Tavis Ormandy, wofufuza zachitetezo ku Google, wazindikira chiwopsezo chatsopano (CVE-2023-23583) mu ma processor a Intel, codenamed Reptar, omwe makamaka amawopseza makina amtambo omwe amayendetsa makina a ogwiritsa ntchito osiyanasiyana. Chiwopsezochi chimalola makinawo kuti alendewe kapena kugwa zinthu zina zikachitika pamakina obwera alendo opanda mwayi. Kuti muyese machitidwe anu, chida chasindikizidwa chomwe chimapanga mikhalidwe yowonetsera zovuta.
Mwachidziwitso, chiwopsezocho chingagwiritsidwe ntchito kukulitsa mwayi kuchokera pachitatu kupita ku mphete yachitetezo cha ziro (CPL0) ndikuthawa kumadera akutali, koma izi sizinatsimikizidwebe pochita chifukwa cha zovuta zakusintha pamlingo wa microarchitectural. Ndemanga yamkati ku Intel idawonetsanso kuthekera kogwiritsa ntchito chiwopsezo chokulitsa mwayi pazinthu zina.
Malinga ndi wofufuzayo, chiwopsezochi chili m'mabanja a Intel Ice Lake, Rocket Lake, Tiger Lake, Raptor Lake, Alder Lake ndi Sapphire Rapids processor. Lipoti la Intel likuti vutoli likuwoneka kuyambira m'badwo wa 10 (Ice Lake) wa Intel Core processors ndi m'badwo wachitatu wa ma processor a Xeon Scalable, komanso ma processor a Xeon E/D/W (Ice Lake, Skylake, Haswell, Broadwell). , Skylake, Sapphire Rapids, Emerald Rapids, Cascade Lake, Cooper Lake, Comet Lake, Rocket Lake) ndi Atom (Apollo Lake, Jasper Lake, Arizona Beach, Alder Lake, Parker Ridge, Snow Ridge, Elkhart Lake ndi Denverton). Chiwopsezo chomwe chikufunsidwa chidakhazikika pakusinthidwa kwa dzulo kwa microcode 20231114.
Chiwopsezochi chimayamba chifukwa pazifukwa zina zazing'ono, kachitidwe ka malangizo a "REP MOVSB" amasungidwa ndi prefix ya "REX", yomwe imatsogolera kukhalidwe losadziwika. Vutoli lidapezeka pakuyesa ma prefixes owonjezera, omwe mwalingaliro ayenera kunyalanyazidwa, koma m'machitidwe adadzetsa zotsatira zachilendo, monga kunyalanyaza nthambi zopanda malire ndi kuswa kosunga pointer mu xsave ndikuyitanitsa malangizo. Kusanthula kwina kunawonetsa kuti kuwonjezera mawu oyambira owonjezera ku malangizo a "REP MOVSB" kumayambitsa ziphuphu za zomwe zili mu ROB (ReOrder Buffer) zomwe zimagwiritsidwa ntchito kuyitanitsa malangizo.
Amakhulupirira kuti cholakwikacho chimayamba chifukwa cha kuwerengera kolakwika kwa kukula kwa malangizo a "MOVSB", omwe amatsogolera kuphwanya malangizo omwe adalembedwa ku ROB buffer pambuyo pa MOVSB ββββndi prefix yochulukirapo, komanso kuchotsera. cha pointer yophunzitsira. Desynchronization yotereyi imatha kungokhala kusokoneza mawerengedwe apakatikati ndikubwezeretsanso gawo lofunikira. Koma ngati muphwanya ma cores angapo kapena ulusi wa SMT nthawi imodzi, mutha kuwononga mawonekedwe ang'onoang'ono kuti awonongeke.
Source: opennet.ru