Simply Intel yakaramba ichienderera kuve tarisiro yekushushikana kwakasiyana siyana izvo zvinotungamira kune data leakage uye isu tataura zvakawanda nezvazvo pano pa blog Uye mune iyi nyowani, Intel haisati yasara.
Uye ndizvo izvozvo timu yevaongorori kubva kuYunivhesiti Yemahara yeAmsterdam ha yakaratidza kusagadzikana kutsva (CVE-2020-0543) mune zvivakwa zvemuumbirwo yeIntel processors, iyo inozivikanwa nenyaya yekuti inokutendera kuti udzore zvawanikwa zveimwe mirairo mhanya pane imwe CPU musimboti.
Uku ndiko kutanga kunetseka yemuchina wekufungidzira kuitiswa kwemirairo, kubvumidza kudonhedza dhata pakati peakasiyana CPU macores (Pakutanga kuvuza kwaingogumira kune dzakasiyana tambo dzenzvimbo.)
Vatsvakurudzi vakadaidza dambudziko kuti CROSSTalk, asi maIntel docs anoreva kusagadzikana seSRBDS (Sample Special Rejista Buffer Dhata).
Nezve CROSSTalk
Iyo kushushikana ndeyekirasi yematambudziko eMDC, yakaunzwa gore rapfuura, uye kunoenderana nekushandiswa kweyechitatu-bato nzira dzekuongorora kune data mune microarchitecture zvivakwa.
Iyo CROSSTalk musimboti iri padyo neRIDL kudzvinyirirwa, asi zvakasiyana musosi yekudonha. Iko kutsva kutsva inoshandisa iyo yepakati buffer inodonhedza zvisati zvanyorwa iyo yakagovaniswa pakati peese CPU cores.
Chinokosha chechinetso ndechekuti mimwe microprocessor mirairo, inosanganisira RDRAND, RDSEED, uye SGX EGETKEY, inoitwa uchishandisa iyo SRR (Special Rejista Inoverengwa) mashandiro emukati ekugadzira michina.
Pane mapurosesa ari panjodzi, iyo data yakadzoserwa SRR inoiswa mune yepakati buffer inozivikanwa kune ese CPU cores, mushure maizvozvo inoendeswa kune yehuwandu buffer inosanganisirwa neiyo chaiyo yakasarudzika yepanyama yeCPU pane iyo yekutanga inotanga. Verenga kushanda. Zvino, kubva padding buffer, kukosha kwacho kunoteedzerwa kumaregista anoonekwa kune zvinoshandiswa.
Hukuru hweiyo yepakati yakagovaniswa bhafa inoenderana necache mutsaraque inowanzo kuve yakakura kudarika saizi yeiyo data yakaverengwa uye akasiyana kuverenga mashandiro anokanganisa akasiyana akasiyana mune iyo buffer.
Sezvo iyo yakagovaniswa buffer ichiteedzerwa kune iyo yakazara yekuzadza buffer, kwete chete chikamu chinodikanwa cheazvino oparesheni chinofambiswa, asiwo iro data rakasara kubva kumamwe mashandiro, kusanganisira ayo akaitwa pane mamwe ma CPU cores.
Kana kurwisa kwakarongeka zvinobudirira, mushandisi wemuno akasimbiswa pachirongwa inogona kuona mhedzisiro kuita iyo RDRAND, RDSEED uye EGETKEY mirairo nenzira isinganzwisisike kana mukati meiyo Intel SGX enclave, zvisinei neiyo CPU musimboti iyo kodhi iri kumhanyisa.
Vatsvakurudzi ndiani akawana dambudziko Yakaburitsa muenzaniso wekushandisa wakaratidza mukana wekuburitsa ruzivo pamhando dzakasarudzika dzakawanikwa kuburikidza neRDRAND uye RDSEED mirairo yekudzorera iyo ECDSA yakavanzika kiyi yakagadziriswa muIntel SGX enclave mushure mekuita kamwe chete kwakasaina kudhijitari kushanda pachirongwa.
Izvi zvakaratidza kuti huwandu hwakawanda hweIntel desktop, nhare uye seva processor, kusanganisira Core i3, i5, i7, i9, m3, Celeron, Atom, Xeon, Scalable Xeon, nezvimwe.
Zvinokosha kuti Intel yakaziviswa nezve kunetseka munaGunyana 2018 uye prototype yekushandisa yakapihwa muna Chikunguru 2019 iyo yakaratidza kudonha kwedata pakati peiyo CPU cores, asi kuvandudzwa kwemhinduro kwakanonoka nekuda kwekuoma kwekuitwa kwayo.
Mune yanhasi inorongwa microcode kugadzirisa, dambudziko rakavharirwa nekushandura hunhu hwemirairo RDRAND, RDSEED, uye EGETKEY kunyora dhata mune yakagovaniswa buffer kudzivirira ruzivo rwasara kubva mukugadzika mariri.
Pamusoro pezvo, kumisikidzwa kwekubatira kumisikidza kunoshanda kusvika pakuverenga nekunyora mashandiro azadziswa.
A divi mhedzisiro yekudzivirirwa uku kuwedzera kunonoka apo RDRAND, RDSEED, uye EGETKEY zvinourawa, uye kudzikiswa mukuita kana uchiedza kuita iyi mirairo panguva imwe chete pane akasiyana manyorerwo processor. Aya maficha anogona kukanganisa kushanda kwevamwe kunyorera.
mabviro: https://www.vusec.net
Musoro wenyaya haunzwisiswe, apo pane mapoinzi matatu, komma inofanira kuenda, uye, ehe, kuti "hongu" ane mucherechedzo.