Kungekudala I-Intel ityhile ubuthathaka obutsha kwiiprosesa zayo, Kwakhona kubhekiswa okwahlukileyo ukusuka kwi-MDS eyaziwayo (IMicrosoftarchitectural Data Sampling) kwaye isekwe ekusebenziseni iindlela zohlalutyo lomntu wesithathu kwidatha kulwakhiwo lobuchwephesha. Inkqubo ye- abaphandi abavela kwiYunivesithi yaseMichigan naseVrije Universiteit Amsterdam (VUSec) bafumanise amathuba okuhlaselwa.
Ngokuka-Intel, oku kuchaphazela i-desktop yangoku kunye neeprosesa ezihambayo ezinje nge-Amber Lake, iKaby Lake, iCofi Lake, kunye neWhisky Lake, kodwa kunye neCascade Lake yeeseva.
Cache Out
Owokuqala kubo unegama elithi L1D Isampulu yokugxotha okanye i-L1DES ngokufutshane okanye ikwabizwa ngokuba yiCacheOut, Ibhaliswe njenge "CVE-2020-0549" ngoyena mntu unobungozi obukhulu ukusukela ngoko ivumela ukuntywila kweebhloko zomgca wokulondolozwa okunyanzelisiweyo ukuphuma kwinqanaba lokuqala (L1D) kwindawo yokugcina izinto, ekufuneka ingabinanto kweli nqanaba.
Ukufumanisa idatha ehleli kwi-padding buffer, iindlela zohlalutyo lomntu wesithathu ebezicetywe ngaphambili kwi-MDS kunye ne-TAA (Transactional Asynchronous Abort).
Umongo wokhuseleko olukhutshwe ngaphambili lwe-MDS kunye ne-TAA kufumanise ukuba, phantsi kweemeko ezithile, idatha icocwa ngokungekho mthethweni emva kokucocwa, ngenxa yoko iindlela ze-MDS kunye neTAA zisasebenza.
Ngenxa yoko, umhlaseli unokugqiba ukuba idatha ihanjisiwe ukusuka kwindawo yokugcina inqanaba eliphezulu Ngexesha lokwenziwa kwesicelo ebesikade sithatha isiseko se-CPU yangoku okanye usetyenziso olusebenza ngaxeshanye kolunye umsonto osengqiqweni (i-hyperthread) kwisiseko esifanayo se-CPU (ukukhubaza i-HyperThreading ngokunganciphisi uhlaselo).
Ngokungafaniyo nohlaselo lwe-L1TF, i-L1DES ayivumeli ukukhetha iidilesi ezithile zomzimba ukuqinisekisa, kodwa ivumela ukujonga nje umsebenzi kwezinye izinto ezilandelelanayo ehambelana nokulayisha okanye ukugcina amaxabiso kwimemori.
Iqela le-VUSec lilungelelanise indlela yokuhlaselwa kwe-RIDL yengozi ye-L1DES kunye nokuba uhlobo lokuxhaphaza luyafumaneka, olugqitha kwindlela yokhuselo ye-MDS ecetywayo yi-Intel, ngokusekwe kusetyenziso lomyalelo we-VERW wokucoca umxholo wee-microarchitecture buffers xa zibuya kwikernel ziye kwindawo yomsebenzisi okanye xa zidlulisela ulawulo kwinkqubo yeendwendwe.
Ngaphezu koko I-ZombieLoad ihlaziye indlela yayo yokuhlasela ngobungozi be-L1DES.
Ngelixa abaphandi kwiYunivesithi yaseMichigan bephuhlise indlela yabo yokuhlasela I-CacheOut ekuvumela ukuba ukhuphe ulwazi olubuthathaka kwi-kernel yenkqubo yokusebenza, oomatshini ababonakalayo kunye ne-SGX ekhuselekileyo enclaves. Indlela ixhomekeke ekusebenziseni i-TAA ukumisela imixholo yesikhuseli sokugcwalisa emva kokuvuza kwedatha kwindawo yokugcina i-L1D.
I-VRS
Ubungozi besibini yiSampulu yeRejista yeVector (VRS) umahluko we-RIDL (Rogue In-Flight Data Load), eyi enxulumene nokugcina indawo kwindawo yokugcina izinto yeziphumo zerejista yevector funda imisebenzi eguqulweyo ngexesha lokuphunyezwa kwemiyalelo ye vector (SSE, AVX, AVX-512) kwisiseko esinye se-CPU.
Ukuvuza kwenzeka kwimeko enqabileyo kwaye kubangelwa yinto yokuba umsebenzi wentelekelelo owenziweyo, okhokelela ekubonakalisweni kwemeko yeerekhodi zevektha kwindawo yokugcina izinto, iyalibaziseka kwaye ipheliswe emva kokuba isicoci sicociwe, hayi ngaphambili. Ifana nobuthathaka be-L1DES, imixholo ye-buffer yokugcina inokugqitywa kusetyenziswa iindlela zokuhlaselwa kwe-MDS kunye ne-TAA.
Nangona kunjalo, ngokwe-Intel akunakulindeleka ukuba ixhaphaze njengoko ikwahlelwa njengobunzima bokuphumeza uhlaselo lokwenyani kwaye yabela inqanaba elincinci lomngcipheko, linamanqaku e-2.8 CVSS.
Nangona abaphandi beqela le-VUSec belungiselele uhlobo lokuxhaphaza olukuvumela ukuba uchonge amaxabiso eerejista ze vector ezifunyenwe njengesiphumo sobalo kolunye ulandelelwano olusengqiqweni lwenqobo enye ye-CPU.
I-CacheOut ibaluleke kakhulu kubaqhubi belifu, njengoko iinkqubo zokuhlaselwa zinokufunda idatha ngaphaya komatshini obonakalayo.
Gqibela I-Intel ithembisa ukukhupha uhlaziyo lwefirmware ngokumiliselwa kweendlela zokuthintela ezi ngxaki.