I-CROSSTalk - ubuthathaka kwi-Intel CPUs ekhokelela ekuvuzeni kwedatha phakathi kwee-cores

Iqela labaphandi abavela kwi-Vrije Universiteit Amsterdam lichonge entsha ukuba sesichengeni (CVE-2020-0543) kwizakhiwo ezincinci ze-Intel processors, eziphawulekayo kuba ikuvumela ukuba ubuyisele iziphumo zokwenza eminye imiyalelo eyenziwa kwenye i-CPU engundoqo. Obu bubuthathaka bokuqala kwindlela yokwenziwa komyalelo oqikelelwayo ovumela ukuvuza kwedatha phakathi kweecores ze-CPU (ngaphambili ukuvuza bekukhawulelwe kwimisonto eyahlukeneyo yondoqo omnye). Abaphandi babiza ingxaki ye-CROSTalk, kodwa Amaxwebhu e-Intel Ukuba sesichengeni kubhekiselwa kuyo njenge-SRBDS (iRejista eKhethekileyo yeSithinteli seSampulu seDatha).

Ukuba sesichengeni kunxulumene ne inikezelwe kunyaka odlulileyo kwiklasi ye-MDS (i-Microarchitectural Data Sampling) iingxaki kwaye isekelwe ekusebenziseni iindlela zokuhlalutya kwecala le-channel kwidatha kwizakhiwo ze-microarchitectural. Umgaqo wokusebenza I-CROSSTalk ikufutshane nokuba sesichengeni I-RIDL, kodwa iyahluka kwimvelaphi yokuvuza.
Ubuthathaka obutsha bulawula ukuvuza kwesikhuseli esiphakathi esingabhalwanga ngaphambili esabelwana ngazo zonke ii-CPU cores.


I-CROSSTalk - ubuthathaka kwi-Intel CPUs ekhokelela ekuvuzeni kwedatha phakathi kwee-cores

Umxholo wengxaki kukuba eminye imiyalelo ye-microprocessor, equka i-RDRAND, i-RDSEED kunye ne-SGX EGETKEY, iphunyezwe ngokusebenzisa i-SRR yangaphakathi ye-microarchitectural (iRejista eKhethekileyo yokuFunda). Kwiiprosesa ezichaphazelekayo, idatha ebuyiselweyo ye-SRR ifakwe kwi-buffer ephakathi eqhelekileyo kuzo zonke ii-CPU cores, emva koko idluliselwe kwi-buffer yokuzalisa ehambelana nombindi othile we-CPU apho umsebenzi wokufunda uqaliswe. Okulandelayo, ixabiso elisuka kwisithinteli sokuzalisa likhutshelwa kwiirejista ezibonakalayo kwizicelo.

Ubungakanani bendawo ephakathi ekwabelwana ngayo isithinteli ihambelana nomgca wecache, odla ngokuba mkhulu kunobungakanani bedatha efundwayo, kwaye ufundo olwahlukileyo luchaphazela ii-offsets ezahlukeneyo kwi-buffer. Ekubeni i-buffer ekwabelwana ngayo ikhutshelwa ngokupheleleyo kwi-buffer yokuzalisa, kungekhona kuphela isahlulo esifunekayo ekusebenzeni kwangoku esishukunyiswayo, kodwa kunye nedatha eseleyo evela kweminye imisebenzi, kubandakanywa naleyo yenziwa kwezinye ii-CPU cores.


I-CROSSTalk - ubuthathaka kwi-Intel CPUs ekhokelela ekuvuzeni kwedatha phakathi kwee-cores


I-CROSSTalk - ubuthathaka kwi-Intel CPUs ekhokelela ekuvuzeni kwedatha phakathi kwee-cores

Ukuba uhlaselo luphumelele, umsebenzisi wasekhaya oqinisekisiweyo kwinkqubo unokugqiba isiphumo sokwenza imiyalelo ye-RDRAND, i-RDSEED kunye ne-EGETKEY kwinkqubo yangaphandle okanye ngaphakathi kwe-Intel SGX enclave, kungakhathaliseki ukuba i-CPU ingundoqo apho ikhowudi iqhutywe khona.
Abaphandi abachonge ingxaki ipapashiwe Iprototype yokuxhaphaza ebonisa ukukwazi ukuvuza ulwazi malunga namaxabiso angahleliweyo afunyenwe nge-RDRAND kunye nemiyalelo ye-RDSEED ukufumana kwakhona isitshixo sabucala se-ECDSA esiqhutyelwe kwi-Intel SGX enclave emva kokwenza utyikityo lwedijithali kuphela kwinkqubo.


Dlala ividiyo

ingxaki esichengeni uluhlu olubanzi lwe-desktop, i-mobile kunye ne-server ye-Intel processors, kuquka i-Core i3, i-i5, i7, i-i9, i-m3, i-Celeron (i-J, i-G kunye ne-N series), i-Atom (i-C, i-E kunye ne-X series), i-Xeon (E3, E5, Iintsapho ze-E7 , i-W kunye no-D), i-Xeon Scalable, njl. Kuyaphawuleka ukuba i-Intel yaziswa ngobungozi ngoSeptemba ka-2018, kwaye ngoJulayi ka-2019 iprototype yokuxhaphaza yanikezelwa ebonisa ukuvuza kwedatha phakathi kwe-CPU cores, kodwa uphuhliso lolungiso lwalibaziseka ngenxa yobunzima bokuphunyezwa kwayo. Uhlaziyo lwe-microcode olucetywayo lwanamhlanje lulungisa umcimbi ngokutshintsha indlela yokuziphatha ye-RDRAND, i-RDSEED, kunye ne-EGETKEY imiyalelo yokubhala ngaphezulu idatha kwi-buffer ekwabelwana ngayo ukuthintela ulwazi olushiyekileyo ukuba luzinze apho. Ukongeza, ufikelelo lwe-buffer luyanqunyanyiswa de imixholo ifundwe kwaye ibhalwe kwakhona.

Isiphumo esisecaleni solu hlobo lokhuselo luyanda ukubambezeleka xa kusenziwa i-RDRAND, i-RDSEED, kunye ne-EGETKEY, kwaye kuncitshiswe i-throughput xa uzama ukuphumeza le miyalelo ngaxeshanye kwiiprosesa ezahlukeneyo ezinengqiqo. Ukwenza i-RDRAND, i-RDSEED, kunye ne-EGETKEY ikwanqumamisa ukufikelela kwimemori kwezinye iiprosesa ezinengqiqo. Ezi mpawu zinokuchaphazela kakubi ukusebenza kwezinye iinkqubo zeseva, ngoko ke i-firmware ibonelela ngendlela (RNGDS_MITG_DIS) ukukhubaza ukhuseleko lwe-RDRAND kunye nemiyalelo ye-RDSEED eyenziwa ngaphandle kwe-Intel SGX enclave.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster