Mva nje I-Intel ikhuphe iinkcukacha malunga neklasi entsha yokuvuza kwedatha ngolwakhiwo oluncinci lwezakhiwo zabaqhubekekisi, ezivumela, ngokuguqulwa kweMMIO (Isiphumo seMemori eMapped) indlela, ukumisela ulwazi oluqhutywe kwezinye iicores ze-CPU.
Ngokomzekelo, ubuthathaka buvumela ukutsalwa kwedatha kwezinye iinkqubo, Intel SGX enclaves okanye oomatshini virtual. Ubuthathaka buthe ngqo kwi-Intel CPUs kuphela; Iiprosesa ezivela kwabanye abavelisi abachatshazelwa bubuthathaka.
Iindlela ezintathu ziye zachongwa Ukukhupha idatha eshiyekileyo ngeMMIO:
- DRPW (irejista yesixhobo esiyinxalenye bhala, CVE-2022-21166): Umba onokuphathwa ngendlela engalunganga ubhalela ezinye iirejista zeMMIO. Ukuba ubungakanani bedatha ebhaliweyo bungaphantsi kobukhulu belog, ulwazi olushiyekileyo oluvela kwi-buffers yokuzalisa lukhutshelwa kwilogi. Ngenxa yoko, inkqubo eqalise umsebenzi ongagqibekanga wokubhala kwirejista yeMMIO inokufumana idatha eshiywe kwii-buffers ze-microarchitectural emva kwemisebenzi eyenziwa kwezinye ii-CPU cores.
- SBDS (ISampulu yeDatha yeBuffer ekwabelwana ngayo, i-CVE-2022-21125) -Intsalela yedatha evuzayo ukusuka kwi-core-bound bound buffer yokuzalisa, eye yehla ngenxa yokufuduka kwiibuffers eziphakathi eziqhelekileyo kuzo zonke ii-cores.
- I-SBDR (Ukufunda iDatha kwi-Shared Buffers, i-CVE-2022-21123) - Umba ufana ne-SBDS, kodwa uhluke ekubeni idatha eseleyo ingangena kwizakhiwo ze-CPU ezibonakalayo kwizicelo. Imiba ye-SBDS kunye ne-SBDR yenzeka kuphela kwiiprosesa zabaxumi kunye nosapho lwe-Intel Xeon E3 yeseva.
Uhlaselo ifuna ufikelelo kwiMMIO, leyo, ngokomzekelo, inokufumaneka kwiinkqubo ze-virtualization ezibonelela ngokukwazi ukufikelela kwi-MMIO kwiinkqubo zeendwendwe ezilawulwa ngumhlaseli. Ulungiso lusenokufuneka kwiinkqubo ezisebenzisa i-Intel SGX ezizimeleyo (Izandiso zeSoftware Guard) ezivalelweyo.
Ukuthintela ukuba sesichengeni kufuna zombini uhlaziyo lwe-firmware kunye ukusetyenziswa kweendlela ze ukhuseleko olongezelelweyo lwesoftware ngokusekelwe kusetyenziso lomyalelo we-VERW wokucoca imixholo ye-microarchitectural buffers ekubuyeni ukusuka kwikernel ukuya kwindawo yomsebenzisi okanye xa ulawulo lukhutshelwe kwisistim yeendwendwe.
Kwakhona se usebenzisa ukhuseleko olufanayo ukuvimba uhlaselo ichongwe ngaphambili kwi-MDS (Microarchitectural Data Sampling), SRBDS (Special Register Buffer Data Sampling), kunye neeklasi zeTAA (Transactional Asynchronous Abortion).
Obu buthathaka ayilohlaselo oludlulayo. Nangona kunjalo, obu buthathaka bunokusasaza idatha yakudala kwi-kernel yokuzalisa ii-buffers apho idatha inokuchazwa kamva ngohlaselo lokubulawa kwexeshana olungathotywanga.
Ukunciphisa obu buthathaka kubandakanya indibaniselwano yohlaziyo lwe-microcode kunye notshintsho lwesoftware, kuxhomekeke kwiqonga kunye nemodeli yokusetyenziswa. Ezinye zezi nciphiso ziyafana nezo zisetyenziselwa ukunciphisa isampulu yedatha ye-architectural (MDS) okanye ezo zisetyenziselwa ukunciphisa iisampulu yedatha yesithinteli esikhethekileyo (SRBDS).
Obu buthathaka banikwe obu bungozi bulandelayo kunye nezichongi (CVE) kunye nenguqulelo 3.1 amanqaku.
Kwicala le-microcode, utshintsho oluyimfuneko ukuphumeza ukhuseleko lucetywayo kwi-May microcode update ye-Intel CPUs (IPU 2022.1).
Ukhuseleko lubandakanyiwe kwi-Linux kernel ngokuchasene neklasi entsha yohlaselo kwiinguqulelo ezahlukeneyo ezixhaswayo.
Ifayile "/sys/devices/system/cpu/vulnerabilities/mmio_stale_data" yongezwa kwi-Linux kernel ukuze kungqinwe ukuchaphazeleka kwenkqubo kubuthathaka beMMIO kunye nokuvavanya umsebenzi weendlela ezithile zokhuseleko.
Umongo yodidi lobuthathaka ichongiwe kukuba eminye imisebenzi ikhokelela ekukopeni okanye ekuhambiseni idatha eshiyekileyo emva kokuphunyezwa kwezinye ii-CPU cores ukusuka kwesinye isithinteli solwakhiwo ukuya kwenye. Ubuthathaka kwi-MMIO buvumela le datha ishiyekileyo ukuba idluliselwe ukusuka kwi-buffers ye-microarchitectural ekwanti ukuya kwiirejista ezibonakalayo zesicelo okanye ii-CPU buffers.
Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha kwi eli khonkco lilandelayo.