Abaphandi kwiYunivesithi yaseGraz yeTekhnoloji (Ostriya) baveze ulwazi malunga nendlela entsha uhlaselo Zombie Umthwalo 2.0 (CVE-2019-11135), ethi ivumela ukukhutshwa kolwazi oluyimfihlo kwezinye iinkqubo, Inkqubo yokusebenza, oomatshini ababonakalayo kunye neefowuni ezikhuselekileyo (i-TEE, iNdawo yokuSebenza yokuthenjwa) Ingxaki ichaphazela kuphela iprosesa ye-Intel. Izinto zokuthintela ingxaki zacetyiswa kuhlaziyo lwayizolo lwe-microcode.
Ingxaki yeyeklasi ye-MDS (iMicrosoftarchitectural Data Sampling) kwaye yinguqulelo yeli xesha yohlaselo lweZombieLoad, olwasungulwa ngoMeyi. Zombie Umthwalo 2.0, kunye nolunye uhlaselo lodidi lwe-MDS, zisekwe ekusetyenzisweni kweendlela zohlalutyo lomntu wesithathu kwidatha kulwakhiwo lobuchwephesha (umzekelo, kwiLine Gcwalisa iBuffer kunye neeVenkile zeVenkile, apho idatha esetyenziswe kwinkqubo igcinwa okwethutyana ukwenza umthwalo kunye nokugcina imisebenzi).
Umahluko omtsha ngeZombieload ixhomekeke ekuvuzeni okwenzeka xa kusetyenziswa umatshini we-TSA I-Asynchronous Abort (iTSA) kulwandiso lwe-TSX (Ukwandiswa kokuNxibelelanisa okwenziweyo), okubonelela ngeendlela zokusebenza ngememori yokuthengiselana, evumela ukonyusa ukusebenza kwezicelo ezininzi ezifundwayo ngenxa yokukhutshelwa ngaphandle kwemisebenzi yokuvumelanisa ngokungeyomfuneko (ukuthengiselana ngeatom kuyaxhaswa, okunokwamkelwa okanye kuphazanyiswe).
Kwimeko yokuphuma, imisebenzi eyenziweyo kunye nommandla wentengiselwano yememori iphinda ibuyiselwe umva. Ukucinywa kwentengiselwano kwenziwa ngokungathandabuzekiyo, ngelo xesha eminye imisonto inokufikelela kwi-cache, ekwasetyenziselwa kwingingqi yememori elahliweyo.
Ukusukela ekuqaleni kude kube sekugqityweni kokuphazanyiswa transaction asynchronous, kunyeIimeko zinokwenzeka apho iprosesa, ngexesha lokuqikelela kokusebenza, Unokufunda idatha evela kubuchwephesha bangaphakathi bokuyila kwaye uyigqithise ekusebenzeni ngokuqikelela.
Ungquzulwano luya kuthi emva koko lubonwe kwaye umsebenzi ocingelwayo uza kulahlwa, kodwa idatha iya kuhlala kwi-cache kwaye inokukhutshwa kusetyenziswa iindlela zokubuyisela i-cache ngeendlela zomntu wesithathu.
Uhlaselo lubila ekuvuleni ukuthengiselana kwe-TSX kunye nokudala iimeko zokuphazanyiswa kwabo, Ngexesha apho iimeko zokuvuza komxholo wee-buffers zangaphakathi zigcwalise ngokungacacanga idatha evela kwimemori efundwayo yokusebenza eyenziweyo kumbindi we-CPU uqobo.
Ukuvuza kunqunyelwe kumbindi wangoku we-CPU (apho ikhowudi yomhlaseli iqhubayo), kodwa kuba i-microarchitecture buffers kwabelwana ngayo ngemisonto eyahlukeneyo kwimowudi ye-Hyper-Threading, imisebenzi yenkumbulo eyenziweyo inokuvuza kwenye intambo ye-CPU.
Ezinye iimodeli ze-Intel zikhutshiwe oye wazivavanya Uhlaselo lwabo lwesibhozo seeprosesa, sesithoba kunye neshumi Intel Core kunye nePentium, Intel Celeron 5000, Intel Xeon E, Intel Xeon W. kunye nesizukulwana sesibini seeprosesa ze-Intel Xeon ezinokutsha.
Ukubandakanya iprosesa entsha ye-Intel ikwasekwe kubuchwephesha bokwakha ICapecade Ichibi ifayilishwe ngo-Epreli, eyayingahlali ichaphazeleka kuhlaselo lwe-RIDL kunye nokuwa.
Ukongeza kwiZombieload 2.0, abaphandi bafumanise ukuba iindlela ebezicetywe ngaphambili zokukhusela zinokuthintelwa ngokuchasene nokuhlaselwa kwe-MDS ngokusekwe kusetyenziso lomyalelo we-VERW wokucima imixholo ye-microarchitecture buffers xa bebuya kwi-kernel baye kwindawo yomsebenzisi okanye xa bedlulisela ulawulo kwinkqubo yeendwendwe.
Izisombululo zokuthintela ubungozi zibandakanyiwe isiseko sekhowudi I-linux kernel kwaye zibandakanyiwe Iinguqulelo 5.3.11, 4.19.84, 4.14.154, 4.9.201 kunye no-4.4.201. Kwakhona Ukuhlaziywa kwe-kernel kukhutshiwe kunye ne-microcode kolwabiwo oluphambili (Debian, SUSE / openSUSE, Ubuntu, RHEL, Fedora, FreeBSD). Ingxaki ichongiwe ngo-Epreli kwaye isisombululo salungelelaniswa yi-Intel kunye nabaphuhlisi beenkqubo zokusebenza.
Eyona ndlela ilula yokuthintela iZombieload 2.0 kukukhubaza inkxaso ye-TSX kwi-CPU. Isisombululo se-Linux kernel siquka iindlela ezininzi zokhuseleko.