Dhawr baylah ah ayaa lagu sheegay soo-saareyaasha AMD iyo Intel

Darkcrizt

Daqiiqado 4

Dhawaan baylahda kala duwan ayaa la shaaciyay kuwaas oo saameeya processor-rada AMD iyo Intel labadaba. Kutaannada la saxay Dhanka AMD, 22 nuglaanta ayaa meesha laga saaray jiilka kowaad, labaad iyo saddexaad ee Soo-saareyaasha taxanaha AMD EPYC taas oo wax u dhimaysa hawlgalka PSP (Platform Security Processor), SMU (Cutubka Maaraynta Nidaamka) iyo SEV (Secure Encrypted Virtualization).

Intaa waxaa dheer, 6 dhibaato ayaa horay loo aqoonsaday 2020 iyo 16 ee 2021. Shaqaalaha Google waxay ogaadeen kow iyo toban dayacanood inta lagu jiro daraasadaha amniga gudaha, lix ay Oracle samaysay iyo shan Microsoft.

Wixii OEM-yada ah, AGESA (AMD Generic Encapsulated Software Architecture) xirmooyinka firmware-ka ee la cusboonaysiiyay ayaa la siidaayay, iyaga oo xannibaya muujinta dhibaatada qaab kale. Hewlett Packard Enterprise, Dell, Supermicro, iyo Lenovo waxay mar hore sii daayeen BIOS iyo UEFI cusboonaysiinta firmware nidaamyadooda server.

Inta lagu guda jiro dib u eegista amniga iyadoo lala kaashanayo Google, Microsoft iyo Oracle, dayacanka suurtagalka ah ayaa la helay oo la yareeyay AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) iyo qaybaha kale ee goobta. ee baakadaha AMD EPYC ™ AGESA ™ PI.

4 baylahda ah ayaa loo kala saaraa inay yihiin kuwo khatar ah (faahfaahinta weli lama shaacin):

  • XAFLAD-2020-12954: Awoodda lagu dhaafo hababka ilaalinta ee SPI ROM-ka iyadoo la adeegsanayo qaar ka mid ah goobaha chipset-ka ee gudaha. Nuglaanta ayaa u oggolaanaysa weeraryahan inuu wax ka beddelo SPI Flash si uu u duro kood xaasidnimo ah ama rootkits oo aan ka muuqan nidaamka.
  • CVE-2020-12961Nuglaanta ku jirta processor-ka PSP (AMD Security Processor), kaas oo loo isticmaalo in lagu socodsiiyo sanduuqa ciid la ilaaliyo ee aan laga heli karin nidaamka hawlgalka ugu weyn, waxay u oggolaanaysaa weeraryahanku inuu dib u dajiyo diiwaannada processor-ka mudnaanta leh ee SMN (Shabakadda Maareynta Nidaamka) oo uu dhaafo Ilaalinta SPI.
  • CVE-2021-26331-Cayaan ku jirta processor-ka ku dhex dhisan SMU (Cutubka Maareynta Nidaamka), oo loo isticmaalo in lagu maareeyo isticmaalka korantada, korantada, iyo heerkulka, waxay u oggolaanaysaa isticmaale aan mudnayn inuu koodkiisa ku fuliyo mudnaan sare.
  • XAFLAD-2021-26335: Ansixinta khaldan ee xogta gelinta ee koodhka xamuulka ee processor-ka PSP wuxuu kuu ogolaanayaa inaad ku dabaqdo qiyamka uu gacanta ku hayo weeraryahanku marxaladda xaqiijinta saxeexa pre-dijital oo aad ku guulaysato fulinta koodka PSP.

Dhinaca kale, baabi'inta dayacanka ayaa sidoo kale la xusay (CVE-2021-26334) ee xirmada qalabka AMD μProf, oo loo keenay Linux iyo FreeBSD, oo loo isticmaalo in lagu falanqeeyo waxqabadka iyo isticmaalka tamarta. Dhibaatadu waxay tahay ku jira darawalka AMDPowerProfiler oo u ogolaanaya isticmaalaha inuu galo MSR (Diiwaan gelinta moodada gaarka ah) si aad u abaabusho fulinta koodkaaga heerka giraanta ilaalinta eber (ring-0). Nuglaanta waxaa lagu hagaajiyay cusboonaysiinta amduprof-3.4-502 ee Linux iyo AMDuProf-3.4.494 ee Windows.

Hadda marka la eego dhibaatooyinka lagu tirtiray processor-yada Intel, kuwan waxaa la ogaaday inta lagu guda jiro daabacaadda warbixinnada nuglaanshaha saddex-biloodlaha ah ee alaabadooda, kuwaas oo ay ka mid yihiin dhinacyada soo socda:

  • XAFLAD-2021-0146: waa nuglaanta ku jirta Processor-yaasha Intel Pentium, Celeron iyo Atom ee nidaamyada desktop iyo mobilada taas oo u oggolaanaysa isticmaalayaasha gelitaanka jir ahaaneed ee kumbuyuutarka si ay u gaaraan mudnaanta mudnaanta iyaga oo dhaqaajinaya qaababka cilladaha. Qalabku wuxuu u oggolaanayaa kicinta tijaabada ama khaladka macquulka ah wakhtiga runtime-yada qaar ka mid ah soo-saareyaasha Intel.
  • CVE-2021-0157, CVE-2021-0158: Nuglaanta ku jirta koodhka tixraaca BIOS ee la keenay si loo bilaabo Intel Xeon (E/W/ Scalable), Core (7/10/11gen), Celeron (N) iyo Processor-yaasha Pentium Silver. Dhibaatooyinka waxaa keena ansaxinta galitaanka khaldan ama kontoroolka qulqulka khaldan ee firmware-ka BIOS oo u oggolaanaya mudnaanta sii kordhinta gelitaanka maxalliga ah.

Ugu dambeyntii, hadaad xiisaynayso inaad waxbadan ka ogaato Ku saabsan warbixinnada ay sii daayeen AMD iyo Intel ee ku saabsan ciribtirka dayacanka la helay, waxaad kala tashan kartaa faahfaahinta xiriiriyeyaasha soo socda.

https://www.amd.com

https://www.intel.com


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.