I-AMD iveze ubuthakathaka (CVE-2025-54518) kuma-processor asekelwe ku-microarchitecture ye-Zen 2 ebangela ukonakala kwe-object code cache. Ukusetshenziswa ngempumelelo kwalokhu buthakathaka kuvumela imiyalelo ye-CPU ukuthi isetshenziswe ezingeni eliphezulu lamalungelo. Empeleni, lobu buthakathaka bungase buvumele ukwanda kwamalungelo, isibonelo, ukusebenzisa ikhodi ngamalungelo e-kernel kusuka esikhaleni somsebenzisi noma ukufinyelela indawo yokusingatha kusuka kumshini obonakalayo.
Ubuthakathaka butholwe ngabasebenzi be-AMD; imininingwane yokuxhashazwa ayikatholakali okwamanje. Kuthiwa inkinga ibangelwa ukuhlukaniswa okungafanele kwezinsiza ezabiwe lapho kwenziwa imisebenzi nge-cache yekhodi yento ye-CPU. Ngokonakalisa izinto eziku-cache, umhlaseli angashintsha imiyalelo esetshenziswe ezingeni elihlukile lamalungelo.
Ubuthakathaka buthinta kuphela amaprosesa e-AMD asekelwe ku-microarchitecture ye-Zen2 (Fam17h). Inkinga ithinta i-Xen hypervisor futhi ingasetshenziswa ukugwema ukuhlukaniswa. Kushicilelwe ama-patches ezinguqulo ze-Xen 4.17 kuya ku-4.21. Isixazululo sokuvimba ubuthakathaka naso sithunyelwe ukuze sifakwe ku-kernel. Linux.
Ubungozi bulungisiwe ekwindla edlule kuma-desktop namaselula e-AMD Ryzen 3000, 4000, 5000, 7020, 7030, kanye nama-Threadripper PRO 3000 WX CPU. Kuma-CPU e-AMD Ryzen Embedded V2000, ubungozi bulungisiwe ekupheleni kukaDisemba. Inkinga ayikalungiswa kuma-processor ochungechunge lwe-AMD EPYC 7002, futhi kuhlongozwa ukuthi ivinjwe ezingeni lesistimu yokusebenza.
Source: opennet.ru
