Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Munguva ichangopfuura nhau dzakaziviswa kuti boka revatsvakurudzi yakagadzira nzira itsva yekurwisa nzira inonzi SLAM (Specter Linear Kero Masking), iyo inoshandisa Specter-kirasi microarchitectural vulnerabilities, kwainogona kupfuura kudzivirira kwehardware uye kufumura kernel memory password hashes.
SLAM imhando yekurwisa kwakavakirwa pane zvenguva pfupi kuuraya iyoshandisa maitiro endangariro iyo inobvumira software kushandisa isina kushandurwa data bits mu64-bit linear kero kuchengetedza kernel metadata. Nezvo, munhu anorwisa anogona kushandura mirairo mukodhi software yekukonzeresa kuurayiwa nenzira inoburitsa data rakadzama, kusanganisira ruzivo kubva kune akasiyana zvirongwa uye kunyangwe sisitimu yekushandisa.
Kutyisidzira kunowedzera chiteshi chitsva chakavanda chakavakirwa pashanduro isiri-canonical kero iyo inofambisa kushandiswa kunoshanda kwegeneric Specter zvishandiso kuburitsa ruzivo rwakakosha.
Nepo LAM iri izwi rinoshandiswa neIntel kurudzi urwu rwekurwisa, zvinoreva mutsara kero masking. Arm yakaidaidza kuti Top Byte Ignore (TBI) uye AMD inoidaidza kuti Upper Kero Ignore (UAI), asi ese ari matatu anoita basa rimwe chete zvakasiyana.
Nezve izvo maCPU akabatwa, vaongorori vanotaura zvinotevera:
- Aripo AMD CPUs ari panjodzi yeCVE-2020-12965.
- Ramangwana Intel CPUs inotsigira LAM (4 uye 5 level paging).
- Ramangwana AMD CPUs inotsigira UAI uye 5-level paging.
- Ramangwana Arm CPUs inotsigira TBI uye 5-level paging.
Nekufananidza nekushandiswa kweSpecter vulnerabilities, Kurwiswa kweSLAM kunoda kuvepo kwemamwe kutevedzana kwemirairo (gadget) uyen musimboti unotungamira mukuita zvekufungidzira kwemirairo. Iyi mirairo inoguma nekufungidzira kuverenga data kubva mundangariro zvichienderana nemamiriro ekunze ayo anorwisa anogona kupesvedzera.
Kamwe kufanotaura kusina kururama kwakatemwa, mhedzisiro yekufungidzira kuurayiwa inoraswa, asi data yakagadziridzwa inoramba iri mu cache uye inogona kudzoserwa gare gare uchishandisa side chiteshi kuongororwa. Kubvisa iyo data yakachengetwa mu cache, vaongorori Ivo vanoshandisa iyo Evict + Reload nzira, iyo yakavakirwa pakugadzira mamiriro ekufambisa data kubva kune cache (semuenzaniso, kugadzira chiitiko chinozadza cache neyakajairwa zvirimo) uye kuita mashandiro ane nguva yekuuraya inobvumira kutonga kuvepo kwedata mu processor cache.
Kuita kurwisa kweSLAM, kodhi-yakavakirwa michina inoshandiswa umo data rinodzorwa neanorwisa rinoshandiswa seinongedza. Izvo zvinofanirwa kucherechedzwa kuti aya mapatani ekodhi anowanzo shandiswa muzvirongwa, semuenzaniso, makumi ezviuru zvezvishandiso izvi zvakaonekwa muLinux kernel, ayo angangoita mazana akati wandei akakodzera kushandiswa mukuita.
Kubuda kwemvura kunogona kudzivirirwa nekuwedzera mamwe mirairo kumidziyo yakadaro izvo zvinovharira kufungidzira kuurayiwa. Intel inotarisira kupa software anti-leak nzira isati yatumira LAM-inogonesa processors. AMD yakakurudzira kushandisa nzira dziripo kuvharira Specter v2 kurwiswa. Kuchengetedza kubva pakurwiswa, vanogadzira Linux kernel vakafunga kudzima rutsigiro rweLAM nekukasira kudzamara Intel yaburitsa kurudziro yekuvhara njodzi.
Pakupedzisira, zvakakodzera kutaura kuti vatsvakurudzi vakabudisa kushandiswa kwenzira uye ivo vakapa ratidziro yekuti data inoenderana neyakapihwa mask inogona kubviswa sei kubva mukernel memory. Pari zvino, Uku kushandisa ndeye CPU yakazvimirira, asi yakaratidza kushanda chete paLinux, iyo yakatogadzira chigamba chekudzima LAM nekukasira kusvika mimwe mirairo iripo.
Chekupedzisira, kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza iwo maficha mu inotevera chinongedzo.