Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Kwiintsuku ezimbalwa ezidlulileyo a Umphandi weqela lokhuseleko likaGoogle, ukhutshiwe iindaba endizibhaqileyo ukuba sesichengeni (sele zidweliswe phantsi kwe-CVE-2023-20593) kwiiprosesa ze-AMD ngokusekwe kwiZen2 microarchitecture enokusetyenziswa ukubona iirejista ngelixa ezinye iinkqubo zisebenza kumbindi weCPU ofanayo.
Oku buthathaka kuthathwa njengento ebalulekileyo, ekubeni uhlaselo lunokuthi lwenziwe kumatshini obonakalayo kunye neendawo ezizimeleyo. Ngokwenyani, umba ufana nobuthathaka obuqhelekileyo bokusetyenziswa-emva-kwasimahla okubangelwa kukufikelela kwimemori emva kokuba ikhululiwe.
Ingxaki yenzeka nge I-AMD Ryzen 3000, iRyzen PRO 3000, iRyzen Threadripper 3000, iRyzen 4000 eneRadeon Graphics, iRyzen PRO 4000, iRyzen 5000 eneRadeon Graphics, iRyzen 7020 eneRadeon Graphics. kunye nothotho lweeprosesa I-EPYC 7002.
Ngokumalunga nokuba sesichengeni, kukhankanyiwe ngenxa yokuba kwiiprosesa, ukugcina umxholo weerejista, ifayile yerejista (RF, iFayile yokuBhalisa) isetyenzisiwe, olulungiselelo olwabelwana ngayo kuyo yonke imisebenzi kwisiseko esifanayo. ICPU. IThebhile yoLwabiwo lweeRekhodi (i-RAT) inoxanduva lokuqhoboshela iirekhodi ezinamagama athile kwizibonelelo zefayile yelog. Kule meko, ixabiso le-zero ligcinwe kwirejista kungekhona ngokugcina ixabiso elingenanto kwifayile yerejista, kodwa ngokucwangcisa iflegi ye-z-bit kwitafile ye-RAT.
Ukuba sesichengeni kungenxa yokuba ukuba i-z bit icwangcisiwe ngexesha lofezekiso oluqikelelwayo yemiyalelo, akwanelanga ukuyicwangcisa ngokutsha kwimeko yoqikelelo olubi lwesebe, njengoko isithuba kwifayile yelog sinokwabiwa ngokutsha kuphumezo oluqikelelwayo.
Isiphumo esityhiliweyo senzeka xa ingxelo ithiywa ngaxeshanye, umyalelo apho udibaniso oludityanisiweyo lusetyenzisiweyo, kwaye umyalelo we-VZEROUPPER vector uyaqikelelwa ukuba icwangcisa i z bit kwaye ikhulula oovimba kwifayile yelog. Ukuba uqikelelo lwesebe aluphumeleli kwaye umsebenzi oqikelelwayo we-VZEROUPPER ubuyiselwe umva, iziqulatho zerejista ze-vector zingonakaliswa, ekubeni i-z-bit iqengqiwe, kodwa isibonelelo esikhululiwe sihlala singalahlwanga.
Ngokusetyenziswa komyalelo we-VZEROUPPER, kunokwenzeka ukufezekisa ukuvuza okulawulwayo kwedatha ecutshungulwayo kwiirejista ze-YMM ze-vector ezisetyenziswe kwi-AVX (i-Advanced Vector Extensions) kunye ne-SSE (i-Streaming SIMD Extensions) iindlela. Ezi rejista zisetyenziswa ngokusebenzayo kwikopi yememori kunye nemisebenzi yokucubungula umtya, umzekelo kwilayibrari ye-Glibc isetyenziswe kwimisebenzi ye-memcpy, strcmp kunye ne-strlen.
Ukubonisa ubuthathaka, ebizwa ngokuba yiZenbleed, iprototype exploit sele ilungisiwe evumela umsebenzisi ongafanelekanga ukuba aqinisekise idatha eqhutywe kwi-AES-NI okanye kwi-REP-MOVS imiyalelo (edla ngokusetyenziswa kwi-memcpy function), enokusetyenziswa ukuphinda kwakhiwe izitshixo ze-encryption kunye ne-passwords yomsebenzisi, ezicutshungulwe kwezinye iinkqubo, kubandakanywa namalungelo. Intsebenzo yokuvuza kwedatha ye-exploit imalunga ne-30 KB ngesekhondi.
Ukuba sesichengeni elungisiwe kwinqanaba lokuhlaziya i-microcode. Kwi-Linux isiqwenga silungiselelwe ukukhuphela i-microcode elungisiweyo. Nangona ukuba akunakwenzeka ukuhlaziya i-microcode, kukho i-workaround yokuthintela ubuthathaka, okukhokelela ekunciphiseni ukusebenza.
Ukwenza oku, intwana yolawulo DE_CFG[9] kufuneka iqwalaselwe kwi-CPU kwaye kule nto, kwi-terminal, lo myalelo ulandelayo kufuneka uchwethezwe:
Kuyafaneleka ukukhankanya ukuba ukukhubaza imodi ye-SMT akuthinteli ukuba sesichengeni kunye nokulungiswa kokuthintela ukuxhatshazwa kwaphunyezwa ngaphakathi kohlaziyo lwe-kernel 6.4.6, 6.1.41, 5.15.122, 5.10.187, 5.4.250 kunye ne-4.19.289.
Ku unomdla ekulandeleni ulwazi lobuthathaka kunikezelo olwahlukeneyo, bangayenza kula maphepha alandelayo: Debian, Ubuntu, Gentoo, RHEL, USUSE, Fedora, igophe, I-OpenBSD, FreeBSD, NetBSD.
Okokugqibela, ukuba unomdla wokwazi ngakumbi ngayo, ungajongana neenkcukacha kwi ukulandela ikhonkco.