Tavis Ormandy, wani mai bincike kan tsaro a Google, ya gano wani sabon rauni (CVE-2023-23583) a cikin na'urorin sarrafa Intel, mai suna Reptar, wanda galibi yana haifar da barazana ga tsarin girgije da ke tafiyar da injunan kama-da-wane na masu amfani daban-daban. Rashin lahani yana ba da damar tsarin don rataye ko faɗuwa lokacin da aka yi wasu ayyuka akan tsarin baƙi marasa gata. Don gwada tsarin ku, an buga abin amfani wanda ke haifar da yanayi don bayyanar rashin lahani.
A ka'ida, ana iya amfani da raunin don haɓaka gata daga na uku zuwa zoben kariya na sifili (CPL0) da kuma kuɓuta daga keɓance mahalli, amma har yanzu ba a tabbatar da wannan yanayin a aikace ba saboda matsalolin debugging a matakin microarchitectural. Wani bita na cikin gida a Intel ya kuma nuna yuwuwar yin amfani da rauni don haɓaka gata a ƙarƙashin wasu yanayi.
A cewar mai binciken, raunin yana cikin Intel Ice Lake, Lake Rocket, Lake Tiger, Raptor Lake, Alder Lake da Sapphire Rapids processor iyalan. Rahoton Intel ya ambaci cewa matsalar ta bayyana tun daga ƙarni na 10 (Ice Lake) na masu sarrafa Intel Core da ƙarni na uku na Xeon Scalable processor, da kuma a cikin na'urori na Xeon E/D/W (Ice Lake, Skylake, Haswell, Broadwell). , Skylake, Sapphire Rapids, Emerald Rapids, Cascade Lake, Cooper Lake, Comet Lake, Rocket Lake) da kuma Atom (Apollo Lake, Jasper Lake, Arizona Beach, Alder Lake, Parker Ridge, Snow Ridge, Elkhart Lake da Denverton). An daidaita raunin da ake tambaya a cikin sabuntawar microcode na jiya 20231114.
Rashin lahani yana faruwa ne saboda gaskiyar cewa a ƙarƙashin wasu yanayi na microarchitectural, aiwatar da umarnin "REP MOVSB" yana kunshe da prefix "REX", wanda ke haifar da halin da ba a bayyana ba. An gano matsalar a lokacin gwaji na prefixes masu yawa, wanda a ka'idar ya kamata a yi watsi da su, amma a aikace ya haifar da sakamako mai ban mamaki, kamar watsi da rassa marasa ka'ida da karya ajiyar ma'ana a cikin xsave da umarnin kira. Ƙarin bincike ya nuna cewa ƙara ƙarin kari ga umarnin "REP MOVSB" yana haifar da lalata abubuwan da ke cikin buffer ROB (ReOrder Buffer) da ake amfani da su don yin odar umarni.
An yi imani da cewa kuskuren ya faru ne ta hanyar lissafin da ba daidai ba na girman umarnin "MOVSB", wanda ke haifar da cin zarafi na adireshin umarnin da aka rubuta zuwa buffer ROB bayan MOVSB tare da prefix wuce kima, da kuma biya diyya. na ma'anar koyarwa. Irin wannan ɓata aiki na iya iyakancewa ga rushewar lissafin matsakaici tare da maido da yanayin haɗin kai na gaba. Amma idan kun yi karo da muryoyi masu yawa ko zaren SMT a lokaci guda, za ku iya lalata yanayin microarchitectural wanda ya isa ya fadi.
source: budenet.ru