Chikwata chevaongorori kubva kuVrije Universiteit Amsterdam chaona chitsva (CVE-2020-0543) mune microarchitectural zvimiro zveIntel processors, zvinozivikanwa nekuti zvinokutendera iwe kudzoreredza mhedzisiro yekuitwa kweimwe mirairo yakaitwa pane imwe CPU musimboti. Uku ndiko kusadzivirirwa kwekutanga mune yekufungidzira yekuraira nzira inobvumira kudonha kwedata pakati pemunhu CPU cores (yaimbove inovuza yaigumira kune dzakasiyana tambo dzepakati imwechete). Vatsvakurudzi vakatumidza dambudziko CROSTalk, asi Kusagadzikana kunonzi SRBDS (Special Register Buffer Data Sampling).
Kusagadzikana kune chekuita ne gore rapfuura kune kirasi yeMDS (Microarchitectural Data Sampling) matambudziko uye yakavakirwa pakushandiswa kwenzira dzeparutivi-chiteshi nzira dzekuongorora kune data mune microarchitectural zvimiro. CROSSTalk iri pedyo nekusagadzikana , asi inosiyana nekwairi kubuda.
Kusagadzikana kutsva kunobata kudonha kweyaimbova isina kunyorwa yepakati buffer iyo inogovaniswa neCPU cores ese.
ndeyekuti mimwe mirairo yemicroprocessor, inosanganisira RDRAND, RDSEED uye SGX EGETKEY, inoshandiswa uchishandisa mukati meiyo microarchitectural SRR (Special Register Reads) kushanda. Pama processors akakanganisika, iyo data yakadzoserwa yeSRR inoiswa mune yepakati buffer yakajairika kune ese CPU cores, yozoendeswa kune inozadza buffer ine chekuita neiyo chaiyo yemuviri CPU musimboti pakatangwa basa rekuverenga. Tevere, kukosha kubva pakuzadza buffer kunokopwa mumarejista anoonekwa kune maapplication.
Saizi yepakati yakagovaniswa buffer inoenderana necache mutsara, uyo unowanzo hukuru kupfuura saizi yedata iri kuverengwa, uye kuverenga kwakasiyana kunokanganisa zvakasiyana mubuffer. Sezvo iyo yakagovaniswa buffer inoteedzerwa zvachose kune yekuzadza buffer, kwete chete chikamu chinodiwa chekushanda kwazvino chinofambiswa, asiwo iyo data yasara kubva kune mamwe maoperation, kusanganisira ayo anoitwa pane mamwe maCPU cores.
Kana kurwiswa kwacho kwabudirira, mushandisi wemuno akatenderwa muhurongwa anogona kuona mhedzisiro yekuita iyo RDRAND, RDSEED uye EGETKEY mirairo mune yekune dzimwe nyika kana mukati meIntel SGX enclave, zvisinei neCPU musimboti panoitwa kodhi.
Vatsvakurudzi vakaona dambudziko racho A prototype exploit anoratidza kugona kuburitsa ruzivo nezve zvisizvo zvimiro zvakawanikwa kuburikidza neRDRAND uye RDSEED mirairo yekudzoreredza ECDSA yakavanzika kiyi yakagadziriswa muIntel SGX enclave mushure mekuita imwechete siginecha yedhijitari pahurongwa.
dambudziko yakawanda yedesktop, nhare uye server Intel processors, kusanganisira Core i3, i5, i7, i9, m3, Celeron (J, G uye N akatevedzana), Atom (C, E uye X akatevedzana), Xeon (E3, E5, E7 mhuri , W uye D), Xeon Scalable, nezvimwe. Zvakakosha kuti Intel yakaziviswa nezvekusagadzikana munaGunyana 2018, uye muna Chikunguru 2019 prototype yakapihwa ichiratidza kudonha kwedata pakati peCPU cores, asi kuvandudzwa kwekugadzirisa kwakanonoka nekuda kwekuoma kwekuita kwayo. Yanhasi yakarongwa microcode update inogadzirisa nyaya nekuchinja maitiro eRDRAND, RDSEED, uye EGETKEY mirairo yekunyora data mubuffer yakagovaniswa kudzivirira ruzivo rwakasara kubva pakugara ipapo. Pamusoro pezvo, buffer access inombomira kusvika zvirimo zvaverengwa nekunyorwa patsva.
Mhedzisiro yerudzi urwu rwedziviriro inowedzerwa latency pakuita RDRAND, RDSEED, uye EGETKEY, uye yakaderedzwa kubuda kana uchiedza kuita mirairo iyi panguva imwe chete pane akasiyana logic processors. Kuita RDRAND, RDSEED, uye EGETKEY zvakare inomisa ndangariro kuwana kubva kune mamwe ane musoro processors. Aya maficha anogona kukanganisa kuita kwemamwe maseva maapplication, saka firmware inopa maitiro (RNGDS_MITG_DIS) kudzima dziviriro yeRDRAND uye RDSEED mirairo inoitwa kunze kweIntel SGX enclave.
Source: opennet.ru