VRS uye CacheOut, zviviri zvitsva zvinokuvadza zvinokanganisa Intel

Munguva pfupi yapfuura Intel yakaratidza kushaiwa simba kutsva muma processor ayo, kamwe zvakare inoreva akasiyana kubva kune inozivikanwa MDS (Microarchitectural Data Sampling) uye zvinoenderana nekushandisa kwechitatu-bato nzira dzekuongorora kune data mune microarchitecture zvivakwa. Iyo vaongorori kubva kuYunivhesiti yeMichigan uye neVrije Universiteit Amsterdam (VUSec) vakaona mikana yekurwisa.

Sekureva kweIntel, izvi zvinokanganisa desktop yazvino uye mapurosesa enhare senge Amber Lake, Kaby Lake, Kofi Lake, uye Whisky Lake, asiwo Cascade Lake yemaseva.

CacheOut

Wokutanga wavo ane zita rekuti L1D Kudzingwa Sampling kana L1DES kwenguva pfupi kana inozivikanwa zvakare seCacheOut, registered as "CVE-2020-0549" uyu ndiye ane njodzi huru kubva ipapo inobvumira kunyura kwecache mutsara mabhuroko akamanikidzwa kunze kwekutanga level cache (L1D) mune yekuzadza buffer, iyo inofanirwa kunge isina chinhu panguva ino.

Kuti uone iyo data yakagadziriswa mukati mepadding buffer, yechitatu-bato nzira dzekuongorora dzakambofungidzirwa mune MDS uye TAA (Transactional Asynchronous Abort) kurwisa kunoshanda.

Iko kukosha kwekuchengetedzwa kwakaitwa kare kweMDS neTAA kwakaratidza kuti pasi pemamwe mamiriro ezvinhu iyo data inofungidzirwa zvakapetwa mushure mekuchenesa mashandiro, saka nzira dze MDS neTAA dzichiri kushanda.

Nekuda kweizvozvo, anorwisa anogona kuona kana iyo data yakatamiswa kubva kumusoro-chikamu cache panguva yekuitwa kwechikumbiro icho chaimbobata musimboti weiyo CPU yazvino kana mashandisiro ayo panguva imwe chete anoita mune mamwe mashinda ane musoro (hyperthread) mune imwechete CPU musimboti (kuremadza HyperThreading zvisina basa kunodzora kurwisa).

Kusiyana neiyo L1TF kurwisa, L1DES haibvumiri kusarudza chaiyo kero dzedzimba yekusimbisa, asi inobvumira kungoona zvechiitiko mune zvimwe zvinoteedzana zvine musoro inosangana nekukanda kana kuchengetedza tsika mundangariro.

Chikwata cheVUSec chakashandura nzira yekurwisa yeRIDL yeiyo kukuvara kweL1DES uye kuti prototype yekushandisa iripowo, iyo inodarikawo nzira yekudzivirira ye MDS yakarongedzwa neIntel, zvichibva pakushandiswa kwemurairidzo weVERW kujekesa zvemukati mezvigadziriso zvemagetsi pavanodzoka kubva kune kernel kuenda kune mushandisi nzvimbo kana pavanotamisa kutonga kune yevaenzi system.

Zvakare, zvakare ZombieLoad yakagadzirisa nzira yayo yekurwisa neiyo L1DES kunetseka.

Nepo vaongorori paYunivhesiti yeMichigan vakagadzira yavo yekurwisa nzira CacheOut iyo inobvumidza iwe kuti ubvise ruzivo rwakashata kubva kune kernel yeiyo inoshanda sisitimu, chaiwo michina uye SGX yakachengetedzwa enclaves. Maitiro acho anovimba nekunyepedzera neTAA kuona zviri mukati meiyo yekuzadza buffer mushure mekudonha kwedata kubva kuL1D cache.

VRS

Yechipiri kunetseka ndeyeVector Rejista Sampling (VRS) musiyano weRIDL (Rogue In-Flight Data Mutoro), iri inoenderana neiyo Chitoro Buffer inodonha yemhedzisiro ye vector rejista kuverenga mashandiro akagadziridzwa panguva yekuitwa kweiyo vector mirairo (SSE, AVX, AVX-512) pane imwechete CPU musimboti.

Kubuda kunoitika mune yakasarudzika mamiriro ezvinhu uye zvinokonzereswa nenyaya yekuti mashandiro ekufungidzira akaitwa, zvichitungamira mukuratidzwa kwenzvimbo yezvinyorwa zvevector munzvimbo yekuchengetera, inononoka uye inogumiswa mushure mekubviswa kwechigadziri, uye kwete zvisati zvaitika. Zvakafanana neiyo L1DES kunetsekana, zvirimo mune yekuchengetera buffer zvinogona kutsanangurwa uchishandisa MDS uye TAA kurwisa nzira.

Zvisinei, zvinoenderana neIntel zvisingaite kuti ishandiswe sezvo yakarongedzwa seyakaomesesa kuita kurwisa chaiko uye yakapa yakaderera nhanho, ine zvibodzwa zve2.8 CVSS.

Kunyangwe ivo vaongorori veboka reVUSec vakagadzirira chionekedzo chinobvumidza iwe kuti utarise hunhu hwemarejista e vector akawanikwa semhedzisiro yekuverenga mune kumwe kuteedzana kunonzwisisika kweiyo imwechete CPU.

CacheOut inonyanya kukosha kune vanoita gore, sezvo maitiro ekurwisa anogona kuverenga data kupfuura muchina chaiwo.

Finalmente Intel anovimbisa kuburitsa firmware yekuvandudza pamwe nekuitwa kwemaitiro ekudzivirira aya matambudziko.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

bool (chokwadi)