Vatsvagiri paFree University yeAmsterdam kuziviswa ichangobva kuwanikwa kusagadzikana kutsva iri vhezheni yakawedzera yeSpecter-v2 kusagadzikana paIntel uye ARM processors.
Kusagadzikana kutsva uku, uko vakabhabhatidzwa seBHI (Bazi History Jekiseni, CVE-2022-0001), bhb (Bazi Renhoroondo Buffer, CVE-2022-0002) uye Specter-BHB (CVE-2022-23960), inoratidzwa nekubvumira kutenderedzwa kweeIBRS uye CSV2 nzira dzekudzivirira dzakawedzerwa kune processors.
Kusagadzikana kunotsanangurwa mukuratidzwa kwakasiyana kwenyaya imwe chete, sezvo BHI iri kurwisa kunobata akasiyana ropafadzo mazinga, semuenzaniso, mushandisi maitiro uye kernel, nepo BHB iri kurwiswa padanho rimwechete reropafadzo, semuenzaniso, eBPF JIT uye kernel.
Nezve kusagadzikana
Conceptually, BHI mutsauko wakawedzerwa weSpecter-v2 kurwisa, iyo yekunzvenga imwe dziviriro (Intel eIBRS uye Arm CSV2) uye orchestrate kudonha kwedata, kutsiviwa kwehunhu mubuffer nenhoroondo yebazi repasi rose (Bazi Renhoroondo Buffer), iyo inoshandiswa muCPU kuvandudza kufembera kwebazi. nekutora nhoroondo yekuchinja kwekare.
Mukati mekurwisa kuburikidza nemanipulations ane nhoroondo yekuchinja, mamiriro akagadzirirwa kufanotaura kusina kururama kweshanduko uye kuuraya kwekufungidzira yemirairo inodiwa, iyo mhedzisiro inoiswa mu cache.
Kunze kwekushandisa vhezheni yenhoroondo buffer pachinzvimbo cheshanduro yakanangana nebhafa, kurwiswa kutsva kwakafanana neSpecter-v2. Basa reanorwisa ndere kugadzira mamiriro ezvinhu zvekuti kero, kana uchiita oparesheni yekufungidzira, inotorwa kubva munzvimbo yedata ririkutemerwa.
Mushure mekuita fungidziro yekusvetuka isina kunanga, iyo kero yekusvetuka yakaverengwa kubva mundangariro inoramba iri mu cache, mushure meiyo imwe yenzira yekuona zviri mukati me cache inogona kushandiswa kuitora zvichienderana nekuongororwa kweshanduko yenguva yekuwana cache uye isina kuvharwa. data.
Vatsvagiri vakaratidza kushandiswa kunoshanda kunobvumira nzvimbo yemushandisi kuburitsa data risingawirirani kubva kukernel memory.
Semuenzaniso, inoratidza kuti, uchishandisa iyo yakagadzirirwa, zvinokwanisika kubvisa kubva kune kernel buffers tambo ine hashi yemudzi password yemushandisi, yakatakurwa kubva pa /etc/shadow file.
Iko kushandiswa kunoratidza kugona kushandisa kusazvibata mukati meiyo ropafadzo nhanho (kernel-to-kernel kurwisa) uchishandisa mushandisi-yakarodha eBPF chirongwa. Iko mukana wekushandisa iripo Specter gadget mune kernel kodhi, zvinyorwa zvinotungamira kune yekufungidzira kuurayiwa kwemirayiridzo, hazvirambidzwewo kunze.
Kunetseka inoonekwa pane akawanda azvino Intel processors, kunze kweAtomu mhuri yema processor uye mune akati wandei eArM processors.
Zvinoenderana netsvagiridzo, kusazvibata hakuzviratidze pa AMD processors. Kugadzirisa dambudziko racho, nzira dzakawanda dzakarongwa. software yekuvhara kusazvibata, iyo inogona kushandiswa isati yaonekwa yekudzivirira kwehardware mune ramangwana reCPU modhi.
Kuvhara kurwiswa kuburikidza ne eBPF subsystem, sZvinokurudzirwa kudzima nekutadza kugona kurodha eBPF zvirongwa nevashandisi vasina kodzero nekunyora 1 kufaira "/proc/sys/kernel/unprivileged_bpf_disabled" kana nekushandisa murairo "sysctl -w kernel .unprivileged_bpf_disabled=1".
Kuvhara kurwiswa kuburikidza nemagetsi, zvinokurudzirwa kushandisa murairo weLFENCE muzvikamu zvekodhi izvo zvinogona kutungamirira kukuuraya kwekufungidzira. Zvinokosha kuziva kuti iyo yekumisikidzwa kweakawanda kugoverwa kweLinux yatove nematanho anodiwa ekudzivirira akakwana kudzivirira kurwiswa kweBPF kunoratidzwa nevatsvagiri.
Kurudziro yeIntel yekudzima kupinda kwakashata kuBPF inoshandawo nekukasira kutanga neLinux kernel 5.16 uye ichaendeswa kumapazi ekutanga.
Chekupedzisira, kana iwe uchida kukwanisa kuziva zvakawanda nezvazvo, unogona kubvunza iwo ruzivo mu inotevera chinongedzo.