ProHoster > Ibhulogi > iindaba ze-intanethi > Ubusengozini be-Intel Spoiler bufumene iwonga elisemthethweni, kodwa akukho patch kwaye ayizukubakho

Ubusengozini be-Intel Spoiler bufumene iwonga elisemthethweni, kodwa akukho patch kwaye ayizukubakho

Ngolunye usuku, i-Intel ikhuphe isaziso malunga nokunikezelwa kwesazisi esisemthethweni se-Spoiler sesichengeni. Ukuba sesichengeni kweSpoiler kwaziwa kwinyanga ephelileyo emva kwengxelo yeengcali zeWorcester Polytechnic Institute eMassachusetts kunye neDyunivesithi yaseLübeck (eJamani). Ukuba yiyo nayiphi na intuthuzelo, i-Spoiler iya kufakwa kuluhlu lweenkcukacha zobungozi njengomngcipheko CVE-2019-0162. Kwi-pessimists, siyakwazisa: I-Intel ayizukukhulula iipatches ukunciphisa umngcipheko wokuhlaselwa usebenzisa i-CVE-2019-0162. Ngokutsho kwenkampani, iindlela eziqhelekileyo zokulwa nokuhlaselwa kwe-channel-channel inokukhusela kwi-Spoiler.

Ubusengozini be-Intel Spoiler bufumene iwonga elisemthethweni, kodwa akukho patch kwaye ayizukubakho

Qaphela ukuba i-Spoiler vulnerability (CVE-2019-0162) ngokwayo ayikuvumeli ukufumana idatha ye-user-sensitive data ngaphandle kolwazi lomsebenzisi. Esi sisixhobo nje sokuqinisa kunye nokwenza uqhekezo usebenzisa ubungozi beRowhammer esele busaziwa kakhulu. Olu hlaselo luhlobo lohlaselo lwetshaneli esecaleni kwaye lwenziwa ngokuchasene nememori ye-DDR3 nge-ECC (iKhowudi yokuLungisa impazamo) jonga. Kusenokwenzeka ukuba imemori ye-DDR4 ene-ECC inokuba sesichengeni se-Rowhammer, kodwa oku akukaqinisekiswa ngokulinga. Kwimeko nayiphi na into, ngaphandle kokuba siphose into ethile, kwakungekho miyalezo malunga noku.

Usebenzisa iSpoiler, unokudibanisa iidilesi ezibonakalayo kunye needilesi ezibonakalayo kwimemori. Ngamanye amazwi, qonda ukuba zeziphi iiseli zememori ezifuna ukuhlaselwa usebenzisa i-Rowhammer ukuze ubuyisele idatha kwimemori yomzimba. Ukutshintsha amasuntswana amathathu kuphela edatha kwinkumbulo ngexesha kudlula i-ECC kwaye unike umhlaseli inkululeko yokwenza. Ukufikelela kwimephu yedilesi, kufuneka ube nofikelelo kwinqanaba lomsebenzisi ongenalo ilungelo kwikhompyuter. Le meko iyayinciphisa ingozi ye-Spoiler, kodwa ayiyikuphelisa. Ngokutsho kweengcali, ingozi ye-Spoiler ngamanqaku angama-3,8 kwi-10 enokwenzeka.

Ubusengozini be-Intel Spoiler bufumene iwonga elisemthethweni, kodwa akukho patch kwaye ayizukubakho

Zonke iiprosesa ze-Intel Core ukuya kuthi ga kwisizukulwana sokuqala zichaphazeleka kubuthathaka be-Spoiler. Ukutshintsha i-microcode ukuyivala kuya kukhokelela ekunciphiseni okubukhali ekusebenzeni kweprosesa. "Emva kokuphononongwa ngononophelo, i-Intel igqibe kwelokuba ukhuseleko lwe-kernel olukhoyo olunje nge-KPTI [Kernel Memory Isolation] lunciphisa umngcipheko wokuvuza kwedatha ngamanqanaba akhethekileyo. "I-Intel icebisa ukuba abasebenzisi balandele iindlela eziqhelekileyo zokunciphisa ukuxhatshazwa kobu buthathaka [buhlaselo lwe-channel-channel]."




umthombo: 3dnews.ru

Yongeza izimvo