Bathole ukuba sengozini kokubulawa okucatshangelwayo okuthinta i-AMD

Darkcrizt

Imizuzu ye-4

Iphrojekthi muva nje I-Grsecurity yaziwa ngokushicilelwa imininingwane kanye nedemo indlela yokuhlasela yokuba sengozini entsha (sekufakwe ohlwini njenge I-CVE-2021-26341) kumaphrosesa e-AMD ahlobene nokwenziwa kwemiyalelo eqagelayo ngemva kokusebenza okungenamibandela kokugxumela phambili.

Ukuba sengozini ivumela iphrosesa ukuthi icubungule ngokuqagela isiyalezo ngokushesha ngemva kokugxuma (SLS) ukuyala enkumbulweni ngesikhathi sokubulawa okucatshangelwayo. Ngesikhathi esifanayo, ukulungiselelwa okunjalo akusebenzi nje kuphela kuma-opharetha okugxuma okunemibandela, kodwa futhi nemiyalo ehilela ukugxuma okungenamibandela okuqondile, okufana ne-JMP, RET, ne-CALL.

Iziqondiso zegatsha ezingenamibandela zingalandelwa idatha engaqondile engahloselwe ukwenziwa. Ngemva kokunquma ukuthi igatsha alibandakanyi ukuqaliswa kwesitatimende esilandelayo, iphrosesa ivele ihlehlise isimo futhi ingakunaki ukubulawa okuqagelayo, kodwa ukulandela umkhondo wokusebenzisa imiyalelo kuhlala kunqolobane evamile futhi kuyatholakala ukuze kuhlaziywe kusetshenziswa izindlela ezisemaceleni zokuthola kabusha.

I-AMD ihlinzeka ngesibuyekezo sokunciphisa okunconyiwe, ukuncishiswa kwe-G-5, kuphepha elimhlophe elithi "Izindlela Zesofthiwe Yokuphatha Ukuqagela Kumaphrosesa e-AMD". Ukunciphisa i-G-5 kusiza ukubhekana nokuba sengozini okungenzeka okuhlobene nokuziphatha okuqagelayo kwemiyalelo yegatsha.

Abaphrosesa be-AMD bangase basebenzise imiyalelo okwesikhashana ngokulandela igatsha eliya phambili elingenamibandela elingase libangele umsebenzi wenqolobane

Njengokuxhashazwa kweSpecter-i-v1, ukuhlasela kudinga ukuba khona kokulandelana okuthile yeziqondiso (amagajethi) ku-kernel, okuholela ekubulaweni okucatshangelwayo.

Kulesi simo, ukuvimba ukuba sengozini kubilisa ekuhlonzeni amadivayisi anjalo kukhodi kanye nokwengeza imiyalelo eyengeziwe kuwo evimba ukubulawa okuqagelayo. Izimo zokubulawa okucatshangelwayo zingaphinda zidalwe kusetshenziswa izinhlelo ezingezona amalungelo ezisebenza emshinini wokubuka we-eBPF.

Lolu phenyo luholele ekutholakaleni kokuba sengozini okusha, i-CVE-2021-26341 [1] , esizoxoxa ngakho ngokuningiliziwe kulesi sihloko. Njengokujwayelekile, sizogxila ezicini zobuchwepheshe zokuba sengozini, ukuncishiswa okuphakanyiswe yi-AMD, kanye nezici zokuxhashazwa.

Ukuvimba ikhono lokwakha amadivayisi usebenzisa i-eBPF, kuyatuswa ukukhubaza ukufinyelela okungavunyelwe ku-eBPF ohlelweni ("sysctl -w kernel.unprivileged_bpf_disabled=1").

Ukuba sengozini kuthinta amaphrosesa asuselwe ku-Zen1 kanye ne-Zen2 microarchitecture:

desk

  • Iphrosesa ye-AMD Athlon™ X4
  • I-AMD Ryzen™ Threadripper™ PRO processor
  • Isizukulwane sesibili se-AMD Ryzen™ Threadripper™ processors
  • Isizukulwane sesithathu se-AMD Ryzen™ Threadripper™ processors
  • Isizukulwane sesi-XNUMX se-AMD A-series APU
  • I-AMD Ryzen™ 2000 Series Desktop processors
  • I-AMD Ryzen™ 3000 Series Desktop processors
  • I-AMD Ryzen™ 4000 Series Desktop processors ene-Radeon™ Graphics

Iselula

  • I-AMD Ryzen™ 2000 Series Processor
  • I-AMD Athlon™ 3000 Series Mobile processors ene-Radeon™ Graphics
  • I-AMD Ryzen™ 3000 Series processors noma isizukulwane sesibili se-AMD Ryzen™ Mobile processors ane-Radeon™ Graphics.
  • I-AMD Ryzen™ 4000 Series processors yeselula ene-Radeon™ Graphics
  • I-AMD Ryzen™ 5000 Series processors yeselula ene-Radeon™ Graphics

Chromebook

  • I-AMD Athlon™ Mobile processors ene-Radeon™ Graphics

Iseva

  • Isizukulwane sokuqala se-AMD EPYC™ processors
  • Isizukulwane sesibili se-AMD EPYC™ Processors

Kuthiwa uma ukuhlasela kuphumelele, ukuba sengozini kuvumela okuqukethwe kwezindawo zenkumbulo ngokunganaki ukuthi kunqunywe.

Ngenxa yalokhu kuba sengozini, kungase kwenzeke ukuhlonza abakhi bekhodi abalungile abakha amadivayisi e-SLS alinganiselwe kodwa asebenziseka kalula kuma-CPU athintekile. Njengoba kubonisiwe ngesibonelo se-eBPF, kuyenzeka futhi kusetshenziswe ubungozi ngamadivayisi akhiwe ngesandla, azijove wona ngokwawo. Indlela eyethulwe ingasetshenziswa, isibonelo, ukunqamula ukuncishiswa kwe-KASLR kwe-Linux kernel.

Isibonelo, abacwaningi balungiselele ukuxhaphaza okukuvumela ukuthi unqume ukwakheka kwekheli futhi udlule indlela yokuvikela i-KASLR (kernel memory randomization) ngokwenza ikhodi ngaphandle kwamalungelo ohlelweni olungaphansi lwe-eBPF kernel, ngaphezu kwezinye izimo zokuhlasela ezingavuza okuqukethwe kwenkumbulo ye-kernel akukhishwe.

Okokugcina uma unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.