Koox cilmi-baarayaal ah oo ka socda Jaamacadda Tiknoolajiyada ee Graz (Austria), oo hore loogu yaqaanay horumarinta MDS, NetSpectre, Throwhammer iyo weerarrada ZombieLoad, ayaa shaaca ka qaaday faahfaahinta weerarka kanaalka cusub (CVE-2021-46778) ee safka jadwalka processor-ka AMD , loo isticmaalo in lagu jadwaleeyo fulinta tilmaamaha qaybaha fulinta kala duwan ee CPU. Weerarka, oo loo yaqaan SQUIP, wuxuu kuu ogolaanayaa inaad go'aamiso xogta loo isticmaalo xisaabinta ee hab kale ama mashiinka farsamada ama abaabulo kanaal isgaarsiineed oo qarsoon oo u dhexeeya hababka ama mashiinnada farsamada ee kuu ogolaanaya inaad ku beddesho xogta adigoo ka gudbaya hababka xakamaynta gelitaanka nidaamka.
AMD CPUs oo ku salaysan jiilka 2000aad, 5000aad, iyo 3000aad ee Zen microarchitectures (AMD Ryzen XNUMX-XNUMX, AMD Ryzen Threadripper, AMD Athlon XNUMX, AMD EPYC) ayaa saameeya marka la isticmaalayo Tiknoolajiyada Isku-dhafka ah ee Isku-dhafka ah (SMT). Processor-yaasha Intel uma nugula in la weeraro, maadaama ay adeegsadaan hal jadwal oo saf ah, halka kuwa nugul ee AMD ay u adeegsadaan safaf kala duwan unug kasta oo fulin ah. Si looga hortago faafitaanka macluumaadka, AMD waxay ku talisay in horumariyayaashu isticmaalaan algorithms kuwaas oo had iyo jeer sameeya xisaabinta xisaabta wakhti joogto ah, iyada oo aan loo eegin nooca xogta la farsamaynayo, iyo sidoo kale in laga fogaado laanta ku salaysan xogta sirta ah.
Weerarku waxa uu ku salaysan yahay qiimaynta heerka khilaafka (heerka muranada) ee safafka jadwalaha ee kala duwan waxana lagu fuliyaa cabirka dib u dhaca marka la bilaabo hawlgalada hubinta ee lagu sameeyay dunta SMT kale ee isla CPU-ga. Si loo falanqeeyo waxa ku jira, habka Prime + Probe ayaa la isticmaalay, taas oo macnaheedu yahay buuxinta safka tixraaca qiyamka iyo go'aaminta isbeddelada iyada oo la cabbirayo wakhtiga gelitaanka iyaga marka dib loo buuxinayo.
Intii lagu jiray tijaabada, cilmi-baarayaashu waxay awoodeen inay si buuxda dib ugu sameeyaan furaha gaarka ah ee 4096-bit RSA ee loo isticmaalo in lagu abuuro saxeexyada dhijitaalka ah iyadoo la adeegsanayo mbedTLS 3.0 maktabadda cryptographic, taas oo adeegsata algorithm-ka Montgomery si kor loogu qaado nambarka modulo awood ah. Waxay qaadatay 50500 raadad si loo go'aamiyo furaha. Wadarta wakhtiga weerarka ayaa qaatay 38 daqiiqo. Kala duwanaanshaha weerarka ayaa la soo bandhigay kuwaas oo bixiya daadinta u dhexeeya habab kala duwan iyo mashiinnada farsamada gacanta ee ay maamusho KVM hypervisor. Waxa kale oo la tusay in habka loo isticmaali karo in lagu habeeyo xog-wareejin dahsoon oo u dhaxaysa mishiinnada farsamada gacanta oo ah 0.89 Mbit/s
Source: opennet.ru