Tawagar masu bincike daga Jami'ar Fasaha ta Graz (Ostiraliya), wacce aka sani da farko don haɓaka hare-haren MDS, NetSpectre, Throwhammer da ZombieLoad, sun bayyana bayanai game da sabuwar hanyar kai hari ta hanyar tasha (CVE-2021-46778) akan na'urar sarrafa AMD. jerin gwano, wanda aka yi amfani da shi don tsara tsarin aiwatar da umarni a sassa daban-daban na CPU. Harin, wanda ake kira SQUIP, yana ba ku damar tantance bayanan da aka yi amfani da su a cikin ƙididdigewa a cikin wani tsari ko injin kama-da-wane ko tsara hanyar sadarwa ta ɓoye tsakanin matakai ko na'urori masu kama-da-wane, yana ba ku damar musayar bayanai ta ketare hanyoyin sarrafa hanyar shiga tsarin.
Matsalar tana shafar AMD CPUs dangane da na farko, na biyu da na uku ƙarni na Zen microarchitectures (AMD Ryzen 2000-5000, AMD Ryzen Threadripper, AMD Athlon 3000, AMD EPYC) lokacin amfani da fasahar Multi-threading lokaci guda (SMT). Na'urorin sarrafa Intel ba su da saurin kai hari saboda suna amfani da jerin gwano guda ɗaya, yayin da masu sarrafa AMD masu rauni ke amfani da layukan daban-daban ga kowane rukunin aiwatarwa. A matsayin hanyar da za a bi don toshe kwararar bayanai, AMD ta ba da shawarar cewa masu haɓakawa su yi amfani da algorithms waɗanda ake yin lissafin lissafi koyaushe a cikin lokaci akai-akai, ba tare da la’akari da yanayin bayanan da ake sarrafa su ba, sannan kuma su guji yin reshe bisa mahimman bayanai.
Harin ya dogara ne akan tantance matakin jayayya a cikin jerin gwano daban-daban kuma ana aiwatar da shi ta hanyar auna jinkiri lokacin ƙaddamar da ayyukan tabbatarwa da aka yi a cikin wani zaren SMT akan CPU na zahiri. Don nazarin abubuwan da ke ciki, an yi amfani da hanyar Prime + Probe, wanda ya haɗa da cika layi tare da daidaitattun dabi'u da gano canje-canje ta hanyar auna lokacin samun damar su yayin cika su.
A yayin gwajin, masu binciken sun sami damar sake ƙirƙirar maɓalli na 4096-bit RSA masu zaman kansu da aka yi amfani da su don ƙirƙirar sa hannu na dijital ta amfani da ɗakin karatu na sirri na mbedTLS 3.0, wanda ke amfani da algorithm na Montgomery don ɗaga adadin modulo. Ƙayyadaddun maɓalli yana buƙatar alamun 50500. Jimlar lokacin harin ya ɗauki mintuna 38. Bambance-bambancen harin da ke ba da yabo tsakanin matakai daban-daban da injunan kama-da-wane da KVM hypervisor ke sarrafawa ana nuna su. An kuma nuna cewa za a iya amfani da hanyar don tsara ɓoyayyiyar canja wurin bayanai tsakanin na'urori masu kama-da-wane a gudun 0.89 Mbit/s da tsakanin tafiyar matakai a gudun 2.70 Mbit/s tare da kuskuren kasa da 0.8%.
source: budenet.ru