Pulojekiti ya Grsecurity yafalitsa zambiri komanso chiwonetsero cha njira yowukira pachiwopsezo chatsopano (CVE-2021-26341) mu ma processor a AMD okhudzana ndi kuperekedwa mongopeka kwamalangizo pambuyo pochita zinthu mopanda malire. Ngati kuukirako kukuyenda bwino, kusatetezeka kumalola zomwe zili m'malo okumbukira mosasamala kuti zitsimikizike. Mwachitsanzo, ofufuza akonza njira yomwe imawalola kudziwa momwe ma adilesi amapangidwira ndikudutsa njira yachitetezo ya KASLR (kernel memory randomization) pochita ma code opanda mwayi mu ePBF kernel subsystem. Zochitika zina zowukira sizingathetsedwe zomwe zingayambitse kutayikira kwa zomwe zili mu kernel memory.
Chiwopsezocho chimakulolani kuti mupange mikhalidwe yomwe purosesa, panthawi yoyeserera, imangoganizira malangizowo potsatira kudumpha kukumbukira (SLS, Straight Line Speculation). Kuphatikiza apo, kukhathamiritsa kotereku sikumagwira ntchito kwa odumphira mokhazikika, komanso malangizo omwe amatanthauza kulumpha molunjika, monga JMP, RET ndi CALL. Potsatira malangizo odumphira mopanda malire, deta yosasinthika yomwe sinapangidwe kuti iwonongeke ikhoza kuikidwa. Pambuyo pozindikira kuti nthambi simaphatikizirapo kutsatira malangizo otsatirawa, purosesayo amangobweza boma ndikunyalanyaza kuphedwa kongoyerekeza, koma njira yotsatsira malangizo imakhalabe mu kachesi yogawana ndipo ikupezeka kuti iwunikidwe pogwiritsa ntchito njira zopezera njira zam'mbali.
Monga momwe zimakhalira pachiwopsezo cha Specter-v1, kuwukirako kumafuna kukhalapo kwa malangizo ena (zida) mu kernel zomwe zimatsogolera kukupha mongoyerekeza. Kuletsa chiwopsezo pankhaniyi kumatsikira pakuzindikiritsa zida zotere mu code ndikuwonjezera malangizo owonjezera kwa iwo omwe amaletsa kuphedwa mongopeka. Zoyenera kupha mongoyerekeza zitha kupangidwanso ndi mapulogalamu opanda mwayi omwe akuyenda mu makina a eBPF. Kuti mulepheretse kupanga zida zamagetsi pogwiritsa ntchito eBPF, tikulimbikitsidwa kuletsa mwayi wopanda mwayi wa eBPF mudongosolo ("sysctl -w kernel.unprivileged_bpf_disabled=1").
Kusatetezeka kumakhudza ma processor kutengera Zen1 ndi Zen2 microarchitecture, kuphatikiza mibadwo yoyamba ndi yachiwiri ya AMD EPYC ndi AMD Ryzen Threadripper processors, komanso AMD Ryzen 2000/3000/4000/5000, AMD Athlon, AMD Athlon X, AMD Ryzen Threadripper. Pro ndi APU series processors A. Kuti mulepheretse kutsata mongoganizira za malangizo, tikulimbikitsidwa kuyimbira malangizo a INT3 kapena LFENCE pambuyo pa ntchito za nthambi (RET, JMP, CALL).
Source: opennet.ru