Kwanan nan Intel ta bayyana sabbin abubuwa guda biyu masu rauni a cikin masu sarrafa ta, sake yana nufin bambance-bambancen karatu daga sanannen MDS (Samfurin Bayanan Microarchitectural) kuma sun dogara ne akan aikace-aikacen hanyoyin bincike na ɓangare na uku zuwa bayanai a cikin tsarin microarchitecture. Da masu bincike daga Jami'ar Michigan da Vrije Universiteit Amsterdam (VUSec) sun gano yuwuwar kai hari.
A cewar Intel, wannan yana shafar tebur na yau da kullun da masu sarrafa waya kamar Amber Lake, Kaby Lake, Coffee Lake, da Whiskey Lake, amma kuma Lake Cascade don sabobin.
Cache Out
Na farkonsu yana da suna L1D Samfurin Kore ko L1DES a gajarce ko kuma an san shi da CacheOut, an yi rijista da "CVE-2020-0549" wannan shine wanda yake da hadari mafi girma tunda yana bada damar nutsar da tubalin layin da aka tilasta fita daga matakin farko (L1D) a cikin tanadin cikawa, wanda yakamata ya zama fanko a wannan matakin.
Don ƙayyade bayanan da suka daidaita a cikin maɓallin ɓoye, hanyoyin nazarin ɓangare na uku da aka gabatar a baya a cikin hare-haren MDS da TAA (Transactional Asynchronous Abort) suna aiki.
Mahimmancin kariyar da aka aiwatar a baya na MDS da TAA ya zama cewa, a ƙarƙashin wasu yanayi, ana iya hasashen bayanan bayan aikin tsabtacewa, saboda haka hanyoyin MDS da TAA har yanzu suna aiki.
A sakamakon haka, mai kai hari zai iya tantance ko bayanan da aka motsa daga ɓoye-matakin-sama yayin aiwatar da aikace-aikacen da a baya suka shagaltar da ainihin CPU na yanzu ko aikace-aikacen da ke gudana a lokaci ɗaya a cikin wasu zaren mahimmin (hyperthread) a kan ainihin CPU ɗin (wanda ke kashe HyperThreading ba tare da tasiri ba yana rage harin).
Ba kamar harin L1TF ba, L1DES baya bada izinin zaɓi takamaiman adiresoshin zahiri don tabbaci, amma yana ba da damar sanya ido akan aiki a cikin wasu tsararru masu ma'ana hade da ɗorawa ko adana ƙimomin cikin ƙwaƙwalwa.
Vungiyar VUSec ta daidaita hanyar kai hari ta RIDL don raunin L1DES kuma ana iya samun samfurin amfani, wanda kuma ya keɓance hanyar kariya ta MDS da Intel ta bayar, bisa amfani da umarnin VERW don share abubuwan da ke cikin microarchitecture masu ɓoyewa lokacin da suka dawo daga kernel zuwa sararin mai amfani ko lokacin da suka canza wurin sarrafawa zuwa tsarin bako.
A daya bangaren kuma, ZombieLoad ya sabunta hanyar kai hari tare da raunin L1DES.
Yayinda masu bincike a jami'ar Michigan suka kirkiro nasu hanyar kai hari CacheOut wanda zai baka damar cire bayanai masu mahimmanci daga kwayar tsarin aiki, injunan kama-da-wane da kuma kariya ga SGX. Hanyar ta dogara ne da magudi tare da TAA don ƙayyade abubuwan cikewar ajiyar bayan bayanan da suka zubo daga maɓallin L1D.
VRS
Hali na biyu shi ne Samfurin Rajistar Vector (VRS) wani nau'in RIDL (Logue In-Flight Data Load), wanda shine mai alaƙa da ɓarkewar Buffer na Store na sakamakon rajistar vector karanta ayyukan da aka gyaru yayin aiwatar da umarnin vector (SSE, AVX, AVX-512) akan ainihin CPU din.
Zuɓi yana faruwa a cikin wani yanayi mai sauƙi kuma ya samo asali ne daga gaskiyar aikin da aka yi, wanda ya haifar da yin la'akari da yanayin bayanan abubuwan vector a cikin maɓallin ajiyar ajiya, an jinkirta kuma aka ƙare bayan da aka share abin, kuma ba a da ba. Kama da yanayin L1DES, ana iya ƙayyade abubuwan da ke cikin ajiyar ajiya ta amfani da hanyoyin kai hari na MDS da TAA.
Duk da haka, a cewar Intel bazai yuwu ayi amfani da shi ba kamar yadda aka sanya shi a matsayin mai rikitarwa don aiwatar da hare-hare na ainihi kuma ya sanya mafi ƙarancin matakin haɗari, tare da ƙimar kashi 2.8 CVSS.
Kodayake masu binciken ƙungiyar VUSec sun shirya samfurin amfani wanda zai ba ku damar ƙayyade ƙimar rajistar vector ɗin da aka samo sakamakon lissafi a cikin wani mahimmin tsari na ainihin CPU ɗin.
CacheOut ya dace musamman ga masu sarrafa girgije, saboda aiwatar da farmaki na iya karanta bayanai sama da na’urar kere kere.
Finalmente Intel tayi alƙawarin sakin ɗaukaka aikin firmware tare da aiwatar da hanyoyin toshe wadannan matsalolin.