Zombieload 2.0 nzira nyowani yekurwisa iyo inongobata ma processor eIntel

Intel-ZombieLoad

Vatsvagiri paGraz University yeTekinoroji (Ositiriya) aburitsa ruzivo nezve nzira nyowani ye kurwisa kuburikidza ZombieLoad 2.0 (CVE-2019-11135), ndeipi inobvumira kuburitswa kwemashoko akavanzika kubva kune mamwe maitiro, iyo inoshanda sisitimu, chaiwo michina uye akachengetedzeka enclaves (TEE, Inovimbika Ekuuraya Nzvimbo). Dambudziko zvinongokanganisa ma processor eIntel. Izvo zvinhu zvekuvharira dambudziko zvakarongedzwa nezuro rekugadzirisa microcode.

Dambudziko ndere kirasi ye MDS (Microarchitectural Data Sampling) uye yazvino vhezheni yeZombieLoad kurwisa, yakatangwa muna Chivabvu. ZombieLoad 2.0, pamwe nekumwe kurwiswa kweboka reMDC, zvinoenderana nekushandiswa kweyechitatu-bato nzira dzekuongorora kune data mune zvidyarwa zvekuvaka (semuenzaniso, mu Line Fill Buffer uye Chitoro buffers, mune iyo data inoshandiswa mukuita inochengetwa kwenguva pfupi kuita mutoro uye chitoro mashandiro)

Iyi misiyano mitsva neZombieload inovimba nekudonha kunoitika kana iyo TSA mashandiro aitwa Asynchronous Kubvisa (TSA) mukuwedzera kweTSX (Transactional Synchronization Extensions), iyo inopa nzira yekushanda neyekushambadzira ndangariro, iyo inobvumidza kuwedzera mashandiro emashandisirwo akaverengeka nekuda kwekuregererwa kwakasimba kwekuita zvisina basa mashandisirwo (mashandisirwo eatomiki anotsigirwa, anogona kugamuchirwa kana kukanganiswa).

Muchiitiko chekudzima, mashandiro anoitwa pamwe neyekutenderera nharaunda yekurangarira inodzorerwa kumashure. Kuchenesa kwekutengesa kunoitwa asynchronously, panguva iyoyo dzimwe tambo dzinogona kuwana cache, iyo inoshandiswawo munzvimbo yakaraswa yekutengesa nharaunda.

Kubva pakutanga kusvika pakupedzisa chaiko kwekukanganisa asynchronous transaction, uyeMamiriro ezvinhu anogona kuitika kupi processor, panguva yekufungidzira kuitiswa kwekuvhiya, unogona kuverenga data kubva mukati memukati maumbirwo ediki uye kuiendesa kune yekufungidzira yakaitwa oparesheni.

Kunetsana kwacho kuchazoonekwa uye mashandiro ekufungidzira acharaswa, asi iyo data icharamba iri mucache uye inogona kuburitswa ichishandisa nzira dzekudzorera cache kuburikidza nevechitatu-bato nzira.

Kurwiswa kunovira kusvika pakuvhura mashandisirwo eTSX uye kugadzira mamiriro ekukanganisa kwavo, panguva iyo mamiriro ekudonhedza zvemukati memabhaudhi emukati zvinofungidzira zvizere nedata kubva mundangariro kuverenga mabasa akaitwa muCPU musimboti iwo.

Iyo inodonha inongogumira kune yazvino muviri wepamoyo weiyo CPU (pane iyo kodhi yekurwisa iri kumhanya), asi sezvo microarchitecture buffers yakagovaniswa netambo dzakasiyana muHyper-Threading modhi, ndangariro mashandiro akaitwa anogona kubuda. Pane dzimwe tambo dzeCPU.

Dzimwe mhando dzeIntel dzakaburitswa dzawakaedza pairi kurwiswa kwavo ndekwechisere, chechipfumbamwe uye chegumi chizvarwa chema processor Intel Core uye Pentium, Intel Celeron 5000, Intel Xeon E, Intel Xeon W uye chizvarwa chechipiri cheanopisa Intel Xeon processor.

Kusanganisira mapurosesa matsva eIntel zvakare akavakirwa pane microarchitecture Cascade Lake yakamisikidzwa muna Kubvumbi, pakutanga zvaisatapurwa neRIDL uye Kurwisa kwekudonha.

Pamusoro peZombieload 2.0, vaongorori vakaona zvakare kuti nzira dzekudzivirira dzakambotaurwa dzinogona kutsauswa kupokana neMDS kurwisa kunoenderana nekushandiswa kweiyo VERW kuraira kudzima zvirimo mune microarchitecture buffers pavanodzoka kubva kune kernel kuenda kune mushandisi nzvimbo kana pavanotamisa kutonga kune yevaenzi system.

Mhinduro dzekuvhara kusagadzikana dzakabatanidzwa mukati iyo kodhi base yeiyo linux kernel uye inosanganisirwa mu shanduro 5.3.11, 4.19.84, 4.14.154, 4.9.201 uye 4.4.201. Uyewo kernel inogadziridza yaburitswa uye microcode yezvikamu zvikuru (Debian, SUSE / openSUSE, Ubuntu, RHEL, Fedora, FreeBSD). Dambudziko rakaonekwa muna Kubvumbi uye mhinduro yacho yakarongedzwa neIntel pamwe nevanogadzira masisitimu anoshanda.

Maitiro ari nyore ekuvharira Zombieload 2.0 ndeyekudzima TSX rutsigiro paCPU. Iyo Linux kernel mhinduro inosanganisira akati wandei ekuchengetedza sarudzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako