Idan aka yi amfani da su, waɗannan kurakuran na iya ba wa maharan damar samun dama ga bayanai masu mahimmanci ba tare da izini ba ko kuma gabaɗaya haifar da matsala
Kungiyar Masu bincike daga jami'o'i a China da Amurka sun gano wani sabon rauni a cikin masu sarrafawa Intel yana haifar da zubar da bayanai a sakamakon ayyukan hasashe ta hanyar tashoshi na ɓangare na uku, waɗanda za a iya amfani da su, alal misali, don tsara tashar sadarwa ta ɓoye tsakanin matakai ko gano leaks yayin hare-haren Meltdown.
Mahimmancin raunin shine canji a cikin rajistar mai sarrafa EFLAGS, wanda ya faru a sakamakon hasashe na aiwatar da umarni, yana shafar lokacin aiwatar da umarnin JCC na gaba (tsalle lokacin da aka cika ƙayyadaddun yanayi).
Ba a kammala ayyukan hasashe ba kuma an watsar da sakamakon, amma ana iya ƙayyade canjin EFLAGS da aka jefar ta hanyar nazarin lokacin aiwatar da umarnin JCC. Ayyukan kwatancen tsallaka da aka yi da ƙima, idan kwatancen ya yi nasara, yana haifar da ɗan jinkiri wanda za'a iya aunawa da amfani dashi azaman fasalin daidaita abun ciki.
Harin kisa na wucin gadi wani nau'in harin ne da ke amfani da raunin fasahar inganta CPU. Sabbin hare-hare suna fitowa da sauri. Tashar gefen wani maɓalli ne na hare-haren kisa na wucin gadi don fitar da bayanai.
A cikin wannan aikin, mun gano lahani wanda ya canza rajistar EFLAGS a cikin aiwatarwa na wucin gadi wanda zai iya yin tasiri a kan umarnin Jcc (Jump Condition Code) akan Intel CPUs. Dangane da bincikenmu, muna ba da shawarar sabon harin tashoshi na gefe wanda ke amfani da lokacin aiwatarwa na wucin gadi da umarnin Jcc don isar da bayanai.
Wannan harin yana ɓoye bayanan sirri ta hanyar canza wurin yin rajista wanda ke haifar da lokacin aiwatarwa ya ɗan ɗan ɗan yi hankali kuma wanda maharin zai iya auna shi don yanke bayanai. Wannan harin bai dogara da tsarin cache ba.
Sabanin sauran hare-haren kama ta hanyar tashoshi na ɓangare na uku, sabuwar hanyar ba ta tantance canjin lokacin samun damar bayanan da aka adana ba kuma ba a ɓoye ba kuma baya buƙatar matakin sake saita rikodin EFLAGS zuwa yanayin farko, wanda ya sa ya zama da wahala a gano da toshe harin.
don demo, masu binciken sun aiwatar da bambance-bambancen harin Meltdown, ta yin amfani da wata sabuwar hanya don samun bayanai game da sakamakon wani aikin hasashe. Ayyukan hanyar don tsara ɓoyayyun bayanai yayin harin Meltdown An yi nasarar nunawa akan tsarin tare da Intel Core i7-6700 da i7-7700 CPUs a cikin yanayi tare da Ubuntu 22.04 kernel da Linux 5.15. A kan tsarin da ke da Intel i9-10980XE CPU, harin ya yi nasara kaɗan kawai.
Rashin raunin Meltdown ya dogara ne akan gaskiyar cewa yayin aiwatar da hasashe na umarni, Mai sarrafa na'ura na iya shiga wurin bayanan sirri sannan kuma ya watsar da sakamakon, tunda abubuwan da aka saita sun hana irin wannan damar daga tsarin mai amfani.
A cikin shirin, an raba shingen da aka yi hasashe daga babban lambar ta hanyar tsalle-tsalle, wanda a cikin yanayi na ainihi koyaushe ana haifar da shi, amma saboda gaskiyar cewa bayanin yanayin yana amfani da ƙimar ƙididdigewa wanda ba a san shi ba ga na'ura mai sarrafa lokacin preemptive code. . kisa, duk zaɓuɓɓukan reshe ana aiwatar da su ta zato.
A cikin classic Meltdown, tunda ana amfani da cache iri ɗaya don ayyukan da aka aiwatar da su kamar yadda ake aiwatar da umarnin da aka saba, yana yiwuwa yayin aiwatar da hasashe don saita alamomi a cikin cache waɗanda ke nuna abubuwan da ke cikin ragowa ɗaya a cikin rufaffiyar ƙwaƙwalwar ajiya, sannan a aiwatar da kullun. lambar don tantance ma'anarsa ta hanyar nazarin lokacin isa ga bayanan da ba a adana ba.
Sabon bambance-bambancen yana amfani da canji a cikin rajistar EFLAGS a matsayin alamar yabo. A cikin Covert Channel demo, wani tsari ya canza bayanan da ake aikowa don canza abubuwan da ke cikin rikodin EFLAGS, kuma wani tsari ya daidaita canjin lokacin aikin JCC don sake ƙirƙirar bayanan da tsarin farko ya aiko.
A ƙarshe, idan kuna da sha'awar sanin ƙarin abubuwa game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin mahaɗin mai zuwa.