Boka revatsvagiri kubva kuVrije Universiteit Amsterdam raona kusazvibata kutsva muzvimiro zveIntel neArM processors, iri vhezheni yakawedzera yeSpecter-v2 kusagadzikana, iyo inobvumira munhu kudarika eIBRS uye CSV2 nzira dzekudzivirira dzinowedzerwa kune processors. . Kusagadzikana kwakapihwa mazita akati wandei: BHI (Bazi Nhoroondo Injection, CVE-2022-0001), BHB (Bazi Nhoroondo Buffer, CVE-2022-0002) uye Specter-BHB (CVE-2022-23960), inotsanangura kuratidzwa kwakasiyana kwe dambudziko rimwechete (BHI - kurwisa kunobata mazinga akasiyana eropafadzo, semuenzaniso, kushandiswa kwevashandisi uye kernel, BHB - kurwisa pamwero weropafadzo imwechete, semuenzaniso, eBPF JIT uye kernel).
Vatsvakurudzi vakaratidza kushandiswa kwekushanda kunobvumira dheta risina kufanira kubviswa kubva ku kernel memory kubva munzvimbo yevashandisi. Semuenzaniso, inoratidzwa sei, uchishandisa yakagadzirirwa kushandiswa, zvinokwanisika kubvisa kubva kune kernel buffers tambo ine hashi yemudzi wemushandisi password yakatakurwa kubva pa /etc/shadow file. Iko kushandiswa kunoratidza mukana wekushandisa kusazvibata mukati meiyo rombo nhanho (kernel-to-kernel kurwisa) uchishandisa mushandisi-yakarodha eBPF chirongwa. Izvo zvakare zvinogoneka kushandisa panzvimbo yeBPF iripo Specter gadget mune kernel kodhi, kutevedzana kwemirairo inotungamira kune yekufungidzira kuurayiwa kwemirairo.
Kusagadzikana kunoonekwa mune mazhinji azvino Intel processors, kunze kwema processors kubva kumhuri yeAtom. Pakati peArM processors, Cortex-A15, Cortex-A57, Cortex-A7*, Cortex-X1, Cortex-X2, Cortex-A710, Neoverse N1, Neoverse N2, Neoverse V1 uye pamwe mamwe maCortex-R machipi anobatwa nedambudziko. Zvinoenderana netsvagiridzo, kusazvibata hakuoneki mu AMD processors. Kubvisa dambudziko, nzira dzinoverengeka dzesoftware dzakarongwa kuti dzivhare kusagadzikana, izvo zvinogona kushandiswa kusati kwaonekwa kwekuchengetedzwa kwehardware mune ramangwana reCPU modhi.
Kuvhara kurwiswa kuburikidza neiyo eBPF subsystem, zvinokurudzirwa kudzima nekusarudzika kugona kwevashandisi vasina mukana kurodha zvirongwa zveBPF nekunyora 1 kufaira "/proc/sys/kernel/unprivileged_bpf_disabled" kana kumhanyisa murairo "sysctl -w kernel. unprivileged_bpf_disabled=1β. Kuvharisa kurwiswa kwegajeti, zvinokurudzirwa kushandisa iyo LFENCE rairo munzvimbo dzekodhi dzinogona kutungamirira kukuuraya kwekufungidzira. Zvinokosha kuziva kuti iyo yekumisikidza yekumisikidza yakawanda yeLinux kugovera yatove neinodiwa nhanho dzekudzivirira dzakakwana kuvharira kurwiswa kweBPF kunoratidzwa nevaongorori. Kurudziro yeIntel yekumisa mukana usina rusaruro kuBPF zvakare ndeye default kubvira Linux kernel 5.16 uye ichadzoserwa kumapazi ekutanga.
Sezvineiwo, BHI ishanduro yakawedzera yeSpecter-v2 kurwiswa, umo, kunzvenga kuchengetedzwa kwakawedzerwa (Intel eIBRS uye Arm CSV2) uye kuronga kuburitswa kwedata, kutsiva kukosha kunoshandiswa muBazi Nhoroondo Buffer, inoshandiswa muCPU kuwedzera kufanotaura. kunyatsoita branching nekufungisisa nhoroondo yekuchinja kwekare. Munguva yekurwiswa, kuburikidza nekugadzirisa nenhoroondo yekuchinja, mamiriro anosikwa ekufanotaura kwakashata kwekuchinja uye kufungidzira kwekuita kwemirairo inodiwa, mhedzisiro yacho inoguma mune cache.
Kunze kwekushandisa Bazi Nhoroondo Buffer panzvimbo yeBazi Target Buffer, kurwiswa kutsva kwakafanana neSpecter-v2. Basa reanorwisa ndere kugadzira mamiriro ekuti kero, kana ichiita basa rekufungidzira, inotorwa kubva munzvimbo ye data yakatsanangurwa. Mushure mekuita zvekufungidzira zvisina kunanga kusvetuka, iyo kero yekusvetuka yakaverengerwa kubva mundangariro inoramba iri mu cache, mushure meimwe yenzira dzekuona zviri mukati mecache inogona kushandiswa kudzoreredza iyo zvichienderana nekuongororwa kwekuchinja kwenguva yekuwana kune cached uye isina cached. data.
Source: opennet.ru