Gulu la ofufuza ochokera ku Vrije Universiteit Amsterdam lapeza latsopano (CVE-2020-0543) m'mapangidwe ang'onoang'ono a Intel processors, odziwika chifukwa amakulolani kuti mubwezeretse zotsatira za kuchitidwa kwa malangizo ena omwe aperekedwa pachimake cha CPU. Ichi ndi chiwopsezo choyamba pamakina opangira malangizo ongopeka omwe amalola kutayikira kwa data pakati pa ma CPU cores (poyamba kutayikira kunali kokha ku ulusi wosiyana wa pachimake chimodzi). Ofufuzawo adatchula vutoli CROSTalk, koma Kusatetezekako kumatchedwa SRBDS (Special Register Buffer Data Sampling).
Kusatetezeka kumakhudzana ndi chaka chapitacho ku kalasi ya mavuto a MDS (Microarchitectural Data Sampling) ndipo idakhazikitsidwa pakugwiritsa ntchito njira zowunikira njira zam'mbali ku data muzomangamanga zazing'ono. CROSSTalk ili pafupi ndi chiwopsezo , koma amasiyana ndi kumene kutayikirako.
Chiwopsezo chatsopanochi chimayambitsa kutayikira kwa buffer yapakatikati yomwe idagawidwa ndi ma CPU onse.
ndikuti malangizo ena a microprocessor, kuphatikiza RDRAND, RDSEED ndi SGX EGETKEY, akugwiritsidwa ntchito pogwiritsa ntchito ntchito yamkati ya SRR (Special Register Reads). Pa mapurosesa omwe akhudzidwa, zomwe zabwezedwa kwa SRR zimayikidwa mu buffer yapakatikati yofanana ndi ma CPU onse, kenako imasamutsidwa ku buffer yolumikizidwa ndi maziko enieni a CPU pomwe ntchito yowerengera idayambika. Chotsatira, mtengo wochokera ku buffer yodzaza umakopedwa m'marejista omwe amawonekera ku mapulogalamu.
Kukula kwa buffer yapakatikati yogawana kumagwirizana ndi mzere wa cache, womwe nthawi zambiri umakhala wokulirapo kuposa kukula kwa zomwe zikuwerengedwa, ndipo zowerengera zosiyanasiyana zimakhudza zosintha zosiyanasiyana mu buffer. Popeza kuti buffer yomwe imagawidwa imakopera kwathunthu ku buffer yodzaza, osati gawo lokhalo lofunikira pakugwiritsa ntchito komweko limasunthidwa, komanso deta yotsalira kuchokera kuzinthu zina, kuphatikizapo zomwe zimachitidwa pazitsulo zina za CPU.
Ngati kuwukirako kwachitika bwino, wogwiritsa ntchito wamba yemwe ali wotsimikizika mudongosolo atha kudziwa zotsatira za kutsatira malangizo a RDRAND, RDSEED ndi EGETKEY m'njira yakunja kapena mkati mwa Intel SGX enclave, mosasamala kanthu za chigawo cha CPU chomwe codeyo imayikidwa.
Ofufuza amene anapeza vuto Mawonekedwe amtundu wowonetsa kuthekera kotulutsa zidziwitso zopezeka mwachisawawa kudzera mu malangizo a RDRAND ndi RDSEED kuti apezenso kiyi yachinsinsi ya ECDSA yomwe idakonzedwa mu Intel SGX enclave atagwira ntchito imodzi yokha yosayina pakompyuta.
vuto makina osiyanasiyana apakompyuta, mafoni ndi ma seva a Intel, kuphatikiza Core i3, i5, i7, i9, m3, Celeron (J, G ndi N mndandanda), Atom (C, E ndi X mndandanda), Xeon (E3, E5, E7 mabanja , W ndi D), Xeon Scalable, etc. Ndizofunikira kudziwa kuti Intel idadziwitsidwa za kusatetezekako mu Seputembara 2018, ndipo mu Julayi 2019 chithunzithunzi chinaperekedwa chowonetsa kutayikira kwa data pakati pa ma CPU cores, koma kukonzako kudachedwa chifukwa chakuvuta kwake. Zosintha zamasiku ano za ma microcode zathana ndi vutoli posintha machitidwe a RDRAND, RDSEED, ndi malangizo a EGETKEY kuti alembenso zambiri mu buffer yomwe adagawana kuti aletse zambiri zotsalira kukhazikika pamenepo. Kuphatikiza apo, kulowa kwa buffer kuyimitsidwa mpaka zomwe zalembedwazo ziwerengedwa ndi kulembedwanso.
Zotsatira zamtundu uwu wachitetezo zimachulukitsidwa pang'onopang'ono pochita RDRAND, RDSEED, ndi EGETKEY, ndikuchepetsa kutulutsa poyesa kutsatira malangizowa panthawi imodzi pamapurosesa osiyanasiyana omveka. Kuchita RDRAND, RDSEED, ndi EGETKEY kumayimitsanso mwayi wokumbukira kuchokera kwa mapurosesa ena omveka. Izi zitha kusokoneza magwiridwe antchito a seva, kotero firmware imapereka makina (RNGDS_MITG_DIS) kuletsa chitetezo cha RDRAND ndi malangizo a RDSEED operekedwa kunja kwa Intel SGX enclave.
Source: opennet.ru