Ukulimala okuningana kudalulwe kuma-AMD nama-Intel processors

Darkcrizt

Imizuzu ye-4

Muva nje kwadalulwa ubuthakathaka obuhlukahlukene ezithinta zombili i-AMD ne-Intel processors. Kwezimbungulu ezilungisiwe Endabeni ye-AMD, ukukhubazeka okungu-22 kususiwe isizukulwane sokuqala, sesibili nesesithathu se Amaphrosesa weseva we-AMD EPYC ezifaka engcupheni ukusebenza kwe-PSP (I-Platform Security Processor), i-SMU (Uphiko Lokulawulwa Kwesistimu) kanye nobuchwepheshe be-SEV (Secure Encrypted Virtualization).

Ngaphezu kwalokho, izinkinga eziyisi-6 zase zihlonziwe kakade ngo-2020 nezingu-16 ngo-2021. Abasebenzi bakwa-Google bahlonze ubuthakathaka obuyishumi nanye phakathi nezifundo zokuphepha zangaphakathi, eziyisithupha yi-Oracle kanye ezinhlanu yi-Microsoft.

Kuma-OEM, amakhithi e-firmware e-AGESA (AMD Generic Encapsulated Software Architecture) abuyekeziwe akhululiwe, avimbela ukubonakaliswa kwenkinga ngenye indlela. I-Hewlett Packard Enterprise, i-Dell, i-Supermicro, ne-Lenovo sezivele zikhiphile izibuyekezo ze-BIOS kanye ne-UEFI firmware yezinhlelo zabo zeseva.

Ngesikhathi sokubuyekezwa kwezokuphepha ngokubambisana ne-Google, i-Microsoft kanye ne-Oracle, ubungozi obungase butholakale futhi bancishiswa ku-AMD Platform Security Processor (PSP), i-AMD System Management Unit (SMU), i-AMD Secure Encrypted Virtualization (SEV) nezinye izingxenye zeplathifomu. kumaphakheji e-AMD EPYC ™ AGESA ™ PI.

Ubuthakathaka obu-4 buhlukaniswa buyingozi (imininingwane ayikavezwa okwamanje):

  • I-CVE-2020-12954: Ikhono lokudlula izindlela zokuvikela ze-SPI ROM ngokushintsha izilungiselelo ezithile ze-chipset zangaphakathi. Ukuba sengozini kuvumela umhlaseli ukuthi aguqule i-SPI Flash ukuze ajove ikhodi enonya noma ama-rootkits angabonakali ohlelweni.
  • I-SVE-2020-12961- Ukuba sengozini kusiprosesa se-PSP (I-AMD Security Processor), esetshenziselwa ukusebenzisa ibhokisi lesihlabathi elivikelekile elingafinyeleleki kusistimu yokusebenza eyinhloko, kuvumela umhlaseli ukuthi asethe kabusha noma yimaphi amarejista okucubungula akhethekile ku-SMN (Inethiwekhi Yokulawulwa Kwesistimu) futhi adlule i-SPI Protection ROM.
  • I-CVE-2021-26331- Isiphazamisi ku-SMU yokucubungula eyakhelwe ngaphakathi (Iyunithi Yokulawulwa Kwesistimu), esetshenziselwa ukuphatha ukusetshenziswa kwamandla, i-voltage, nezinga lokushisa, ivumela umsebenzisi ongenaphutha ukuthi enze ikhodi yakhe isetshenziswe ngezimvume eziphakeme.
  • I-CVE-2021-26335: Ukuqinisekiswa okungalungile kwedatha yokufaka kusilayishi sekhodi yephrosesa ye-PSP kukuvumela ukuthi usebenzise amanani alawulwa umhlaseli esigabeni sangaphambilini ekuqinisekiseni isiginesha yedijithali futhi uzuze ukusetshenziswa kwekhodi yakho ku-PSP.

Ngakolunye uhlangothi, ukuqedwa kokuba sengozini kuyashiwo (CVE-2021-26334) kukhithi yamathuluzi I-AMD μProf, ehlinzekelwe i-Linux ne-FreeBSD, futhi isetshenziselwe ukuhlaziya ukusebenza nokusetshenziswa kwamandla. Inkinga iwukuthi ekhona kumshayeli we-AMDPowerProfiler futhi ivumela umsebenzisi ukuthi athole ukufinyelela ku-MSR (Ukubhaliswa kwemodeli ethile) ukuze uhlele ukusetshenziswa kwekhodi yakho ezingeni lendandatho enguziro yokuvikela (ring-0). Ukuba sengozini kulungisiwe kusibuyekezo amduprof-3.4-502 se-Linux kanye ne-AMDuProf-3.4.494 ye-Windows.

Manje esimweni sezinkinga ezaqedwa kuma-Intel processors, lezi zenziwa zaziwa ngesikhathi sokushicilelwa kwemibiko yekota yokuba sengozini emikhiqizweni yabo, phakathi kwazo izici ezilandelayo ezigqamayo:

  • I-CVE-2021-0146: kuba sengozini kuma-Intel Pentium, Celeron kanye ne-Atom processors yedeskithophu kanye nezinhlelo zeselula ezivumela umsebenzisi onokufinyelela ngokomzimba kukhompuyutha ukuze azuze ukukhushulwa kwelungelo ngokuvula izindlela zokususa iphutha. Izingxenyekazi zekhompuyutha zivumela ukuqaliswa kokuhlola noma ukulungisa iphutha ngesikhathi sokusebenza kwamanye amaphrosesa e-Intel.
  • I-CVE-2021-0157, CVE-2021-0158: ubungozi bekhodi yereferensi ye-BIOS enikezwe ukuqalisa i-Intel Xeon (E / W / Scalable), i-Core (7/10 / 11gen), i-Celeron (N) ne-Pentium Silver processors. Izinkinga zibangelwa ukuqinisekiswa kokufaka okungalungile noma ukulawulwa kokugeleza okungalungile ku-firmware ye-BIOS futhi kuvumela ukukhuphuka kwelungelo ngokufinyelela kwendawo.

Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho Mayelana nemibiko ekhishwe yi-AMD ne-Intel mayelana nokuqedwa kobungozi obutholakele, ungabheka imininingwane kulezi zixhumanisi ezilandelayo.

https://www.amd.com

https://www.intel.com


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.