Sehlopha sa bafuputsi ba Vrije Universiteit Amsterdam se khethile ts'oaetso e ncha meahong e menyenyane ea li-processor tsa Intel le ARM, e leng mofuta o atolositsoeng oa ts'oaetso ea Specter-v2, e lumellang motho ho feta mekhoa ea ts'ireletso ea eIBRS le CSV2 e kentsoeng ho li-processor. . Ho ba kotsing ho fanoe ka mabitso a 'maloa: BHI (Injection ea Histori ea Lekala, CVE-2022-0001), BHB (Buffer ea Histori ea Lekala, CVE-2022-0002) le Specter-BHB (CVE-2022-23960), e hlalosang lipontšo tse fapaneng tsa bothata bo tšoanang (BHI - tlhaselo e amang maemo a fapaneng a litokelo, mohlala, ts'ebetso ea mosebedisi le kernel, BHB - tlhaselo e boemong bo tšoanang ba tokelo, mohlala, eBPF JIT le kernel).
Bafuputsi ba bonts'itse ts'ebetso e sebetsang e lumellang data e sa lebelloang hore e ntšoe mohopolong oa kernel sebakeng sa mosebelisi. Ka mohlala, ho bontšoa hore na, ka tšebeliso e lokiselitsoeng, ho ka khoneha ho ntša khoele ho tloha kernel buffers ka hash ea password ea motso, e laetsoeng ho tloha faeleng ea /etc/shadow. Ketso e bonts'a monyetla oa ho sebelisa hampe ho ba kotsing ka har'a boemo bo le bong ba tokelo (kernel-to-kernel attack) ho sebelisoa lenaneo la eBPF le imetsoeng ke basebelisi. Hape hoa khoneha ho sebelisa ho e-na le lisebelisoa tsa eBPF tse teng tsa Specter ka har'a khoutu ea kernel, tatellano ea litaelo tse lebisang ho phethisoeng ha litaelo tse inahaneloang.
Kotsi e hlaha ho li-processor tse ngata tsa morao-rao tsa Intel, ntle le li-processor tse tsoang lelapeng la Atom. Har'a li-processor tsa ARM, Cortex-A15, Cortex-A57, Cortex-A7*, Cortex-X1, Cortex-X2, Cortex-A710, Neoverse N1, Neoverse N2, Neoverse V1 'me mohlomong li-chips tsa Cortex-R li angoa ke bothata. Ho latela lipatlisiso, ts'oaetso ha e hlahe ho li-processor tsa AMD. Ho felisa bothata, ho 'nile ha etsoa tlhahiso ea mekhoa e mengata ea software ho thibela ts'oaetso, e ka sebelisoang pele ho hlaha ha tšireletso ea hardware mefuteng e tlang ea CPU.
Ho thibela litlhaselo ka subsystem ea eBPF, ho khothaletsoa ho tima ka ho sa feleng bokhoni ba basebelisi ba se nang monyetla ba ho jarolla mananeo a eBPF ka ho ngola 1 faeleng "/proc/sys/kernel/unprivileged_bpf_disabled" kapa ho tsamaisa taelo "sysctl -w kernel. unprivileged_bpf_disabled=1”. Ho thibela litlhaselo tsa lisebelisoa, ho kgothaletswa ho sebelisa taelo ea LFENCE libakeng tsa khoutu tse ka lebisang polaong e inahaneloang. Hoa hlokomeleha hore tlhophiso ea kamehla ea liphaello tse ngata tsa Linux e se e ntse e na le mehato e hlokahalang ea ts'ireletso e lekaneng ho thibela tlhaselo ea eBPF e bontšitsoeng ke bafuputsi. Litlhahiso tsa Intel tsa ho thibela phihlello e se nang monyetla ho eBPF le tsona ke tsa kamehla ho tloha Linux kernel 5.16 mme li tla khutlisetsoa makaleng a pejana.
Ka mohopolo, BHI ke mofuta o atolositsoeng oa tlhaselo ea Specter-v2, eo ho eona, ho feta ts'ireletso e ekelitsoeng (Intel eIBRS le Arm CSV2) le ho hlophisa ho lutla ha data, phallo ea boleng e sebelisoa Buffer ea Histori ea Lekala, e sebelisoang ho CPU ho ntlafatsa ponelopele. nepahalo ya makala ka ho ela hloko nalane ya diphetoho tse fetileng. Nakong ea tlhaselo, ka ho qhekella le histori ea liphetoho, maemo a bōptjoa bakeng sa ho bolela esale pele ka mokhoa o fosahetseng oa phetoho le ts'ebetso e inahaneloang ea litaelo tse hlokahalang, phello ea eona e qetellang ka cache.
Ntle le ho sebelisa Buffer ea Histori ea Lekala sebakeng sa Branch Target Buffer, tlhaselo e ncha e ts'oana le Specter-v2. Mosebetsi oa mohlaseli ke ho theha maemo a hore aterese, ha e etsa ts'ebetso e inahaneloang, e nkiloeng sebakeng sa data e hlalositsoeng. Kamora ho tlola ka mokhoa o sa tobang, aterese ea ho tlola e baloang ho tsoa mohopolong e sala e le ka har'a cache, ka mor'a moo ho ka sebelisoa e 'ngoe ea mekhoa ea ho tseba se ka har'a cache ho e fumana ho ipapisitse le tlhahlobo ea liphetoho nakong ea phihlello ho cached le e sa ts'oaroang. data.
Source: opennet.ru