Ekwuwapụtala ozi gbasara mwakpo ọhụrụ na ndị nrụpụta Intel - AEPIC Leak (CVE-2022-21233), nke na-eduga na mwepu nke data nzuzo sitere na Intel SGX (Software Guard eXtensions) dịpụrụ adịpụ. Okwu a metụtara 10th, 11th, na 12th ọgbọ nke Intel CPUs (gụnyere usoro Ice Lake na Alder Lake ọhụrụ) ma kpatara ya site na ntụpọ ụkpụrụ ụlọ nke na-enye ohere ịnweta data na-enweghị mmalite nke fọdụrụ na APIC (Advanced Programmable Interrupt Controller) na-edebanye aha mgbe gara aga. arụmọrụ.
N'adịghị ka mwakpo klaasị Specter, ntapu na AEPIC Leak na-eme na-ejighi usoro mgbake site na ọwa ndị ọzọ - a na-ebufe ozi gbasara data nzuzo ozugbo site n'inweta ọdịnaya nke ndekọ egosiri na ibe ebe nchekwa MMIO (memory-mapped I/O). . N'ozuzu, ọgụ ahụ na-enye gị ohere ikpebi data agafere n'etiti cache nke abụọ na nke ikpeazụ, gụnyere ọdịnaya nke ndekọ na nsonaazụ nke ọrụ ịgụ site na ebe nchekwa, nke edoziburu na otu isi CPU.
Ebe ọ bụ na ime mwakpo ọ dị mkpa ịnweta ibe anụ ahụ nke APIC MMIO, i.e. chọrọ ikike nchịkwa, usoro a bụ naanị na ịwakpo SGX enclaves nke onye nchịkwa na-enweghị ohere ozugbo. Ndị nchọpụta ewepụtala ngwaọrụ ndị na-enye ohere, n'ime sekọnd ole na ole, iji chọpụta igodo AES-NI na RSA echekwara na SGX, yana igodo asambodo Intel SGX na pseudo-random number generator parameters. E bipụtara koodu maka mwakpo ahụ na GitHub.
Intel ekwupụtala ndozi n'ụdị mmelite microcode nke ga-emejuputa nkwado maka ịgbanye ihe nchekwa ma gbakwunye usoro ndị ọzọ iji chebe data mkpuchi. A kwadokwara mwepụta SDK ọhụrụ maka Intel SGX na mgbanwe iji gbochie ntapu data. A na-atụ aro ndị nrụpụta sistemụ arụmọrụ na hypervisors ka ha jiri ọnọdụ x2APIC kama ụdị xAPIC nke ketara, nke a na-eji ndekọ MSR kama MMIO iji nweta ndekọ APIC.
isi: opennet.ru