Intel
Kubva pamatambudziko akaonekwa nevaongorori kubva kuTechnical University yeGraz (Austria)
-
ZombieLoad (PDF ) - inokutendera kuti utore ruzivo rwakavanzika kubva kune mamwe maitiro, iyo inoshanda sisitimu, chaiwo michina uye yakachengetedzwa enclaves (TEE, Yakavimbika Kuurayiwa Kwenzvimbo). Semuenzaniso, kugona kuona nhoroondo yekuvhura mapeji muTor browser inomhanya mune imwe virtual muchina kwakaratidzwa, pamwe nekuona makiyi ekuwana uye mapassword anoshandiswa mumaapplication;
-
RIDL (PDF ) - inobvumira kubuda kweruzivo pakati penzvimbo dzakasiyana dzakasarudzika muIntel processors, senge kuzadza buffers, kuchengetedza buffers uye mutoro madoko. Mienzaniso yekurwiswa inoratidzwa kuronga kuvuza kubva kune mamwe maitiro, iyo inoshanda sisitimu, chaiwo muchina uye akachengetedzwa enclaves. Semuenzaniso, inoratidza nzira yekuziva zviri mukati memudzi password hashi kubva /etc/shadow panguva yenguva yekuyedza yechokwadi (kurwisa kwakatora maawa makumi maviri nemana);Mukuwedzera, muenzaniso wekurwisa uchishandisa JavaScript uye WebAssembly inoratidzwa pakuzarura peji ine utsinye muSpiderMonkey injini (mumabhurawuza emazuva ano akazara, kurwiswa kwakadaro hakugoneki nekuda kwekugadzirisa nguva uye matanho ekudzivirira kubva kuSpecter);
-
Donha (PDF ) - inoita kuti zvikwanise kuverenga data ichangobva kunyorwa neiyo inoshanda sisitimu uye kuona iyo OS memory dhizaini kurerutsa kumwe kurwiswa; -
Store-To-Leak Forwarding - inoshandisa CPU optimizations yekushanda neyekuchengetedza buffer uye inogona kushandiswa kupfuura iyo kernel kero space randomisation mechanism (KASLR), kutarisa mamiriro eiyo sisitimu yekushandisa, kana ye.sangano inodonhedza musanganiswa nemagetsi zvinoenderana neSpecter nzira.
Identified
- CVE-2018-12126 - MSBDS (Microarchitectural Store Buffer Data Sampling), kudzoreredza zviri mukati mekuchengetedza mabhafa. Inoshandiswa muFallout kurwisa. Iyo dhigirii yengozi inotemerwa kuve 6.5 mapoinzi (CVSS);
- CVE-2018-12127 - MLPDS (Microarchitectural Load Port Data Sampling), kudzoreredza kwemukati mekutakura zvinhu. Inoshandiswa mukurwisa kweRIDL. CVSS 6.5;
- CVE-2018-12130 - MFBDS (Microarchitectural Zadza Buffer Data Sampling), kudzoreredza kwekuzadza buffer zviri mukati. Inoshandiswa muZombieLoad uye RIDL kurwisa. CVSS 6.5;
- CVE-2019-11091 - MDSUM (Microarchitectural Data Sampling Uncacheable Memory), kudzoreredza kwezvisingaverengeki ndangariro zviri mukati. Inoshandiswa mukurwisa kweRIDL. CVSS 3.8.
Side-channel kurwiswa kweiyo microarchitectural zvimiro zvakanyanya kuoma kuita kana ichienzaniswa nemaitiro ekudzoreredza zvirimo zvecache uye zvinoda kuteedzera uye kuongorora huwandu hwakakosha hwedata kuti uone kubatana kwavo nedzimwe kero mundangariro (chaizvoizvo, munhu anorwisa haakwanise kutora nemaune imwe data. , asi ingangove nguva yekuunganidza kuvuza uye kushandisa nzira dzenhamba yekuvakazve mamwe marudzi edata). Pamusoro pezvo, kurwiswa kwacho kunongobata data pane imwechete yemuviri CPU musimboti sekodhi yeanorwisa.
Nzira dzakarongwa dzekutarisa zviri mukati me microarchitectural zvimiro zvakavakirwa pachokwadi chekuti zvimiro izvi zvinoshandiswa panguva yekufungidzira kubata kunze (kukanganisa) kana kurodha nekuchengetedza mashandiro.
Munguva yekufungidzira kuurayiwa, zviri mukati mezvimiro zvemukati zvinodzoserwa kune marejista kana macache ekugadzirisa. Mashandiro ekufungidzira haapedzi uye mhedzisiro inoraswa, asi zvakadzoserwa zvemukati zvinogona kutariswa pachishandiswa nzira-channel cache yekuongorora matekiniki.
Load ports anoshandiswa ne processor kugamuchira data kubva mundangariro kana I/O subsystem uye kupa ruzivo rwakagamuchirwa kumareji eCPU. Nekuda kwechiitiko chekuita, data kubva kumabasa ekurodha ekare anoramba ari mumachiteshi kusvika anyorwa nedata nyowani, izvo zvinoita kuti zvikwanise kuona zvisina kunanga mamiriro e data muchiteshi chekurodha nekushandisa zvisirizvo (zvikanganiso) uye SSE/AVX/ AVX-512 mirairo inotakura kupfuura 64 bits data. Pasi pemamiriro ezvinhu akadai, mashandiro emutoro anofumura hunhu hwe data kubva kune zvimiro zvemukati kusvika kune zvinoenderana nekushanda. Nenzira imwecheteyo, kuvuza kunorongwa kuburikidza nekuchengetedza buffer, iyo inoshandiswa kukurumidza kunyorera kuCPU cache uye inosanganisira tafura yemakero, kukosha uye mireza, pamwe nekuzadza buffer, iyo ine data iyo. haisati iri muL1 cache (cache-miss), yenguva iri kurodha kubva kune cache yemamwe mazinga.
dambudziko
Linux kernel inodzivirira kubva kuMDS
4.19.43, 4.14.119 uye 4.9.176. Nzira yekudzivirira
Package updates akatoburitswa
Iyo gadziriso yekuvharira kudonha kwedata kubva kumashini chaiwo zvakare
Source: opennet.ru