumira kuvharira kushandiswa kwayo kune yega chikamu chikamu shanduro nhamba hapana chikonzero chekudzosa makiyi eSecure Boot. Kuvharisa kusasimba kuburikidza neSBAT ​​hakudi kushandiswa kweUEFI CRL (dbx), asi kunoitwa mukati mekiyi yekutsiva nhanho kuti ibudise masiginecha uye kugadzirisa GRUB2, shim, uye kumwe kugovera-inopihwa bhutsu zvigadzirwa. Tsigiro yeSBAT ​​ikozvino yawedzerwa kune yakakurumbira Linux kugovera.

ari vulnebility dzakaonekwa ndedzinotevera:

  • CVE-2021-3696, CVE-2021-3695-Murwi webuffer unofashukira kana uchigadzira yakanyatso gadzirwa mifananidzo yePNG, iyo inogona kushandiswa nekuita nhanho yekurwisa kodhi kuuraya uye kunzvenga UEFI Yakachengeteka Boot. Zvinocherechedzwa kuti dambudziko rakaoma kushandisa, sekugadzira kushandiswa kwekushanda kunoda kufunga nezvenhamba huru yezvinhu uye kuwanikwa kweruzivo rwekurangarira marongero.
  • CVE-2021-3697: buffer underflow muJPEG image processing code. Kushandisa dambudziko kunoda ruzivo rwekuyeuka marongerwo uye inenge yakaenzana nhanho yekuoma sedambudziko rePNG (CVSS 7.5).
  • CVE-2022-28733: Integer inofashukira mugrub_net_recv_ip4_packets() basa rinokutendera kuti uchinje rsm->total_len parameter nekutumira yakanyatsogadzirwa IP packet. Iyo nyaya inomisikidzwa seiyo ine ngozi zvakanyanya pane yakaunzwa kusasimba (CVSS 8.1). Kana ikashandiswa zvakabudirira, kusazvibata kunobvumira data kunyorwa kunze kwebhafa muganhu nekugovera nemaune saizi diki yendangariro.
  • CVE-2022-28734: Single byte buffer kufashukira paunenge uchigadzira kupatsanura misoro yeHTTP. Iyo nyaya inogona kuita kuti GRUB2 metadata ishatiswe (nyora null byte ichangopera buffer) paunenge uchidhinda zvakagadzirirwa HTTP zvikumbiro.
  • CVE-2022-28735: dambudziko mune shim_lock cheki inobvumira asiri-kernel mafaera kuti atakurwe. Kusagadzikana kunogona kushandiswa kubhutsu isina kusaina kernel module kana kodhi isina kusimbiswa muUEFI Chengetedza Boot mode.
  • CVE-2022-28736: Kusvika kune imwe nzvimbo yendangariro yakatosunungurwa mugrub_cmd_chainloader () basa nekuita zvakare chainloader rairo rinoshandiswa kurodha masisitimu anoshanda asina kutsigirwa neGRUB2. Iko kubiridzira kunogona kutungamira mukuitwa kweanorwisa kodhi kana munhu anorwisa achigona kuona iwo mameno ekugoverwa kwekurangarira muGRUB2.
  • CVE-2022-28737: Gadzirisa bhafa yekufashukira mu handle_image () basa paunenge uchirodha uye uchimhanyisa tsika EFI mifananidzo.

Kunetsa GRUB2 uye shim, kugovera kuchakwanisa kushandisa iyo SBAT michina (Shandisai Chengetedza Bhutsu Yepamberi Targeting), inoenderana neGRUB2, shim, uye fwupd. SBAT yakagadziridzwa mukubatana neMicrosoft uye inosanganisira kuwedzera mamwe metadata kuUEFI chikamu chinoteyerwa mafaera, anosanganisira mugadziri, chigadzirwa, chikamu, uye shanduro ruzivo.

Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako