Kusagadzikana kutsva kwekuchengetedza kunobata ese ari maviri Intel uye akati wandei Arm processors achangobva kuburitswa, zvakare kuratidza matambudziko ari kubva mukufungidzira kuurayiwa muCPUs dzazvino. Kunyangwe dziviriro yekurwiswa seSpecter yatovepo, panguva ino boka rekutyora rakadaidzwa Kudzidzisa Solo humbowo hwekuti, kunyangwe nedziviriro inozivikanwa munzvimbo, masisitimu haana kuchengetedzeka zvachose.
zvakawanikwa Ivo vanobva kuVUSec timu yekutsvagisa, avo vakaratidza kuti matanho ekuzviparadzanisa pakati pemadomasi (semuenzaniso, pakati pemushandisi nekernel) haana kukwana kumisa kumwe kurwiswa kwechiteshi. Kudzidzisa Solo inosuma mitoo mitsva yokuputsa iyi kupatsanurwa kweropafadzo, zvichibvumira anorwisa kuti ashandise kufanotaura kwebazi mukati menzvimbo imwechete uye, semugumisiro, kubudirira kuburitswa kweruzivo rwakavanzika kubva kuhurongwa.
Chii chinonzi Kudzidzisa Solo uye ndeapi maCPU anokanganisa?
The Training Solo kurwisa kwakavakirwa kushandisa kufanotaura kwebazi (kufanotaura kwebazi), chinova chinhu chakakosha mumavakirwo emazuva ano kuti kukurumidze kuitwa kwekuraira. Vatsvakurudzi vakaona zvitatu zvakakosha zvekurwisa uku:
- Kurwiswa kwenhoroondo: Iwo anobata ese maIntel processors ane eIBRS, kusanganisira achangoburwa (Lunar Lake / Arrow Lake), uye mamwe maArm modhi.
- Sarudzo Yakananga Yakananga (ITS - CVE-2024-28956): Inowanikwa mu9th kusvika ku11th chizvarwa Intel Core CPUs, uye mu 2nd uye 3rd chizvarwa Xeon CPUs.
- Shumba Cove Nyaya (CVE-2025-24495): zvakanangana neIntel Lion Cove cores, senge idzo dzinowanikwa muLunar Lake uye Arrow Lake.
Kushandiswa kwekusagadzikana uku kunobvumira anorwisa, kunyangwe asina maropafadzo akakwirira, bvisa data kubva kukernel kana dzimwe nzvimbo dzakachengetedzwa dzendangariro. Semuenzaniso, vaongorori vakaratidza kuti vanogona kusefa pasi kusvika 17 KB pasekondi ye core memory mune ichangoburwa Intel processors. Uyezve, ivo vaona kuti mbiri dzeidzi nyaya dzinotyora zvachose kusarudzika pakati pemushandisi, muenzi, uye hypervisor, kuvhurazve mukana weiyo yekare Specter-v2-mhando yekurwisa.
Misiyano inoshanda sei uye nei ichionekwa sedambudziko
Kusvika ikozvino, zvaifungidzirwa kuti kupatsanurwa kwedomasi ndiyo yakanakisa kudzivirira pakurwisa kwerudzi urwu, sezvo kufanotaura kwebazi kwakangokanganiswa kana nzira yaigona kudzidzisa kubva kune imwe dura. Kudzidzisa Solo kunopikisa fungidziro iyi, sezvo ichibvumira kudzidziswa kwese uye kushandiswa kwemaitiro kuti kuitwe mukati meiyo dura, zvichiita kuti zvive zvakaoma kuona uye kuderedza.
Kurwiswa kwacho kunoshandisa nzira dzakadai sejekiseni rekuraira muBazi Target Buffer, kudhumhana mukero yebazi kero, uye kupindirana kwekusvetuka kwakananga nekusina kunanga. Nzira idzi dzinobudirira buritsa ruzivo rwakadzama senge mapassword kana zvimedu zvemavara. Uyezve, kumhanya kunowanikwa kwakawanda kudarika kukwana kukonzera kudonha kwakakosha munzvimbo dzakaoma.
Kugadzirisa Kudzidzisa Solo: Patches, Microcode, uye Mazano ekuderedza
Mhinduro yekusagadzikana iyi yakawanda. Munyaya yeIntel, zvakakosha Isa yazvino microcode update yakapihwa nemugadziri, iyo inogadzirisa matambudziko akaonekwa mukusvetuka kufanotaura. Kune sisitimu yekushandisa, zvakakosha kuti uvandudze iyo Linux kernel kune vhezheni inobatanidza zvigamba zvekuchenesa mamiriro ekufungidzira mukati memamiriro ezvinhu uye kuderedza ITS nezvimwe zvakasiyana. Munzvimbo dzakasarudzika, zvigamba zvakaburitswa zve hypervisors senge KVM.
Munyaya yeArm, kudzikisira kunotariswa kudivi rekernel uye zvinoenderana neiyo chaiyo modhi, sezvo pasina nzira imwe chete yekugadziridza microcode.
AMD CPUs haina kukanganiswa, sezvo yavo Auto IBRS nzira inodzivirira kufungidzira kuurayiwa kwekusvetuka kusina kunanga nenzira yakashandiswa mukurwiswa uku. Kukosha kwekugara uchiziva nezve Kumwe kusasimba kwakabatana neSpecter uye eBPF Izvo zvakakoshawo pakunzwisisa mamiriro ekutyisidzira aya.
Practical impact uye mazano
Kunyange zvazvo kushandiswa muzviitiko zvakawanda kunoda kuwanikwa kwehurongwa kana kushandiswa kwekodhi yemunharaunda, iyo inogona kuitika kuba kwezvitupa kana ruzivo rwakavanzika inoramba yakawanda. Vanamazvikokota vanopa zano kuita zvigadziriso zviripo nekukasira uye kugara vachitarisa chengetedzo yambiro ine chekuita nemishandirapamwe mitsva yerudzi urwu.
Pakati pezvakakanganiswa processors ndezvi: Intel Rocket Lake, Ice Lake, Tiger Lake, Comet Lake, Coffee Lake, Cascade Lake, Cooper Lake, uye zvizvarwa zvichangoburwa zveArm CPUs., kuwedzera kune yazvino mhando dzakadai seArrow Lake uye Lunar Lake. Muzviitiko zvese, zvinokurudzirwa kuita bvunzo dzekuita mushure mekushandisa zvigamba kuti uone kana madhirigi achiunza mari inooneka.
Iri boka rekusagadzikana rinoratidza izvozvo Side-channel kurwisa kuri kuramba kuchishanduka uye kuti kuva nemasisitimu akachengeteka kunoda kugara uchitariswa nekuvandudzwa, pamwe nekuzvipira kwakabatana kwevagadziri, vanogadzira sisitimu yekushandisa, uye vashandisi vepamberi.
