前几年中处理器职业爆出了一波安全缝隙,其间熔毁meltown及鬼魂spectre波及最广,现在这些安全事件还没完,Intel及荷兰大学的研究人员又发现了类似的缝隙,其间Intel及ARM处理器大量中招,不过AMD又躲过一劫,没受影响。

In the past few years, a wave of security flaws broke out in the processor industry, among which Meltown and Ghost Spectre were the most widespread. Now these security incidents are not over yet, and researchers from Intel and Dutch universities have discovered similar flaws. ARM processors were hit a lot, but AMD escaped and was not affected.

According to the news released by Intel, the vulnerability discovered this time is a branch history injection (BHI) similar to a ghost vulnerability, which is also a kind of estimated attack, and can bypass Intel eIBRS and Arm CSV2, the latter two are the two companies targeting ghosts Patch released by the vulnerability, the attack can read the data of the processor core and thus gain access to sensitive information.

How big is this gap? Almost every generation of processors on Intel’s side since the Haswell-based Core 4000 series may be affected, including the latest 12th-generation Core, except for low-end ATOM processors.

The ARM side is also widely affected. Cortex and Neoverse core processors, including A15, A57, A72, X1, X2, and Neoverse N1, N2 processors will be affected.

The good news is that these two companies will soon launch new patches to solve the gap problem. The principle is similar to the ghost gap, and they have already experienced it.

AMD has not been affected by anything, which is similar to the previous ghost gap.

依据Intel发布的消息,这次发现的缝隙为分支前史注入 (BHI)类似于鬼魂缝隙,也是一种估测攻击,并且可以绕过Intel eIBRS 和 Arm CSV2,后两个是两家公司针对鬼魂缝隙推出的补丁,该攻击可以读取处理器内核的数据,从而拜访灵敏信息。

这个缝隙影响有多大?Intel这边从Haswell架构的酷睿4000系列以来的简直每一代处理器都有可能遭到影响,包含最新的12代酷睿,只要低端的ATOM处理器除外。

ARM这边也相同影响广泛,Cortex和Neoverse内核的处理器,包含A15、A57、A72、X1、X2,以及Neoverse N1、N2在内的处理器都会受影响。

好消息是这两家公司很快也会推出新补丁解决缝隙问题,究竟原理跟鬼魂缝隙差不多,早就有应对经历了。

AMD这边没遭到啥影响,跟之前的鬼魂缝隙情况差不多。

发表评论

后才能评论