Wata ƙungiyar masu bincike daga Vrije Universiteit Amsterdam ta gano wani sabon abu (CVE-2020-0543) a cikin microarchitectural Tsarin na'urori masu sarrafawa na Intel, sananne a cikin hakan yana ba ku damar dawo da sakamakon aiwatar da wasu umarnin da aka aiwatar akan wani tushen CPU. Wannan shine rauni na farko a cikin tsarin aiwatar da umarni mai ƙima wanda ke ba da damar ɗigowar bayanai tsakanin nau'ikan nau'ikan CPU guda ɗaya (a baya leaks an iyakance ga zaren daban-daban na asali ɗaya). Masu binciken sun ambaci matsalar CROSSTalk, amma Ana kiran raunin da SRBDS (Sampling Data Buffer Data Na Musamman).
Rashin lahani ya shafi shekara guda da ta gabata zuwa aji na matsalolin MDS (Microarchitectural Data Sampling) kuma yana dogara ne akan aikace-aikacen hanyoyin bincike na tashoshi na gefe zuwa bayanai a cikin tsarin microarchitectural. CROSTalk yana kusa da rauni , amma ya bambanta da tushen zub da jini.
Sabuwar rashin lahani yana sarrafa ɗigon madaidaicin madaidaicin bayanan baya wanda aka raba shi ta kowane nau'in CPU.
shine ana aiwatar da wasu umarnin microprocessor, gami da RDRAND, RDSEED da SGX EGETKEY, ta amfani da aikin microarchitectural SRR (Karanta Karatu na Musamman). A kan na'urori masu sarrafa abin da abin ya shafa, bayanan da aka dawo don SRR ana adana su a cikin madaidaicin buffer gama gari ga duk nau'ikan CPU, bayan haka an canza shi zuwa buffer cike da ke da alaƙa da takamaiman ainihin CPU na zahiri wanda aka fara aikin karantawa. Na gaba, ana kwafin ƙima daga ma'aunin cikawa cikin rajistar da ake iya gani ga aikace-aikace.
Girman madaidaicin buffer ɗin da aka raba ya yi daidai da layin cache, wanda yawanci ya fi girman girman bayanan da ake karantawa, kuma karantawa daban-daban suna shafar mabambantan diyya a cikin buffer. Tunda an kwafi buffer ɗin da aka raba gaba ɗaya zuwa madaidaicin buffer, ba kawai ɓangaren da ake buƙata don aikin na yanzu ana motsa shi ba, har ma da bayanan da suka rage daga sauran ayyukan, gami da waɗanda aka yi akan sauran abubuwan CPU.
Idan harin ya yi nasara, mai amfani na gida wanda aka tabbatar a cikin tsarin zai iya tantance sakamakon aiwatar da umarnin RDRAND, RDSEED da EGETKEY a cikin wani tsari na waje ko a cikin Intel SGX enclave, ba tare da la'akari da ainihin CPU da aka aiwatar da lambar ba.
Masu binciken da suka gano matsalar Wani samfuri wanda ke nuna ikon fitar da bayanai game da ƙimar bazuwar da aka samu ta hanyar RDRAND da RDSEED umarnin don dawo da maɓalli na sirri na ECDSA da aka sarrafa a cikin Intel SGX enclave bayan aiwatar da aikin sa hannu na dijital guda ɗaya kawai akan tsarin.
matsala kewayon tebur, wayar hannu da uwar garken Intel masu sarrafawa, gami da Core i3, i5, i7, i9, m3, Celeron (J, G da N jerin), Atom (C, E da X jerin), Xeon (E3, E5, Iyalan E7, W da D), Xeon Scalable, da sauransu. Abin lura ne cewa an sanar da Intel game da raunin a cikin Satumba 2018, kuma a cikin Yuli 2019 an ba da samfurin amfani da ke nuna ɗigon bayanai tsakanin kwas ɗin CPU, amma haɓakar gyara ya jinkirta saboda wahalar aiwatar da shi. Sabunta microcode da aka gabatar na yau yana magance matsalar ta canza halayen RDRAND, RDSEED, da EGETKEY umarnin don sake rubuta bayanai a cikin ma'ajin da aka raba don hana sauran bayanan zama a wurin. Bugu da kari, ana dakatar da samun damar buffer har sai an karanta abun ciki da sake rubutawa.
Tasirin irin wannan nau'in kariyar yana ƙara jinkiri lokacin aiwatar da RDRAND, RDSEED, da EGETKEY, da kuma rage abubuwan da ake samarwa yayin ƙoƙarin aiwatar da waɗannan umarnin lokaci guda akan na'urori masu sarrafa ma'ana daban-daban. Yin aiwatar da RDRAND, RDSEED, da EGETKEY shima yana dakatar da samun damar ƙwaƙwalwar ajiya daga wasu na'urori masu ma'ana. Waɗannan fasalulluka na iya yin mummunan tasiri ga ayyukan wasu aikace-aikacen uwar garken, don haka firmware yana samar da wata hanya (RNGDS_MITG_DIS) don musaki kariya ga umarnin RDRAND da RDSEED da aka aiwatar a wajen Intel SGX enclave.
source: budenet.ru