Kawai Intel ya ci gaba da kasancewa makasudin matsaloli daban-daban wannan yana haifar da zubewar bayanai kuma munyi magana da yawa game dasu anan shafin Kuma a cikin wannan sabon, Intel har yanzu ba banda bane.
Kuma wannan shine ƙungiyar masu bincike daga Jami'ar Free University of Amsterdam ha gano sabon yanayin rauni (CVE-2020-0543) a cikin tsarin microarchitecture na masu sarrafa Intel, wanda sananne ne saboda gaskiyar ba ka damar dawo da sakamakon wasu umarnin gudu a kan wani CPU core.
Wannan shi ne raunin farko - na tsarin aiwatar da umarni na musamman, ba da damar kwararar bayanai tsakanin maɓuɓɓukan CPU daban (Abubuwan da aka bayar a baya an iyakance su zuwa zaren daban na kwaya.)
Masu binciken sun kira matsalar CROSSTalk, amma takardun Intel suna nufin yanayin rauni kamar SRBDS (Sample Special Register Buffer Data).
Game da MAGANA
Rashin lafiyar ya kasance na ajin matsalolin MDS, wanda aka gabatar shekara ɗaya da ta gabata, kuma ya dogara da aikace-aikacen hanyoyin bincike na ɓangare na uku zuwa bayanai a cikin tsarin microarchitecture.
Tsarin CROSSTalk yana kusa da yanayin raunin RIDL, amma ya banbanta a tushen zubewar. Sabuwar yanayin rauni yana sarrafa tsaka-tsakin tsaka-tsakin tsaka-tsakin wanda ba a daɗe ba wanda aka raba tsakanin dukkanin CPU CPU.
Maganar matsalar ita ce wasu umarnin microprocessor, gami da RDRAND, RDSEED, da SGX EGETKEY, ana aiwatar da su ta amfani da SRR (Special Register Reads) aiki na microarchitecture na ciki.
A kan masu saurin sarrafawa, bayanan da aka dawo dasu don SRR an saka su a cikin tsaka-tsakin tsaka-tsaki wanda ya zama ruwan dare ga dukkanin cibiyoyin CPU, bayan haka kuma sai a tura shi zuwa gajin yawan jama'a wanda ke da alaƙa da ainihin ainihin ainihin jikin CPU ɗin da farawa yake. Karanta aikin. Bayan haka, daga maɓallin keɓewa, ƙididdigar ƙimar don rijistar da bayyane ga aikace-aikace.
Girman tsaka-tsakin tsaka-tsakin ajiya yayi dace da layin cache, cewa ya fi girman girman bayanan da aka karanta kuma ayyukan karatu daban-daban suna shafar abubuwa daban-daban a cikin maƙallan.
Tunda an kwafe abin da aka keɓe a cikin duka abin adanawa, ba wai kawai ɓangaren da ake buƙata don aikin yanzu ba ne ya motsa, har ma da sauran bayanan daga sauran ayyukan, gami da waɗanda aka yi a kan wasu ƙwayoyin CPU.
Idan aka shirya harin cikin nasara, mai amfani na gari ingantacce akan tsarin na iya tantance sakamakon aiwatar da umarnin RDRAND, RDSEED da EGETKEY a cikin baƙon tsari ko a cikin bayanan Intel SGX, ba tare da la'akari da ainihin CPU ba lambar tana aiki.
Masu binciken wanda ya gano matsalar wallafa samfurin amfani wanda ya nuna yiwuwar kwararar bayanai akan ƙididdigar ƙirar da aka samo ta hanyar umarnin RDRAND da RDSEED don dawo da maɓallin keɓaɓɓen ECDSA da aka sarrafa a cikin Intel SGX enclave bayan aiwatar da aiki ɗaya kawai da aka sanya hannu a kan tsarin.
Wannan ya nuna cewa yawancin keɓaɓɓen tebur na Intel, wayoyin hannu da masu sarrafa uwar garke, gami da Core i3, i5, i7, i9, m3, Celeron, Atom, Xeon, Scalable Xeon, da sauransu, suna da rauni.
Abin lura ne cewa An sanar da Intel game da yanayin rashin lafiyar a watan Satumba na 2018 kuma a watan Yulin 2019 an samar da samfurin amfani wanda ya nuna kwararar bayanai tsakanin cibiyoyin CPU, amma ci gaban maganin ya sami jinkiri saboda sarkakiyar aiwatarwar.
A cikin sabuntawar ƙaramar lambar yau, an toshe matsalar ta hanyar sauya halayyar umarnin RDRAND, RDSEED, da EGETKEY don sake rubuta bayanan a cikin buffen da aka raba don hana ragowar bayanai saiti a ciki.
Bugu da ƙari, dakatar da samun damar yin amfani da buffer har sai an kammala ayyukan karatu da rubutu.
Sakamakon sakamako wannan kariya karuwa ce cikin jinkiri lokacin da aka aiwatar da RDRAND, RDSEED, da EGETKEY, da raguwar aiki yayin ƙoƙarin aiwatar da waɗannan umarnin a lokaci guda akan masu sarrafa ma'ana daban-daban. Waɗannan fasalulluka na iya shafar tasirin aikin wasu aikace-aikace.
Source: https://www.vusec.net
Ba a fahimci taken labarin ba, inda maki uku suka tafi, waƙafi ya kamata ya tafi, kuma, a, cewa "eh" yana da lafazi.