Waxay heleen nuglaanta fulinta male-awaalka ah ee saameeya AMD

Darkcrizt

Daqiiqado 4

Mashruuca dhawaan Nabadgelyada ayaa lagu ogaaday daabacaad faahfaahinta iyo demo hab weerar ee nuglaanta cusub (oo horeba loogu taxay CVE-2021-26341) on Processor-yada AMD ee la xidhiidha fulinta tilmaamaha mala-awaalka ah ka dib hawlgallo horudhac ah oo shuruud la'aan ah.

Nuglaanta Waxay u ogolaataa processor-ku inuu si mala-awaal ah u shaqeeyo tilmaanta isla markiiba ka dib boodboodka (SLS) tilmaamaha xusuusta inta lagu jiro fulinta mala-awaalka ah. Isla mar ahaantaana, hagaajinta noocan oo kale ah kuma shaqeyso kaliya hawlwadeenada boodboodka, laakiin sidoo kale tilmaamaha ku lug leh boodboodka shuruud la'aanta ah, sida JMP, RET, iyo CALL.

Tilmaamaha laanta shuruud la'aanta waxaa raaci kara xog aan sabab lahayn oo aan loogu talagalin in la fuliyo. Kadib markii la go'aamiyay in laantu aysan ku lug lahayn fulinta bayaan soo socda. Processor-ku si fudud ayuu dib ugu rogaa gobolka oo iska dhega tiraa fulinta mala-awaalka ah, laakiin raadraaca fulinta tilmaamaha ayaa ku haray kaydka guud oo diyaar u ah falanqaynta iyadoo la adeegsanayo hababka dib u soo celinta kanaalka.

AMD waxay ku siinaysaa cusboonaysiin ku saabsan dhimista lagu taliyey, dhimista G-5, ee "Farsamada Software-ka ee Maareynta Malaha ee Processors AMD" warqad cad. Yaraynta G-5 waxay caawisaa wax ka qabashada dayacanka iman kara ee la xidhiidha hab-dhaqanka mala awaalka ah ee tilmaamaha laanta.

Soo-saareyaasha AMD waxa laga yaabaa inay si ku-meel-gaar ah u fuliyaan awaamiirta iyagoo raacaya laan hore oo shuruud la'aan ah taasoo keeni karta hawlo kayd ah

Sida ka faa'iidaysiga Spectre-v1, weerarku wuxuu u baahan yahay joogitaanka taxane gaar ah Tilmaamaha (qalabka) ee kernel-ka, taas oo horseedaysa fulinta malo-awaal ah.

Xaaladdan oo kale, xannibaadda nuglaanshaha waxay hoos ugu dhacdaa in la aqoonsado aaladahaas koodka oo lagu daro tilmaamo dheeraad ah iyaga oo xannibaya fulinta malo-awaalka ah. Shuruudaha fulinta mala-awaalka ah ayaa sidoo kale lagu abuuri karaa iyadoo la adeegsanayo barnaamijyada aan mudnaanta lahayn ee ku shaqeeya mashiinka farsamada ee eBPF.

Baadhitaankani waxa uu natiijadii helay helida nuglaanta cusub, CVE-2021-26341 [1] , oo aan si faahfaahsan uga hadli doono maqaalkan. Sida caadiga ah, waxaan diiradda saari doonaa dhinacyada farsamada ee nuglaanshaha, yaraynta ay soo jeedisay AMD, iyo dhinacyada ka faa'iidaysiga.

Si loo joojiyo awoodda lagu dhisayo aaladaha iyadoo la adeegsanayo eBPF, waxaa lagu talinayaa in la joojiyo gelitaanka aan mudnaanta lahayn eBPF nidaamka ("sysctl -w kernel.unprivileged_bpf_disabled=1").

Nuglaanta waxay saamaysaa soosaarayaasha ku salaysan Zen1 iyo Zen2 microarchitecture:

Miiska

  • AMD Athlon ™ X4 Processor
  • AMD Ryzen ™ Threadripper ™ Processor Processor
  • Jiilka XNUMXaad ee AMD Ryzen™ Threadripper™ Processors
  • Jiilka XNUMXaad ee AMD Ryzen™ Threadripper™ Processors
  • Jiilka XNUMX-aad AMD A-taxane APU
  • AMD Ryzen™ 2000 Taxanaha Mashiinnada Mashiinnada
  • AMD Ryzen™ 3000 Taxanaha Mashiinnada Mashiinnada
  • AMD Ryzen™ 4000 Taxanaha Mashruucyada Desktop-ka ee Radeon™ Graphics

Moobaylka

  • AMD Ryzen™ 2000 Taxanaha Mobile Processor
  • AMD Athlon™ 3000 Taxane Processors Mobile oo wata sawirada Radeon™
  • AMD Ryzen™ 3000 Taxanaha Mobile Processors ama Jiilka XNUMXaad AMD Ryzen™ Mobile Processors oo wata Radeon™ Graphics
  • AMD Ryzen ™ 4000 Taxane Processors Mobile oo wata Radeon™ Graphics
  • AMD Ryzen ™ 5000 Taxane Processors Mobile oo wata Radeon™ Graphics

Chromebook

  • AMD Athlon™ Processors Mobile oo wata Radeon™ Graphics

Server

  • Jiilka Koowaad ee AMD EPYC™ Processors
  • Jiilka XNUMXaad ee AMD EPYC™ Processors

Waxaa la sheegay in haddii weerarka lagu guuleysto. nuglaanta waxay ogolaataa in la go'aamiyo waxa ku jira meelaha xusuusta aan loo baahnayn.

Nuglaantan awgeed, waxa suurtagal noqon karta in la aqoonsado kood dhismayaal xaddidan balse laga faa'iidaysan karo aaladaha SLS ee CPU-yada ay saamaysay. Sida lagu muujiyay tusaalaha eBPF, waxa kale oo suurtogal ah in dayacanka looga faa'iidaysto qalab gacan lagu dhisay, oo la isku duro. Habka la soo bandhigay ayaa loo isticmaali karaa, tusaale ahaan, si loo jebiyo yaraynta KASLR ee kernel Linux.

Tusaale ahaan, cilmi-baarayaashu waxay diyaariyeen ka faa'iidaysi kuu ogolaanaya inaad go'aamiso qaabka cinwaanka oo aad ka gudubto habka ilaalinta KASLR (kernel memory randomization) adigoo fulinaya koodka iyada oo aan mudnaanta la siinin nidaamka hoosaadka kernel eBPF, marka lagu daro xaaladaha kale ee weerarka ee soo daadi kara Waxa ku jira xusuusta kernel lama meesha laga saaray.

Finalmente haddii aad xiisaynayso inaad wax yar ka ogaato, waad hubin kartaa faahfaahinta Xiriirka soo socda.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.