Achọpụtara ọhụụ ọhụrụ na Intel processors

Intel

Intel weputara ozi banyere klas ọhụrụ nke adịghị ike na ndị nhazi ya: MDS (Microarchitecture Data Sampling), ZombieLoad n'etiti ndị ọzọ.

Dị ka ọgụ Spectre klas n'elu, nsogbu ohuru nwere ike ibute ibanye data sistemụ arụmọrụ, mebere igwe na mpụga Filiks. A na-arụ ụka na ndị ọrụ Intel na ndị mmekọ mbụ gosipụtara nsogbu ndị ahụ n'oge nyocha nke ime.

Dabere na nsogbu ndị amatara, ndị nyocha na Mahadum Nka na ụzụ nke Graz (Austria) wepụtara ọtụtụ mwakpo bara uru site na ọwa ndị ọzọ.

Chọpụta ọma

ZombieLoad (PDF, iji ụdị maka Linux na Windows): le na-enye ohere mmịpụta nke ozi nzuzo site na usoro ndị ọzọ, sistemụ arụmọrụ, mebere igwe na-echebe enclaves (TEE, Tụkwasịrị Obi igbu Environment).

Dịka ọmụmaatụ, enwere ike ịchọpụta mmeghe peeji nke akụkọ na ihe nchọgharị Tor nke na-arụ ọrụ na igwe arụmọrụ ọzọ, yana iji weghachite igodo nnweta na okwuntughe ejiri na ngwa.

Gbanyụọ (PDF, koodu maka nkwenye): le na-enye gị ohere ịhazi leakage ozi n'etiti ebe dịpụrụ adịpụ na Intel processors, dị ka jupụta nchekwa, nchekwa nchekwa, na ọdụ ụgbọ mmiri.

A na-egosipụta ihe atụ nke ọgụ ahụ maka nzukọ nchịkọta nke usoro ndị ọzọ, sistemụ arụmọrụ, igwe arụmọrụ, na mkpuchi echekwara. Ọmụmaatụ, ọ na-egosi otu esi achọpụta ọdịnaya nke mgbọrọgwụ paswọọdụ hash nke / wdg / onyinyo n'oge oge nyocha mgbalị (ọgụ were awa 24).

Ọzọkwa, imeghe ibe obi ojoo na SpiderMonkey engine na-egosi ihe omuma nke otu esi agha agha Javascript (Na ihe nchọgharị zuru oke nke oge a, ọgụ dị otú ahụ agaghị abụ n'ihi oke izi ezi nke ngụ oge na usoro iji kpuchido Specter.)

Dachapụ (PDF): le na-enye gị ohere ịgụ data ndị edepụtara na sistemụ arụmọrụ nso nso a ma chọpụta atụmatụ nke ebe nchekwa sistemụ iji kwado ọgụ ndị ọzọ;

Storelọ ahịa na-ebupụ ebugharị: na-erigbu nchekwa nchekwa nchekwa CPU ma enwere ike iji ya gbanye usoro kernel address randomization (KASLR), iji nyochaa ahụike sistemụ arụmọrụ, ma ọ bụ ịhazi mkpọpu ya na ngwaọrụ ndị dabere na Specter.

CVE-2018-12126 - MSBDS (Microarchitecture Buffer Data Sampling), nke weghachite ọdịnaya nke nchekwa nchekwa. Ejiri ya na mbuso agha agha. A kọwara ogo ya na isi 6.5 (CVSS)

CVE-2018-12127 - MKP (microarchitectural chaja n'ọdụ ụgbọ mmiri data nlele), nke weghachiri ọdịnaya nke odori ọdụ ụgbọ mmiri. Ejiri na ọgụ RIDL. CVSS 6.5

CVE-2018-12130 - MFBDS (Microarchitecture Padding Buffer Data Sampling), nke weghachite ọdịnaya nke padding buffers. Ejiri na mwakpo ZombieLoad na RIDL. CVSS 6.5

CVE-2019-11091 - MDSUM (Achọpụtaghị ihe nchekwa nke microarchitecture data sampling), nke weghachite ọdịnaya nke ncheta na-abụghị nke echekwabara. Ejiri na ọgụ RIDL. CVSS 3.8

Ebumnuche nke nsogbu ndị akọwapụtara bụ ohere nke itinye usoro nyocha site na ọwa ndị ọzọ na data na micro-architectural owuwu nke ngwa anaghị enwe nnweta.

E meelarị ihe ngwọta

En Linux kernel, MDS agbakwunyere nchebe taa mmelite 5.1.2, 5.0.16, 4.19.43, 4.14.119 na 4.9.176.

Usoro nchebe dabere na ihicha ọdịnaya nke microarchitectural na-echekwa mgbe ịlaghachi site na kernel gaa ohere onye ọrụ ma ọ bụ mgbe ị na-ebufe njikwa na usoro nnabata, nke eji eji ntuziaka VERW.

Enweelarịrị mmelite ngwugwu maka RHEL na Ubuntu, ma o nwebeghị maka Debian, Fedora, na SUSE.

Ihe ngwọta iji gbochie nkwụsị data data igwe maka Xen na VMware hypervisor.

Iji kpuchido sistemụ arụmọrụ nke na-agba ọsọ iwu L1D_FLUSH tupu ị nyefee njikwa na igwe ọzọ mebere, yana iji kpuchido Intel SGX enclaves, mezie microcode.

Patches dịkwa maka NetBSD, FreeBSD, ChromeOS, Windows, na macOS (enweghị mmezi maka OpenBSD ma).


Ọdịnaya nke isiokwu agbaso ụkpụrụ anyị nke ụkpụrụ nduzi. Kpesa mmejọ pịa ebe a.

Bụrụ onye mbụ ịza ajụjụ

Hapu okwu gi

Adreesị email gị agaghị bipụtara.

*

*

  1. Rụ ọrụ maka data: Miguel Ángel Gatón
  2. Nzube nke data: Nchịkwa SPAM, njikwa okwu.
  3. Ikike: Nkwenye gị
  4. Nkwurịta okwu nke data: Agaghị agwa ndị ọzọ data ahụ ma ọ bụghị site na iwu.
  5. Nchekwa data: Ebe nchekwa data nke Occentus Networks (EU) kwadoro
  6. Ikike: Oge obula inwere ike igbachi, weghachite ma hichapụ ihe omuma gi.

bool(ezi)