Intel yakaburitsa ruzivo nezve kirasi nyowani yedata inodonha kuburikidza ne microarchitectural zvimiro zve processors, izvo zvinobvumira, kuburikidza nekunyengera kweMMIO (Memory Mapped Input Output) maitiro, kuona ruzivo rwakagadziriswa pane mamwe maCPU cores. Semuenzaniso, kusasimba kunobvumira data kubviswa kubva kune mamwe maitiro, Intel SGX enclaves, kana chaiwo michina. Iko kusadzivirirwa kwakanangana chete neIntel CPUs; processors kubva kune vamwe vagadziri haabatwe nekusagadzikana.
Kusagadzikana kunoonekwa mune akasiyana Intel CPUs, anosanganisira processors akavakirwa paHaswell, Skylake, IceLake, Broadwell, Lakefield, Kabylake, Cometlake uye Rocketlake microarchitectures, pamwe neXeon EP/EX, Scalable uye mamwe maAtom server processors. Kuita kurwiswa, kuwana kuMMIO kunodiwa, iyo, semuenzaniso, inogona kuwanikwa mumasisitimu ekuonana anopa kugona kuwana MMIO yevaenzi masisitimu anodzorwa neanorwisa. Kugadzirisa kunogona zvakare kudikanwa kune masisitimu anoshandisa Intel SGX (Software Guard Extensions) akavharirwa enclaves.
Kuvharisa kusavimbika kunoda zvese kugadziridzwa kwemakrocode uye kushandiswa kweimwe nzira dzekudzivirira software zvichibva pakushandiswa kweVERW kuraira kujekesa zviri mukati me microarchitectural buffers pakudzoka kubva kukernel kuenda kunzvimbo yemushandisi kana pakuendesa kutonga kune yevaenzi system. Kudzivirirwa kwakafanana kunoshandiswawo kudzivirira kurwiswa kwakambozivikanwa kweMDS (Microarchitectural Data Sampling), SRBDS (Special Register Buffer Data Sampling) uye TAA (Transactional Asynchronous Abort) makirasi.
Padivi remicrocode, shanduko dzinodiwa kuita dziviriro dzakakurudzirwa munaMay microcode update yeIntel CPUs (IPU 2022.1). MuLinux kernel, dziviriro kubva kukirasi nyowani yekurwiswa inosanganisirwa mukuburitswa 5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, uye 4.9.319. Kuti utarise kuratidzwa kwehurongwa mukusagadzikana muMMIO uye kuongorora chiitiko chedzimwe nzira dzekudzivirira, iyo faira "/sys/devices/system/cpu/vulnerabilities/mmio_stale_data" yakawedzerwa kuLinux kernel. Kudzora kuisirwa kwedziviriro, iyo kernel boot parameter "mmio_stale_data" yakashandiswa, iyo inogona kutora kukosha "yakazara" (inogonesa kuchenesa mabuffers kana uchienda kunzvimbo yemushandisi uye muVM), "full, nosmt" ( se "yakazara" + zvakare inodzima SMT/Hyper- Threads) uye "off" (dziviriro yakaremara). Zvigadziriso zvakasiyana zvinopihwa iyo Xen hypervisor uye iyo Qubes inoshanda system.
Izvo zvakakosha zvekirasi yakaonekwa yekusagadzikana ndeyekuti mamwe mavhisi anotungamira mukukopa kana kufambisa data yasara mushure mekuuraya kune mamwe maCPU cores kubva kune imwe microarchitectural buffer kuenda kune imwe. Kusagadzikana muMMIO kunobvumira iyi data yasara kutamiswa kubva kwakasarudzika madiki madiki mabhafa kuenda kune application-inooneka marejista kana CPU buffers. Nzira nhatu dzakaonekwa dzekubvisa data rasara kuburikidza neMMIO:
- DRPW (Chishandiso Chekunyoresa Chinyorwa Nyora, CVE-2022-21166) inyaya ine mabatiro asina kunaka ekunyora kune mamwe maMMIO marejista. Kana saizi yedata iri kunyorwa ishoma pane saizi yerejista, ipapo ruzivo rwakasara kubva kune mabhafa ekuzadza runokopwawo murejista. Nekuda kweizvozvo, maitiro anotanga asina kukwana kunyora kunyoreswa kweMMIO anogona kuwana data rakasara mune ma microarchitectural buffers kubva kumabasa akaitwa pane mamwe maCPU cores.
- SBDS (Shared Buffers Data Sampling, CVE-2022-21125) kudonha kwedata rasara kubva kune kernel-yakasungwa yekuzadza buffer inokonzerwa nekufamba kubva pakati pepakati mabuffers akajairika kune ese kernels.
- SBDR (Shared Buffers Data Read, CVE-2022-21123) - dambudziko rakafanana neSBDS, asi rinosiyana pakuti data yakasara inogona kuguma muCPU zvimiro zvinoonekwa kune zvikumbiro. Matambudziko eSBDS neSBDR anongoonekwa chete pama processors evatengi masisitimu uye paIntel Xeon E3 server mhuri.
Source: opennet.ru