Vatsvagiri kubva kuTechnical University yeGraz (Austria) ruzivo nezve nzira nyowani yekurwisa kuburikidza neyechitatu-bato nzira (), iyo inokutendera kuti utore ruzivo rwakavanzika kubva kune mamwe maitiro, iyo inoshanda sisitimu, chaiwo machina uye akachengetedzwa enclaves (TEE, Yakavimbika Kuurayiwa Kwenzvimbo). Dambudziko rinongobata Intel processors. Zvikamu zvekuvharisa dambudziko nezuro .
Dambudziko ndereMDS (Microarchitectural Data Sampling) kirasi uye ishanduro yemazuva ano muna May ZombieLoad kurwisa. ZombieLoad 2.0, semamwe kurwiswa kweMDS, inovimba nekushandiswa kwemaitiro ekuongorora-parutivi-chiteshi kune data mune microarchitectural zvimiro (semuenzaniso, Line Zadza Buffer uye Store Buffer), iyo inochengeta kwenguva pfupi data inoshandiswa mukuita. .
Nyowani Zombieload kurwisa musiyano pakudonha kunoitika panguva yekushanda kwechigadziriso chekuvhiringidza kweasynchronous mashandiro (TAA, TSX Asynchronous Abort), inoshandiswa mukuwedzera kweTSX (Transactional Synchronization Extensions), iyo inopa maturusi ekushanda neshanduko yekurangarira, iyo inobvumira kuwedzera kushanda kwe. mashandisirwo ane tambo dzakawanda nekubvisa zvine simba mashandisirwo ekubatanidza (anotsigirwa maatomu ekutengeserana anogona kugamuchirwa kana kubviswa). Kana ikakanganisika, maoparesheni akaitwa panharaunda yekurangarira anodzoserwa kumashure.
Iko kutengeserana kubvisa kunoitika asynchronously, panguva iyo dzimwe tambo dzinogona kuwana cache, iyo inoshandiswawo munzvimbo yakaraswa yekushandura ndangariro. Munguva kubva pakutanga kusvika pakupedzwa chaiko kweasynchronous transaction abortion, mamiriro anogona kumuka apo processor, panguva yekufungidzira kwekuita oparesheni, inogona kuverenga data kubva mukati me microarchitectural buffers uye kuiendesa kune yekufungidzira mashandiro. Iko kusawirirana kunozoonekwa uye kushanda kwekufungidzira kuraswa, asi iyo data icharamba iri mucheki uye inogona kudzoserwa uchishandisa nzira-channel cache yekudzoreredza maitiro.
Kurwiswa kwacho kunosvika pakuvhura TSX transaction uye kugadzira mamiriro ekuvhiringidza kwavo asynchronous, panguva inomuka mamiriro ekuburitsa zviri mukati mabuffers emukati achifungidzira akazadzwa nedata kubva mundangariro kuverenga maoperation akaitwa pane imwechete CPU musimboti. Iyo inovuza inogumira kune yazvino yemuviri CPU musimboti (paari kodhi yeanorwisa), asi sezvo microarchitectural buffers yakagovaniswa pakati peshinda dzakasiyana muHyper-Threading mode, zvinokwanisika kudonhedza ndangariro mashandiro anoitwa mune dzimwe CPU tambo.
Attack mamwe mamodheru echisere, chepfumbamwe uye chegumi chizvarwa cheIntel Core processors, pamwe neIntel Pentium Goridhe, Intel Celeron 5000, Intel Xeon E, Intel Xeon W uye yechipiri chizvarwa Intel Xeon Scalable. New Intel processors yakavakirwa paCascade Lake microarchitecture yakaunzwa muna Kubvumbi, iyo yakatanga isingatapurwe neRIDL uye Fallout kurwiswa, zvakare inogona kurwisa. Pamusoro peZombieload 2.0, vaongorori vakaratidzawo mukana wekupfuura nzira dzakambotaurwa dzekudzivirira kubva kurwiswa kweMDS, zvichibva pakushandiswa kweVERW rairo yekubvisa zviri mukati me microarchitectural buffers kana uchidzoka kubva kukernel kuenda kunzvimbo yemushandisi kana pakuendesa kudzora kune. hurongwa hwevaenzi.
Chirevo cheIntel chinoti mumasisitimu ane mutoro wakasiyana-siyana, kugona kuita kurwisa kwakaoma, sezvo kudonha kubva kune microarchitectural zvimiro zvinofukidza zvese zviitiko muhurongwa uye anorwisa haagone kupesvedzera kwainobva data rakabudiswa, i.e. inogona chete kuunganidza ruzivo rwunobuda nekuda kwekudonha uye kuyedza kuona ruzivo runobatsira pakati peiyi data, pasina kugona kutora nemaune data ine chekuita nemakero ekurangarira. Zvisinei, vatsvakurudzi vakabudisa , ichimhanya paLinux neWindows, uye yakaratidza kugona kushandisa kurwisa kuona mudzi wepassword hashi.
kuita kurwisa kubva kune yevaenzi system kuunganidza data inoonekwa mukushanda kwemamwe masisitimu evaenzi, nharaunda yevaenzi, iyo hypervisor uye Intel SGX enclaves.
Inogadzirisa kuvharira kusagadzikana muLinux kernel codebase uye inosanganisirwa mukuburitswa . Kernel uye microcode zvigadziriso zvakatoburitswa kuti zvigovane zvikuru (, , , , , ) Dambudziko rakaonekwa muna Kubvumbi uye gadziriso yakarongedzerwa pakati peIntel nevashandisi vehurongwa hwekushandisa.
Iyo yakapusa nzira yekuvharira Zombieload 2.0 ndeye kudzima rutsigiro rweTSX muCPU. Iyo yakarongwa gadziriso yeLinux kernel inosanganisira akati wandei ekudzivirira sarudzo. Sarudzo yekutanga inopa iyo "tsx=on/off/auto" parameter yekudzora kana iyo TSX yekuwedzera inogoneswa paCPU (iyo auto value inodzima TSX chete kune vari munjodzi CPUs). Yechipiri yekudzivirira sarudzo inogoneswa ne "tsx_async_abort=off/full/full,nosmt" parameter uye yakavakirwa pakubvisa microarchitectural buffers panguva yekuchinja kwemamiriro ezvinhu (inosmt mureza inodzima SMT/Hyper-Threads). Kuti utarise kana sisitimu inogona kukanganiswa, sysfs inopa iyo "/sys/devices/system/cpu/vulnerabilities/tsx_async_abort" parameter.
Kunze kwezvo, in microcode imwe zvekare () muIntel processors, iyo yakavharwa zvakare munguva pfupi yapfuura Linux kernels. Kusagadzikana munhu asina mukana anorwisa kuti atange kuramba basa, zvichiita kuti sisitimu iturike mu "Machine Check Error" state.
Kurwisa kusanganisira kubva kune yevaenzi system.
Source: opennet.ru