Ubuthathaka obu-7 obulungisiweyo kwi-GRUB2 ede yavumela i-malware ukuba itofwe

Darkcrizt

Imizuzu ye4

Mva nje iindaba zakhutshwa ukuba 7 vulnerabilities ziye zalungiswa umlayishi webhuthi GRUB2 evumela indlela ye-UEFI eKhuselekileyo yokuQalisa ukuba igqithe kwaye ivumele ukwenziwa kwekhowudi engaqinisekiswanga, umzekelo ngokutofa i-malware esebenza kumphakamo we-bootloader okanye i-kernel.

Kwakhona, kukho ubuthathaka kumaleko weshim, ekwavumela i-UEFI Secure Boot ukuba igqithe. Iqela lobuthathaka lalibizwa ngokuba yi-Boothole 3, efana nemiba efanayo echongiweyo ngaphambili kwisilayishi.

Imetadata ekhankanyiweyo isayiniwe ngokwamanani kwaye inokuqukwa ngokwahlukeneyo kuluhlu lwamacandelo avumelekileyo okanye athintelweyo kwi UEFI Secure Boot.

Uninzi lwezinikezelo zeLinux zisebenzisa umaleko wephetshi encinci, esayinwe ngokwedijithali nguMicrosoft, kuqinisekiso lwesiqalo kwimowudi yoKhuselo ye-UEFI eKhuselekileyo. Lo maleko uqinisekisa i-GRUB2 ngesatifikethi sayo, esivumela abaphuhlisi bokusasaza ukuba bangaziqinisekisi zonke iikernel kunye nohlaziyo lweGRUB ngeMicrosoft.

Ubuthathaka kwi-GRUB2 vumela ukuphunyezwa kwekhowudi yokuqinisekisa emva yimpumelelo shim, kodwa phambi kokulayisha inkqubo yokusebenza, ngenisa ikhonkco lokuthembela ngemo ekhuselekileyo yokuqalisa esebenzayo kwaye ufumane ulawulo olupheleleyo kwinkqubo elandelayo yokuqalisa iquka ukuqalela enye inkqubo yokusebenza, ukuguqula kancinane amalungu endlela yokusebenza kunye nokhuseleko lokutsixa.

Endaweni yokurhoxisa utyikityo, I-SBAT ivumela ukuthintela ukusetyenziswa kwayo kwiinombolo zecandelo ngalinye akukho sidingo sokurhoxisa izitshixo zoKhuseleko lweSiqalo. Ukuthintela ubuthathaka nge-SBAT ayifuni ukusetyenziswa kwe-UEFI CRL (dbx), kodwa yenziwa kwinqanaba langaphakathi lokutshintshwa kwesitshixo ukuvelisa iisignesha kunye nokuhlaziya i-GRUB2, i-shim, kunye nezinye izinto zokuqala ezinikezelweyo. Inkxaso ye-SBAT ngoku yongezwe kwezona ndawo zisasazwayo zeLinux.

Las Ubuthathaka obuchongiweyo bulolu hlobo lulandelayo:

  • CVE-2021-3696, CVE-2021-3695-Isithinteli semfumba siyaphuphuma xa kusetyenzwa ngokukhethekileyo imifanekiso yePNG, enokuthi ngokwethiyori isetyenziswe ukwenza ikhowudi yohlaselo lophumezo kunye nokugqitha i-UEFI Secure Boot. Kuphawulwe ukuba ingxaki kunzima ukuyisebenzisa, njengoko ukudala ukuxhaphaza okusebenzayo kufuna ukuba kuthathelwe ingqalelo inani elikhulu lezinto kunye nokufumaneka kolwazi loyilo lwememori.
  • I-CVE-2021-3697: buffer underflow kwiJPEG ikhowudi yokulungisa umfanekiso. Ukuxhaphaza ingxaki kufuna ulwazi lokucwangcisa imemori kwaye malunga nezinga elifanayo lobunzima njengengxaki ye-PNG (CVSS 7.5).
  • I-CVE-2022-28733: Inani elipheleleyo lokuphuphuma kwi grub_net_recv_ip4_packets() umsebenzi okuvumela ukuba uphembelele i rsm->total_len parameter ngokuthumela ipakethi ye-IP eyenziwe ngokukodwa. Lo mba uphawulwe njengowona unobungozi kwezo buthathaka zingenisiweyo (CVSS 8.1). Ukuba kusetyenziswe ngempumelelo, ubuthathaka buvumela idatha ukuba ibhalwe ngaphandle komda webuffer ngokwabelwa ngabom ubungakanani benkumbulo encinci.
  • I-CVE-2022-28734: Ukuphuphuma kwebhayithi yebhayithi enye xa kusetyenzwa ngokucandwa kwezihloko zeHTTP. Umba unokubangela ukuba imetadata yeGRUB2 yonakaliswe (bhala i-null byte nje emva kokuphela kwesithinteli) xa ucazulula izicelo eziyilwe ngokukodwa zeHTTP.
  • I-CVE-2022-28735: ingxaki kwi-shim_lock checker evumela ukuba iifayile ezingezo-kernel zilayishwe. Ukuba sesichengeni kungasetyenziswa ukuqala iminqongo yekernel engatyikitywanga okanye ikhowudi engangqinisiswanga kwimowudi eKhuselekileyo ye-UEFI.
  • I-CVE-2022-28736: Ukufikelela kwindawo yenkumbulo esele ikhululwe kumsebenzi we-grub_cmd_chainloader () ngokwenza kwakhona umyalelo wokulayishwa kwekhonkco osetyenziselwa ukulayisha iinkqubo zokusebenza ezingaxhaswanga yi-GRUB2. Ukuxhatshazwa kunokukhokelela ekuqhutyweni kwekhowudi yomhlaseli ukuba umhlaseli unokugqiba iinkcukacha zokwabiwa kwememori kwi-GRUB2.
  • I-CVE-2022-28737: Lungisa isithinteli sokuphuphuma kwi-handle_image () umsebenzi xa ulayisha kwaye uqhuba imifanekiso ye-EFI yesiko.

Ukulungisa ingxaki kwi-GRUB2 kunye ne-shim, Unikezelo luya kuba nakho ukusebenzisa indlela ye-SBAT (Sebenzisa i-Boot Advanced Targeting), ehambelana ne-GRUB2, shim, kunye fwupd. I-SBAT yaphuhliswa ngentsebenziswano noMicrosoft kwaye ibandakanya ukongeza imetadata kwiifayile zecandelo le-UEFI ezisebenzisekayo, kuquka umenzi, imveliso, inxalenye, kunye nolwazi loguqulelo.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.