Cov kws tshawb fawb los ntawm Worcester Polytechnic Institute (USA) tau qhia ib hom tshiab ntawm Mayhem nres uas siv Rowhammer dynamic random access memory me ntsis distortion cov txheej txheem los hloov cov txiaj ntsig ntawm pawg sib txawv siv cov chij hauv qhov kev pab cuam los txiav txim seb puas muaj kev lees paub thiab kev kuaj xyuas kev nyab xeeb muaj. dhau. Cov piv txwv ntawm qhov kev tawm tsam tau pom los ntawm kev hla kev lees paub hauv SUDO, OpenSSH thiab MySQL, nrog rau kev hloov pauv cov txiaj ntsig ntawm kev txheeb xyuas kev ruaj ntseg hauv OpenSSL lub tsev qiv ntawv.
Kev tawm tsam tuaj yeem siv rau cov ntawv thov uas siv cov tshev los sib piv cov txiaj ntsig uas txawv ntawm xoom. Piv txwv ntawm qhov tsis zoo code: int auth = 0; ... // pov thawj code uas hloov tus nqi auth nyob rau hauv cov ntaub ntawv ntawm kev ua tiav authentication yog (auth != 0) rov AUTH_SUCCESS; lwm tus rov AUTH_FAILURE;
Nyob rau hauv cov ntsiab lus ntawm qhov piv txwv no, rau ib tug ua tau zoo nres nws yog txaus rau corrupt ib me ntsis nyob rau hauv lub cim xeeb cuam tshuam nrog 32-ntsis auth variable ntawm pawg. Yog hais tias ib qho me ntsis hauv qhov sib txawv yog corrupted, tus nqi yuav tsis yog xoom thiab tus neeg teb xov tooj yuav txiav txim siab qhov ua tiav ntawm authentication. Cov qauv kev lees paub zoo li no muaj ntau heev hauv cov ntawv thov thiab pom, piv txwv li, hauv SUDO, OpenSSH, MySQL thiab OpenSSL.
Qhov kev tawm tsam kuj tuaj yeem siv rau kev sib piv ntawm daim ntawv "yog (auth == 1)", tab sis qhov no nws qhov kev siv yuav nyuaj dua, vim nws yuav tsum tsis txhob cuam tshuam tsis yog ib qho me ntsis ntawm 32, tab sis qhov kawg me ntsis. Cov txheej txheem kuj tseem tuaj yeem siv los cuam tshuam cov txiaj ntsig ntawm qhov hloov pauv hauv cov ntawv sau npe, vim tias cov ntsiab lus ntawm cov ntawv sau npe tuaj yeem hloov pauv mus rau ib ntus thaum lub ntsiab lus hloov pauv, kev ua haujlwm hu, lossis teeb liab tuav hluav taws. Thaum lub sij hawm lub sij hawm thaum lub sij hawm sau npe qhov tseem ceeb nyob rau hauv lub cim xeeb, distortions yuav tsum tau nkag mus rau hauv lub cim xeeb no thiab tus nqi pauv yuav rov qab mus rau lub register.
Txhawm rau distort cov khoom, ib qho kev hloov kho ntawm RowHammer chav nres tsheb yog siv. Txij li thaum DRAM nco yog ib qho ntawm ob sab ntawm cov hlwb, txhua tus muaj lub capacitor thiab transistor, ua qhov kev nyeem tas li ntawm tib lub cim xeeb cheeb tsam ua rau muaj qhov hloov pauv thiab qhov tsis sib xws uas ua rau poob qis me me hauv cov hlwb nyob sib ze. Yog tias qhov kev nyeem ntawv siv siab heev, ces cov xov tooj ntawm tes uas nyob sib ze yuav poob tus nqi txaus txaus thiab lub voj voog rov ua dua tshiab yuav tsis muaj sijhawm los rov qab los ntawm nws lub xeev qub, uas yuav ua rau muaj kev hloov pauv ntawm tus nqi ntawm cov ntaub ntawv khaws cia hauv cell. . Txhawm rau tiv thaiv RowHammer, cov tuam txhab nti tau ntxiv TRR (Target Row Refresh) cov txheej txheem, uas thaiv cov xov tooj ntawm tes tsis zoo hauv cov xwm txheej tshwj xeeb, tab sis tsis tiv thaiv txhua qhov kev tawm tsam tuaj yeem hloov pauv.
Txhawm rau tiv thaiv kev tawm tsam Mayhem, nws raug nquahu kom siv hauv kev sib piv tsis yog kev ntsuam xyuas ntawm qhov sib txawv ntawm xoom lossis ib qho kev sib txuam nrog ib qho, tab sis ib qho kev sib tw uas siv cov noob qoob loo uas tsis yog xoom octets. Hauv qhov no, txhawm rau teeb tsa tus nqi xav tau ntawm qhov sib txawv, nws yog qhov yuav tsum tau ua kom raug distort ib qho tseem ceeb ntawm cov khoom, uas yog qhov tsis muaj tseeb, sib piv rau qhov sib txawv ntawm ib qho me ntsis. Piv txwv ntawm cov code tsis tawm tsam: int auth = 0xbe406d1a; ... // pov thawj code uas teev tus nqi auth rau 0x23ab8701 nyob rau hauv cov ntaub ntawv ntawm kev ua tiav authentication yog (auth == 0x23ab8701) rov AUTH_SUCCESS; lwm tus rov AUTH_FAILURE;
Txoj kev tiv thaiv tau teev tseg twb tau siv los ntawm sudo cov neeg tsim khoom thiab tau suav nrog hauv kev tso tawm 1.9.15 raws li kev kho rau CVE-2023-42465 qhov tsis zoo. Lawv npaj yuav tshaj tawm cov qauv qauv ntawm cov cai rau kev tawm tsam tom qab kev txhim kho tau ua rau cov phiaj xwm tseem ceeb.
Tau qhov twg los: opennet.ru