Gulu la ofufuza ochokera ku Yunivesite ya Texas, University of Illinois, ndi University of Washington awululira zambiri za banja latsopano lachiwonetsero cham'mbali (CVE-2022-23823, CVE-2022-24436), lotchedwa Hertzbleed. Njira yowukira yomwe ikuyembekezeredwa imatengera mawonekedwe akusintha pafupipafupi kwa ma processor amakono ndipo imakhudza ma Intel ndi AMD CPU onse apano. Mwinamwake, vutoli likhoza kuwonekeranso mu mapurosesa ochokera kwa opanga ena omwe amathandizira kusintha kwafupipafupi, mwachitsanzo, mu machitidwe a ARM, koma phunziroli linali lochepa kuyesa tchipisi ta Intel ndi AMD. Zolemba zoyambira ndikukhazikitsa njira yowukirayo zimasindikizidwa pa GitHub (kukhazikitsako kudayesedwa pakompyuta ndi Intel i7-9700 CPU).
Kukhathamiritsa kugwiritsa ntchito mphamvu ndikuletsa kutenthedwa, mapurosesa amasintha pafupipafupi kutengera katundu, zomwe zimabweretsa kusintha kwa magwiridwe antchito komanso zimakhudza nthawi yogwira ntchito (kusintha pafupipafupi ndi 1 Hz kumabweretsa kusintha kwa magwiridwe antchito ndi 1 wotchi yozungulira kachiwiri). Pa kafukufukuyu, zidapezeka kuti pamikhalidwe ina pa AMD ndi Intel processors, kusintha kwafupipafupi kumalumikizana mwachindunji ndi zomwe zikukonzedwa, zomwe, mwachitsanzo, zimatsogolera ku nthawi yowerengera ntchito "2022 + 23823" ndi "2022 + 24436" adzakhala osiyana. Malingana ndi kusanthula kwa kusiyana kwa nthawi yogwira ntchito ndi deta yosiyana, ndizotheka kubwezeretsa mwachindunji zomwe zimagwiritsidwa ntchito powerengera. Panthawi imodzimodziyo, mumagulu othamanga kwambiri omwe ali ndi kuchedwa kosalekeza kosalekeza, kuukira kungathe kuchitidwa patali poyerekezera nthawi yochita zopempha.
Ngati kuwukirako kukuyenda bwino, zovuta zomwe zazindikirika zimapangitsa kuti zitheke kudziwa makiyi achinsinsi potengera nthawi yowerengera m'ma library a cryptographic omwe amagwiritsa ntchito ma aligorivimu momwe masamu amawerengedwera nthawi zonse nthawi zonse, mosasamala kanthu za mtundu wa data yomwe ikukonzedwa. . Malaibulale oterowo amaonedwa kuti ndi otetezedwa ku zowukira zam'mbali, koma monga momwe zidakhalira, nthawi yowerengera imatsimikiziridwa osati ndi algorithm yokha, komanso ndi mawonekedwe a purosesa.
Monga chitsanzo chothandiza chosonyeza kuthekera kwa kugwiritsa ntchito njira yomwe ikufunsidwa, kuukira kwa kukhazikitsidwa kwa SIKE (Supersingular Isogeny Key Encapsulation) makina opangira makiyi adawonetsedwa, omwe adaphatikizidwa kumapeto kwa mpikisano wa post-quantum cryptosystems womwe unachitikira ndi US. National Institute of Standards and Technology (NIST), ndipo ili pamalo otetezedwa ku ziwopsezo zam'mbali. Panthawi yoyesera, pogwiritsa ntchito mtundu wina watsopano wa kuukira kotengera mawu osankhidwa (kusankha pang'onopang'ono kutengera kusintha kwa ciphertext ndikupeza kumasulira kwake), zinali zotheka kubwezeretsanso fungulo lomwe limagwiritsidwa ntchito kubisa potengera miyeso kuchokera pakompyuta yakutali, ngakhale. kugwiritsa ntchito SIKE kukhazikitsa ndi nthawi yowerengera nthawi zonse. Kuzindikira makiyi a 364-bit pogwiritsa ntchito CIRCL kudatenga maola 36, ββndipo PQCrypto-SIDH idatenga maola 89.
Intel ndi AMD avomereza kuti ali pachiwopsezo cha mapurosesa awo pavutoli, koma osakonzekera kuletsa chiwopsezocho kudzera pakusintha kwa ma microcode, popeza sikungatheke kuthetsa chiwopsezo cha Hardware popanda kukhudza kwambiri magwiridwe antchito a hardware. M'malo mwake, opanga malaibulale a cryptographic amapatsidwa malingaliro amomwe angaletsere kutulutsa kwachinsinsi powerengera zachinsinsi. Cloudflare ndi Microsoft awonjezera kale chitetezo chofanana ndi machitidwe awo a SIKE, zomwe zachititsa kuti 5% ikhale yogwira ntchito kwa CIRCL ndi 11% kugunda kwa PQCrypto-SIDH. Njira inanso yoletsa chiwopsezo ndikuletsa njira za Turbo Boost, Turbo Core, kapena Precision Boost mu BIOS kapena dalaivala, koma kusinthaku kumabweretsa kuchepa kwakukulu kwa magwiridwe antchito.
Intel, Cloudflare ndi Microsoft adadziwitsidwa za nkhaniyi mgawo lachitatu la 2021, ndi AMD mgawo loyamba la 2022, koma kuwululidwa kwapoyera kwa nkhaniyi kudachedwetsedwa mpaka June 14, 2022 pa pempho la Intel. Kupezeka kwa vutoli kwatsimikiziridwa mu mapurosesa apakompyuta ndi laputopu kutengera mibadwo ya 8-11 ya Intel Core microarchitecture, komanso ma processor osiyanasiyana apakompyuta, mafoni ndi ma seva AMD Ryzen, Athlon, A-Series ndi EPYC (ofufuza adawonetsa njirayi. pa Ryzen CPUs yokhala ndi Zen microarchitecture 2 ndi Zen 3).
Source: opennet.ru