Tavis Ormandy, oo ah cilmi-baare dhinaca amniga ah oo ka tirsan Google, ayaa aqoonsaday baylah cusub (CVE-2023-23583) ee soo-saareyaasha Intel, oo loo yaqaan Reptar, kaas oo inta badan khatar ku ah nidaamyada daruuriga ah ee ku shaqeeya mashiinnada casriga ah ee isticmaaleyaasha kala duwan. Nuglaanta waxay u ogolaataa nidaamka in uu soo laadlaado ama shil galo marka hawlgalada qaarkood lagu sameeyo nidaamka martida aan mudnaanta lahayn. Si loo tijaabiyo nidaamyadaaga, utility ayaa la daabacay kaas oo abuuraya shuruudo muujinta dayacanka.
Aragti ahaan, nuglaanta waxaa loo isticmaali karaa in kor loogu qaado mudnaanta laga bilaabo saddexaad ilaa giraanta ilaalinta eber (CPL0) lagana baxsado bay'ada go'doonsan, laakiin dhacdadan wali lama xaqiijin ficil ahaan sababtoo ah dhibaatooyinka jahawareerka ee heerka dhismaha yar yar. Dib u eegis gudaha ah ee Intel ayaa sidoo kale muujisay suurtagalnimada ka faa'iidaysiga nuglaanta si kor loogu qaado mudnaanta xaaladaha qaarkood.
Sida laga soo xigtay cilmi-baadhaha, baylahdu waxay ku jirtaa Intel Ice Lake, Rocket Lake, Tiger Lake, Raptor Lake, Alder Lake iyo Sapphire Rapids processor. Warbixinta Intel waxay xustay in dhibaatadu ay u muuqato in laga bilaabo jiilka 10-aad (Ice Lake) ee processor-rada Intel Core iyo jiilka saddexaad ee Xeon Scalable processors, iyo sidoo kale processor-rada Xeon E/D/W (Ice Lake, Skylake, Haswell, Broadwell). , Skylake, Sapphire Rapids, Emerald Rapids, Cascade Lake, Cooper Lake, Comet Lake, Harada Rocket) iyo Atom (Apollo Lake, Jasper Lake, Arizona Beach, Alder Lake, Parker Ridge, Snow Ridge, Elkhart Lake iyo Denverton). Nuglaanta su'aashu waxay ku go'an tahay cusboonaysiinta microcode ee shalay 20231114.
Nuglaanta waxaa sababa xaqiiqda ah in xaaladaha microarchitectural qaarkood, fulinta tilmaamaha "REP MOVSB" lagu dhejiyay horgale "REX" xad dhaaf ah, taas oo horseedaysa dabeecad aan la qeexin. Dhibaatada waxaa la ogaaday intii lagu jiray tijaabinta horgalayaasha dheeraadka ah, taas oo aragti ahaan ay tahay in la iska indhatiro, laakiin ficil ahaan waxay keentay saameyn yaab leh, sida iska indho-tirka laamaha shuruuda ah iyo jebinta tilmaanta kaydinta xsave iyo tilmaamaha wac. Falanqaynta dheeraadka ah waxay muujisay in ku darista horgale aan caadi ahayn oo lagu daro "REP MOVSB" tilmaamaha ay sababto musuqmaasuqa waxa ku jira ROB (Dib-u-Order Buffer) ee loo isticmaalo si loo dalbado tilmaamaha.
Waxaa la aaminsan yahay in qaladku uu sababay xisaabinta khaldan ee cabbirka "MOVSB" ee tilmaamaha, taas oo horseedaysa in la jebiyo ciwaanka tilmaamaha loo qoray ROB baffer ka dib MOVSB ββoo leh horgale xad-dhaaf ah, iyo dhimista. Tilmaamaha tilmaame. Kala soocida noocan oo kale ah waxay ku koobnaan kartaa carqaladaynta xisaabinta dhexdhexaadka ah iyada oo dib loo soo celinayo dawladdii dhexda ahayd. Laakin haddii aad isku mar burburto koofiyado badan ama dunta SMT, waxa aad dhaawici kartaa in ku filan in uu shil ku dhaco gobolka yar-yar.
Source: opennet.ru