I-Training Solo: Ukuba sengozini kwe-Specter-v2 okuthinta ama-Intel CPUs

David Y. Naranjo

Imizuzu ye-4

ubungozi

Abacwaningi baseVrije Universiteit Amsterdam kwaziwe, ngeposi lebhulogi, kuya ku-"Ukuqeqesha uSolo, umndeni omusha wokuhlaselwa kwe-Specter-v2 esebenzisa amaphutha ekuqaguleni okuqagelayo ukuze aphule imingcele yezokuphepha phakathi kwezindawo zokubulala ezinelungelo nezingenalungelo, okuthinta ngokuqondile ama-Intel CPU.

Amasu amasha vumela okuqukethwe okubucayi ukuthi kukhishwe ku-kernel noma i-hypervisor ngesivinini esingafika ku-17 KB ngomzuzwana, ngisho nakumasistimu asebenzisa ukuncishiswa kwesimanje okufana ne-IBPB, i-eIBRS, noma i-BHI_NO.

Ukuqeqesha i-Solo, ubuso obusha be-Specter-v2 buvela kabusha ngamandla

Selokhu yatholwa, i-Specter-v2 ibe ngesinye sezigaba ezinzima kakhulu zokukhubazeka ukuze kuncishiswe ngenxa yesimo sayo sokuqagela kanye "I-Training Solo», futhi kwethulwa inkinga ebalulekile, njengoba ingadingi noma iyiphi ikhodi elawulwa umhlaseli ukuthi ithonye isibikezelo segatsha, kodwa esikhundleni salokho incike ezincekwini zekhodi ezikhona (amagajethi) ngaphakathi kwe-kernel noma i-hypervisor ukuqeqesha isibikezeli endaweni yomsebenzisi.

Umsebenzi wethu ubonisa ukuthi abahlaseli bangaduna ngokuqagela ukugeleza kokulawula ngaphakathi kwesizinda esifanayo (isb., i-kernel) futhi bavuze izimfihlo kumingcele yamalungelo, bavuselele izimo ze-Specter-v2 zakudala ngaphandle kokuthembela kumabhokisi esihlabathi anamandla njenge-eBPF. Sidale isethi yokuhlola entsha ukuze sihlaziye isibikezelo segatsha esimweni sokuziqeqesha.

Abaphenyi babonise lokho ngokukhohlisa la magajethi (isb. ukusebenzisa izihlungi ze-SECCOM ezisuselwa ku-cBPF) ukubulawa okuqagelayo kungenziwa evuza idatha kusuka ohlelweni olukhethekile.

Ngale ndlela, ebizwa ngokuthi "ukuqeqeshwa komuntu ngamunye", umlando wombikezeli ungashintshwa yezimfoloko ukuze ukweqa okungalungile kwenzeke ngesikhathi sokubulawa kokuqagela, ngomgomo wokuvuza okuqukethwe kwenkumbulo ngemiphumela engemihle kunqolobane.

I-Los Ukuhlasela kweSolo kokuqeqesha kuza ngezinhlobonhlobo ezintathu, ngayinye isebenzisa ubuthakathaka obuhlukene:

  1.  Ukushintsha umlando wegatsha ngamagajethi e-kernel: Isebenzisa izingcingo zesistimu njenge-SECCOMP, lapho izihlungi zingaheha amagatsha aqagelayo angamanga, inkumbulo evuzayo ngamanani angu-1,7 KB/s ku-Intel Tiger Lake kanye ne-Lion Cove CPUs.
  2.  Ukushayisana kwesikhombi somyalelo (IP) kubhafa yokubikezela igatsha (BTB): Lapha, amagatsha amabili ahlukene angaqondile angathonya elinye nelinye uma amakheli awo eshayisana kusigcinalwazi, okuvumela izindawo okuyiwa kuzo ukuba zingabikezelwa ngokungeyikho.
  3.  Imithelela phakathi kwamagatsha aqondile nabangaqondile: Le nqubo, esekelwe ekubeni sengozini okubili (CVE-2024-28956 (ITS) kanye ne-CVE-2025-24495), isebenzisa indlela amagatsha aqondile angathonya ngayo ukubikezelwa kwamagatsha angaqondile. Kusetshenziswa le ndlela, i-hashi ye-root password itholwe ngemuva kokusebenza i-passwd -s ngemizuzwana engama-60.

Umsebenzi wethu ugxile ekwephuleni ukuhlukaniswa kwesizinda ngokuklama ngokuzihlasela ngokuziqeqesha. Kodwa-ke, izinkinga ze-hardware ezitholwe kusethi yethu yokuhlola nazo zithinta ukuqaliswa kokuhlukaniswa, njengoba kucatshangwa ukuthi amagatsha aqondile ngeke asetshenziselwe ukuqeqesha amagatsha angaqondile. 

Umthelela kanye nobubanzi bokuba sengozini okusha

Ukuhlaselwa kuthinta anhlobonhlobo Intel CPUs, okuhlanganisa imigqa edumile efana ne-Coffee Lake, i-Tiger Lake, i-Ice Lake ne-Rocket Lake, kanye namaseva esizukulwane sesibili nesi-2 se-Xeon. Ngokwengeziwe, izakhiwo zeLunar Lake kanye ne-Arrow Lake nazo zisengozini ngaphansi kwe-CVE-3-2025.

Ukunciphisa lokhu kuhlasela, I-Intel ikhiphe isibuyekezo se-microcode esethula umyalelo omusha: IBHF (Indirect Branch History Fence), eklanyelwe ukuvimbela ukungcoliswa komlando wegatsha. Lolu shintsho kufanele lwenziwe ngokusobala ngemva kwanoma iyiphi ikhodi ethinta isibikezelo segatsha. Kuma-CPU amadala, kunconyiwe ukusebenzisa izixazululo zesofthiwe ezisula umlando mathupha.

Ngokwengxenye yabo, abathuthukisi be-kernel be I-Linux isivele iqalile ukuhlanganisa ama-patches ukuze imelane nalezi zindlela, okuhlanganisa nezinyathelo ezisusa ukweqa okungaqondile ezindaweni ezibucayi kanye nokuvikelwa ku-cBPF.

I-AMD, ngakolunye uhlangothi, ikuqinisekisile lokho Lezi zindlela ungawathinti amaphrosesa akho. I-ARM ibonise ukuthi ama-chips ayo amadala kuphela, ngaphandle kosekelo lwezandiso ze-FEAT_CSV2_3 kanye ne-FEAT_CLRBHB, azodalulwa.

Okokugcina, uma ungathanda ukwazi okwengeziwe ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.