Iinkcukacha zobuthathaka kwindlela ye-MMIO ye-Intel processors zityhiliwe

Mva nje I-Intel ikhuphe iinkcukacha malunga neklasi entsha yokuvuza kwedatha ngolwakhiwo oluncinci lwezakhiwo zabaqhubekekisi, ezivumela, ngokukhohlisa kweMMIO (iMemory Mapped Input Output) indlela, ukumisela ulwazi oluqhutywe kwezinye iicores ze-CPU.

Ngokomzekelo, ubuthathaka buvumela ukutsalwa kwedatha kwezinye iinkqubo, Intel SGX enclaves, okanye oomatshini virtual. Ubuthathaka buthe ngqo kwi-Intel CPUs kuphela; abaqhubekeki beqela lesithathu abachatshazelwa bubuthathaka.

Iindlela ezintathu ziye zachongwa. ukukhupha idatha eshiyekileyo ngeMMIO:

  • I-DRPW (Iirejista yeSixhobo esiInxenye Bhala, CVE-2022-21166) - Umba onokuphathwa ngendlela engafanelekanga ubhalela ezinye iirejista zeMMIO. Ukuba ubungakanani bedatha ebhaliweyo bungaphantsi kobukhulu belog, ulwazi olushiyekileyo kwi-buffers yokuzalisa lukhutshelwa kwilogi. Ngenxa yoko, inkqubo eqalise umsebenzi ongagqibekanga wokubhala kwirejista yeMMIO inokufumana idatha eshiywe kwi-microarchitecture buffers emva kwemisebenzi eyenziwa kwezinye ii-CPU cores.
  • SBDS (ISampulu yeDatha yeBuffer ekwabelwanayo ngayo, i-CVE-2022-21125) - Ukuvuza kwedatha eshiyekileyo ukusuka kwi-kernel-bound bound fill buffer, eye yawa ngenxa yokufuduka kwii-buffers eziqhelekileyo eziphakathi ukuya kuzo zonke ii-kernel.
  • I-SBDR (Funda iDatha kwi-Shared Buffers, i-CVE-2022-21123): Umba ufana ne-SBDS, kodwa iyahluka kuba idatha eseleyo ingangena kwizakhiwo ze-CPU ezibonakalayo kwizicelo. Imiba ye-SBDS kunye ne-SBDR yenzeka kuphela kwiiprosesa zabaxumi kunye ne-Intel Xeon E3 yosapho lweeseva.

Uhlaselo ifuna ufikelelo kwiMMIO, leyo, ngokomzekelo, inokufumaneka kwiinkqubo ze-virtualization ezibonelela ngokukwazi ukufikelela kwi-MMIO kwiinkqubo zeendwendwe ezilawulwa ngumhlaseli. Ulungiso lunokufuneka kwakhona kwiinkqubo ezisebenzisa i-Intel SGX ezizimeleyo (Izandiso zeSoftware Guard) enclaves.

Ukuthintela ukuba sesichengeni kufuna zombini uhlaziyo lwe-firmware kunye ukusetyenziswa kweendlela ukhuseleko olongezelelweyo lwesoftware ngokusekelwe kusetyenziso lomyalelo we-VERW wokucoca imixholo ye-microarchitecture buffers ngexesha lokubuya kwi-kernel kwindawo yomsebenzisi okanye xa ulawulo lukhutshelwe kwisistim yeendwendwe.

Kwakhona se usebenzisa ukhuseleko olufanayo ukuthintela uhlaselo Iiklasi ezichongiweyo ngaphambili ze-MDS (i-Microarchitectural Data Sampling), i-SRBDS (iSampulu yeeNkcukacha eziKhethekileyo zeRekhodi yeBuffer), kunye ne-TAA (i-Transactional Asynchronous Abortion).

Obu buthathaka ayilohlaselo lokubulawa kwexeshana. Nangona kunjalo, obu buthathaka bunokusasaza idatha yakudala kwi-kernel yokuzalisa ii-buffers apho idatha inokuchazwa kamva ngohlaselo lokubulawa kwexeshana olungathotywanga.

Ukunciphisa obu buthathaka kubandakanya indibaniselwano yohlaziyo lwemicrocode kunye notshintsho lwesoftware, kuxhomekeke kwiqonga kunye nemodeli yokusetyenziswa. Ezinye zezi nciphiso ziyafana nezo zisetyenziselwa ukunciphisa isampulu yedatha ye-microarchitectural (MDS) okanye ezo zisetyenziselwa ukunciphisa isampulu yedatha yesithinteli esikhethekileyo (SRBDS).

Obu buthathaka banikwe oku kulandelayo kuMngcipheko oQhelekileyo kunye ne-Exposure Identifiers (CVE) kunye nenguqulo 3.1 amanqaku

Kwicala le-microcode, utshintsho olufunekayo ukuphumeza ukhuseleko lucetywayo kuhlaziyo lwe-microcode kaMeyi ye-Intel CPUs (IPU 2022.1).

Kwi-Linux kernel, ukhuseleko lubandakanyiwe ngokuchasene neklasi entsha yohlaselo kwiinguqulelo ezahlukeneyo ezixhaswayo.

Ifayile "/sys/devices/system/cpu/vulnerabilities/mmio_stale_data" yongezwa kwi-Linux kernel ukujonga ukuchaphazeleka kwenkqubo kwi-MMIO kunye nokuvavanya umsebenzi weendlela ezithile zokukhusela. 

Umongo yodidi lobuthathaka ichongiwe kukuba eminye imisebenzi ikhokelela ekukopeni okanye ekuhambiseni idatha eshiywe emva kokuphunyezwa kwezinye ii-CPU cores ukusuka kwesinye isithinteli solwakhiwo oluncinci ukuya kwenye. Ubuthathaka kwi-MMIO buvumela le datha ishiyekileyo ukuba idluliselwe ukusuka kwi-buffers ye-microarchitectural ekwanti ukuya kwiirejista ezibonakalayo zesicelo okanye ii-CPU buffers.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha kwi eli khonkco lilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.