I-Intel ikhiphe imininingwane mayelana nesigaba esisha sokuba sengozini kuma-processor ayo: MDS (Microarchitecture Data Sampling), ZombieLoad phakathi kwabanye.
Njengokuhlaselwa kwesigaba seSpecter ngenhla, izingqinamba ezintsha zingaholela ekuvuzeni kwedatha yesistimu yokusebenza evaliwe, imishini ebonakalayo nezinqubo zangaphandle. Kuthiwa izinkinga zaqala ukukhonjwa ngabasebenzi nabalingani be-Intel ngenkathi kwenziwa ucwaningo lwangaphakathi.
Ngokuya ngezinkinga ezihlonziwe, abacwaningi baseTechnical University yaseGraz (e-Austria) bahlakulele ukuhlaselwa okuningana okusebenzayo ngeziteshi ezivela eceleni.
Ukuba sengozini okukhonjiwe
ZombieLoad (I-PDF, sebenzisa uhlobo oluthile lweLinux neWindows): le ivumela ukukhishwa kolwazi oluyimfihlo kwezinye izinqubo, amasistimu okusebenza, imishini ebonakalayo nezindawo ezivikelwe (i-TEE, Imvelo Yokwenza Othenjwayo).
Isibonelo, ikhono lokunquma umlando wokuvula ikhasi kusiphequluli se-Tor esisebenza komunye umshini obonakalayo, kanye nokuthola okhiye bokufinyelela namaphasiwedi asetshenziswe kuzinhlelo zokusebenza, kubonisiwe.
I-RIDL (I-PDF, ikhodi yokuqinisekisa): le Ikuvumela ukuthi uhlele ukuvuza kwemininingwane phakathi kwezindawo ezahlukahlukene ezizimele kuma-processor we-Intel, njengama-buffers okugcwalisa, amabha okugcina kanye namachweba okushaja.
Izibonelo zokuhlaselwa ziboniswa ngenhlangano evuzayo yezinye izinqubo, isistimu yokusebenza, imishini ebonakalayo, nezindawo ezivikelwe. Isibonelo, kukhombisa ukuthi ungakuthola kanjani okuqukethwe yiphasiwedi ye-hashi ye / / etc / shadow ngesikhathi sokuzama ukuqinisekiswa ngezikhathi ezithile (ukuhlaselwa kuthathe amahora angama-24).
Futhi, ukuvula ikhasi elinonya enjinini yeSpiderMonkey kukhombisa isibonelo sendlela yokuhlasela kweJavaScript (Ezipheqululini zesimanje ngokugcwele, lokho kuhlasela akunakwenzeka ukuthi kubangelwe ukunemba okulinganiselwe kwesibali sikhathi nezinyathelo zokuvikela kuSpecter.)
fallout (PDF): le ikuvumela ukuthi ufunde idatha esanda kuqoshwa ngohlelo lokusebenza futhi unqume ukwakhiwa kwememori yohlelo lokusebenza ukwenza lula okunye ukuhlaselwa;
Ukudlulisela Ekugcinweni Ukuvuza: kuxhashazwa ama-CPU wokugcina wesitoreji futhi ingasetshenziselwa ukweqa inqubo ye-kernel space space randomization (KASLR), ukuqapha impilo yohlelo lokusebenza, noma ukuhlela ukuvuza kuhlanganiswe namadivayisi asuselwa kuSpecter.
I-CVE-2018-12126 - i-MSBDS (Microarchitecture Buffer Data Sampling), ebuyisela okuqukethwe kokugcina isitoreji. Isetshenziswe ekuhlaselweni kokuwa. Ubukhulu buchazwa kumaphuzu we-6.5 (CVSS)
I-CVE-2018-12127 - MLPDS (isampula yedatha yokushaja ethekwini encane), ebuyisa okuqukethwe yizimbobo zokushaja. Kusetshenziswe ekuhlaselweni kwe-RIDL. I-CVSS 6.5
I-CVE-2018-12130 - MFBDS (Microarchitecture Padding Buffer Data Sampling), ebuyisela okuqukethwe kuma-padding buffers. Isetshenziswe ekuhlaselweni kweZombieLoad neRIDL. I-CVSS 6.5
I-CVE-2019-11091 - MDSUM (Imemori engalungiseki yesampuli yedatha yesakhiwo esincanyana), ebuyisa okuqukethwe kwimemori engahlali isikhathi. Kusetshenziswe ekuhlaselweni kwe-RIDL. I-CVSS 3.8
Ingqikithi yezinkinga ezihlonziwe kungenzeka ukusebenzisa izindlela zokuhlaziya ngokusebenzisa iziteshi ezivela eceleni kudatha ezakhiweni ezincanyana zokwakha lapho izinhlelo zokusebenza zingafinyeleli ngqo khona.
Izixazululo sezivele zitholakale
En i-Linux kernel, ukuvikelwa kwe-MDS kungeziwe kuzibuyekezo zanamuhla 5.1.2, 5.0.16, 4.19.43, 4.14.119 no-4.9.176.
Indlela yokuvikela isuselwe ekususeni okuqukethwe kwama-microarchitectural buffers lapho ibuya kusuka ku-kernel iye esikhaleni somsebenzisi noma lapho idlulisela isistimu yohlelo lokusingathwa, okusetshenziselwa yona umyalo we-VERW.
Izibuyekezo zephakheji sezivele zikhishiwe ye-RHEL ne-Ubuntu, kepha ayikatholakali ku-Debian, Fedora, ne-SUSE.
Isixazululo sokuvimba ukuvuza kwedatha yemishini ebonakalayo senzelwe iXen hypervisor neVMware.
Ukuvikela amasistimu we-virtualization asebenzisa umyalo we-L1D_FLUSH ngaphambi kokudlulisela isilawuli komunye umshini obonakalayo, nokuvikela i-Intel SGX enclaves, mane uvuselele imicrocode.
Ama-Patches ayatholakala nge-NetBSD, FreeBSD, ChromeOS, Windows, ne-MacOS (akukho ukulungiswa kwe-OpenBSD okwamanje)).