Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Mazuva mashoma apfuura a Muongorori wechikwata chekuchengetedza cheGoogle, akaburitswa nhau dzandinoona kusagadzikana (yatonyorwa pasi peCVE-2023-20593) pa AMD processors zvichibva paZen2 microarchitecture inogona kushandiswa kuona marejista apo mamwe maitiro ari kushanda pane imwechete CPU core.
Kusagadzikana uku kunoonekwa sekukosha, kubvira kurwiswa kunogona kuitwa kubva kumashini chaiwo uye nzvimbo dzakasarudzika. Muchidimbu, iyo nyaya yakafanana neyekare yekushandisa-mushure-yemahara kusagadzikana kunokonzerwa nekuwana ndangariro mushure mekunge yasunungurwa.
Dambudziko rinoitika ne AMD Ryzen 3000, Ryzen PRO 3000, Ryzen Threadripper 3000, Ryzen 4000 ine Radeon Graphics, Ryzen PRO 4000, Ryzen 5000 ine Radeon Graphics, Ryzen 7020 ine Radeon Graphics. uye nhevedzano ye processors EPYC 7002.
Nezvekusagadzikana, kunotaurwa nekuti muma processor, kuchengetedza zvirimo mumarejista, faira rerejista (RF, Register File) inoshandiswa, inova hurongwa hunogovaniswa mumabasa ese ari muchikamu chimwe chete. cpu. Iyo Record Allocation Table (RAT) ine basa rekubatanidza marekodhi ane chaiwo mazita kune iyo log faira zviwanikwa. Muchiitiko ichi, zero inokosha inochengetwa murejista kwete nekuchengetedza kukosha kusina chinhu mufaira rerejista, asi nekuisa mureza we-z-bit muRAT tafura.
Kusagadzikana kunokonzerwa nenyaya yekuti kana z bit yakaiswa panguva yekufungidzira kuurayiwa yemirayiridzo, hazvina kukwana kungoigadzirisa pakaitika dambudziko rebazi rakaipa, sezvo nzvimbo iri mufaira regi inogona kutorwazve kubva pakuitwa kwekufungidzira.
Mhedzisiro yakazarurwa inoitika kana rekodhi ichitumidzwa zita panguva imwe chete, murairo unoshandiswa kujoina optimization inoshandiswa, uye VZEROUPPER vector rairo inofungidzirwa kuuraya iyo. inoseta z bhiti uye inosunungura zviwanikwa kubva mufaira regi. Kana kufanotaura kwebazi kusakundikana uye kufungidzira kweVZEROUPPER kushanda kwakadzoserwa kumashure, zviri mukati mevector marejista zvinogona kushatiswa, sezvo z-bit yakakungurutswa, asi iyo yakasunungurwa pfuma inoramba isina kubviswa.
Kuburikidza nekushandiswa kweiyo VZEROUPPER rairo, zvinokwanisika kuwana inodzorwa kuvuza kwe data yakagadziriswa muYMM vector marejista anoshandiswa muAVX (Advanced Vector Extensions) uye SSE (Streaming SIMD Extensions) modes. Aya marejista anoshingairira kushandiswa mundangariro kopi uye tambo yekugadzirisa mabasa, semuenzaniso muGlibc raibhurari iyo inoshandiswa mune memcpy, strcmp uye strlen mabasa.
Kuratidza kusagadzikana, codenamed Zenbleed, prototype exploit yakagadzirwa iyo inobvumira mushandisi asina kurongeka kuti aone iyo data yakagadziriswa muAES-NI kana REP-MOVS mirairo (inowanzo shandiswa mu memcpy basa), iyo inogona kushandiswa kugadzira patsva makiyi ekunyorera uye password password, inogadziriswa mune mamwe maitiro, kusanganisira akaropafadzwa. Iyo data leakage performance yekushandiswa ingangoita 30 KB pasekondi.
Kunetseka yakagadziriswa mu microcode update level. YeLinux chigamba chakagadzirirwa kurodha yakagadziriswa microcode. Kunyangwe kana zvisingaite kugadzirisa iyo microcode, pane workaround yekuvhara kusagadzikana, izvo zvinotungamira mukudzikira kwekuita.
Kuti uite izvi, iyo control bit DE_CFG[9] inofanirwa kugadzirwa muCPU uye nekuda kweizvi, mune terminal, murairo unotevera unofanirwa kunyorwa:
Zvakakodzera kutaura kuti kudzima SMT modhi hakuvharidzire kusagadzikana uye kugadzirisa kuvharidzira kusagadzikana kwakaitwa mukati mekernel updates 6.4.6, 6.1.41, 5.15.122, 5.10.187, 5.4.250 uye 4.19.289.
For the kufarira kuronda ruzivo rwekusagadzikana mukugovera kwakasiyana, vanogona kuzviita mumapeji anotevera: Debian, Ubuntu, Gentoo, RHEL, suse, Fedora, Arch, OpenBSD, FreeBSD, NetBSD.
Chekupedzisira, kana iwe uchida kukwanisa kuziva zvakawanda nezvazvo, unogona kubvunza iwo ruzivo mu inotevera chinongedzo.