Wofufuza zachitetezo ku Google, a Tavis Ormandy, adazindikira chiwopsezo chatsopano (CVE-2023-23583) mu Intel processors, codenamed Reptar, yomwe imayika chiwopsezo pamakina amtambo omwe amayendetsa makina enieni a ogwiritsa ntchito osiyanasiyana. Kusatetezeka kungayambitse makina kugwa kapena kuwonongeka akamagwira ntchito zina m'makina a alendo omwe alibe mwayi. Ntchito yomwe imapanga mikhalidwe yogwiritsiridwa ntchito yasindikizidwa kuti iyesedwe.
Mwachidziwitso, chiwopsezochi chingagwiritsidwe ntchito kukulitsa mwayi kuchokera pa mphete 3 kupita ku ring 0 (CPL0) ndikuthawa malo akutali, koma izi sizinatsimikizidwebe m'kuchita chifukwa cha zovuta pakuwongolera pamlingo wa zomangamanga zazing'ono. Kuyesa kwamkati ku Intel kunawonetsanso kuthekera kogwiritsa ntchito mwayi wokhala pachiwopsezo cha mwayi wokwera pansi pamikhalidwe ina.
Malinga ndi wofufuzayo, chiwopsezochi chimakhudza Ice Lake, Rocket Lake, Tiger Lake, Raptor Lake, Alder Lake, ndi Sapphire Rapids mabanja a Intel processors. Lipoti la Intel likuti nkhaniyi ikukhudza mapurosesa a Intel Core a m'badwo wa 10 (Ice Lake) ndi ma processor a Xeon Scalable a m'badwo wachitatu, komanso ma processor a Xeon E/D/W (Ice Lake, Skylake, Haswell, Broadwell, Skylake, Sapphire Rapids, Emerald Rapids, Cascade Lake, Lake processor, Lake Lake Lake, Rocket processor, Lake Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Lake Lake, Skylake, Ice Lake, Skylake) (Apollo Lake, Jasper Lake, Arizona Beach, Alder Lake, Parker Ridge, Snow Ridge, Elkhart Lake, ndi Denverton). Chiwopsezocho chidakhazikika pakusinthidwa kwa dzulo kwa microcode 20231114.
Kusatetezekaku kumachitika chifukwa cha kamangidwe kakang'ono komwe kachitidwe ka malangizo a "REP MOVSB" amasungidwa ndi "REX" prefix, zomwe zimatsogolera kumayendedwe osadziwika. Nkhaniyi idapezeka poyesa ma prefixes owonjezera, omwe mwalingaliro amayenera kunyalanyazidwa koma m'machitidwe adadzetsa zotsatira zachilendo, monga kunyalanyaza kulumpha kopanda malire ndikusokoneza kusunga kwa pointer mu xsave ndikuyitanitsa malangizo. Kuwunikanso kwina kunawonetsa kuti kuwonjezera mawu owonjezera owonjezera ku malangizo a "REP MOVSB" kumawononga zomwe zili mu ROB (ReOrder Buffer), yomwe imagwiritsidwa ntchito poyitanitsa malangizo.
Cholakwikacho chimakhulupirira kuti chimayamba chifukwa cha kuwerengetsa kolakwika kwa kukula kwa malangizo a MOVSB, komwe kumabweretsa kusokonezeka kwa malangizo olembedwa ku ROB buffer pambuyo pa MOVSB ndi prefix yochulukirapo, komanso kusamvetsetsana kwa cholozera. Kusalumikizana kumeneku kungakhale kokha kusokoneza mawerengedwe apakatikati ndi kubwezeretsedwa kotsatira kwa chikhalidwe chokhazikika. Komabe, ngati kuwonongekako kuyambika nthawi imodzi pa ma cores angapo kapena ulusi wa SMT, kungayambitse ziphuphu zokwanira zazing'ono kuti ziwonongeke.
Source: opennet.ru
