Masu bincike daga ƙungiyar Google Project Zero sun bayyana a cikin 'yan kwanakin da suka gabata a cikin rubutun blog cewa sun gano rauni (CVE-2021-29657) a cikin hypervisor na KVM (wani tushe ne na tushen tushen Linux wanda ke tallafawa ingantaccen kayan aiki akan x86, ARM, PowerPC, da S / 390) cewa ba ka damar kaucewa keɓewar tsarin baƙo da kuma gudanar da lambarka a gefen mahallin mai masaukin
Sanarwar ta ambaci cewa matsalar yana bayyana daga kwayar Linux 5.10-rc1 zuwa v5.12-rc6, watau Yana rufe kernel 5.10 da 5.11 kawai (Yawancin yawancin raƙuman rassan rarrabawa matsalar ba ta shafi su ba.) Matsalar tana nan a cikin nested_svm_vmrun inji, wanda aka aiwatar ta amfani da AMD SVM (Tsaro Virtual Machine) da kuma ba da izinin ƙaddamar da tsarin baƙi.
A cikin wannan shafin yanar gizon, na bayyana raunin rauni a cikin takamaiman lambar KVM na AMD kuma in tattauna yadda wannan kwaron zai iya zama cikakken tsere na inji. Kamar yadda na sani, wannan shine rubutun farko na jama'a game da fashewar baƙo-da-karɓar baƙi wanda ba ya dogara da kwari a cikin abubuwan sararin mai amfani kamar QEMU.
An sanya kuskuren da aka tattauna CVE-2021-29657, yana shafar nau'ikan kwaya v5.10-rc1 zuwa v5.12-rc6, kuma an yi facin a ƙarshen Maris 2021. Kamar yadda kwaron kawai ya zama mai amfani a cikin v5.10 kuma an gano shi kimanin watanni 5 daga baya, yawancin abubuwan da aka tura KVM ba za a shafa su ba. Har yanzu ina tsammanin matsalar matsala ce mai ban sha'awa a cikin aikin da ake buƙata don haɓaka tsererar baƙi-zuwa-mai karɓar bakunci akan KVM kuma ina fatan wannan labarin zai iya tabbatar da cewa sasantawar hypervisor ba kawai matsalolin ka'idoji bane.
Masu binciken sun ambaci cewa don daidai aiwatar da wannan aikin, dole ne hypervisor ya katse duk umarnin SVM Gudun kan tsarin baƙi, kwaikwayon halinta da aiki tare da jihar tare da kayan aikin, wanda aiki ne mai wahala.
Bayan nazarin ƙaddamar da KVM da aka gabatar, masu bincikens sun sami kuskuren hankali wanda zai ba da damar abubuwan cikin MSR (Takamaiman takamaiman samfuri) na rundunar za a rinjayi daga tsarin baƙo, wanda za'a iya amfani dashi don aiwatar da lambar a matakin mai masaukin baki.
Musamman, gudanar da aiki na VMRUN daga baƙi na gida na biyu (L2 da aka ƙaddamar daga wani baƙo) yana haifar da kira na biyu zuwa nested_svm_vmrun kuma yana lalata tsarin svm-> nested.hsave, wanda aka lullubeshi da bayanai daga vmcb daga tsarin baƙi na L2 .
A sakamakon haka, halin da ake ciki ya faru inda a matakin baƙon L2 yana yiwuwa a ba da ƙwaƙwalwar ajiya a cikin tsarin svm-> nested.msrpm, wanda ke adana bitar MSR, duk da cewa ana ci gaba da amfani da shi, da samun damar MSR na rundunar muhalli.
Wannan yana nufin, alal misali, cewa ana iya bincika ƙwaƙwalwar baƙo ta hanyar zubar da ƙwaƙwalwar da aka ware na aikin sararin mai amfani da ita ko kuma iyakokin albarkatu don lokacin CPU da ƙwaƙwalwar ajiya ana iya aiwatar da su cikin sauƙi.
Bugu da ƙari, KVM na iya sauke yawancin aikin da ke da alaƙa da kwaikwayon na'urar zuwa ɓangaren sararin mai amfani.
Matsalar tana cikin lambar da aka yi amfani da ita akan tsarin tare da masu sarrafa AMD (kvm-amd.ko module) kuma baya bayyana akan masu sarrafa Intel.
A waje da wasu na'urori masu saurin tasiri wadanda ke aiki tare da katsewa, dukkanin hadaddun lambar ƙananan tsari don samar da faifai na kamala, hanyar sadarwa, ko damar GPU za'a iya tura su a sararin mai amfani.
Masu binciken ban da bayyana matsalar Sun kuma shirya samfurin aiki na amfani wanda ke ba da damar yin amfani da tushen harsashi daga yanayin baƙo a cikin mahalli mai masauki akan tsarin tare da mai sarrafa AMD Epyc 7351P da kernel na Linux 5.10.
An lura cewa wannan shine bako na farko da ya dauki bakuncin rauni a cikin KVM hypervisor kanta, ba ta da alaƙa da kwari a cikin abubuwan sararin mai amfani kamar QEMU. An yarda da gyaran a cikin kernel a ƙarshen Maris.
Finalmente idan kuna sha'awar ƙarin sani game da shi game da bayanin kula, zaku iya bincika bayanan A cikin mahaɗin mai zuwa.