{"id":123,"date":"2018-06-15T17:49:52","date_gmt":"2018-06-15T09:49:52","guid":{"rendered":"http:\/\/cms.aaasec.com.tw\/?p=123"},"modified":"2018-06-18T20:08:24","modified_gmt":"2018-06-18T12:08:24","slug":"0013","status":"publish","type":"post","link":"https:\/\/cms.aaasec.com.tw\/index.php\/2018\/06\/15\/0013\/","title":{"rendered":"CPU\u8106\u5f31\u9ede(CVE-2017-5753\u3001CVE-2017-5754\u3001CVE-2017-5715)"},"content":{"rendered":"

\"\"<\/p>\n

<\/p>\n

\u95dc\u65bc\u8fd1\u65e5\u7206\u767c\u7684CPU\u8106\u5f31\u9ede(CVE-2017-5753\u3001CVE-2017-5754\u3001CVE-2017-5715)[1]\uff0c\u5c0f\u7de8\u6574\u7406\u4e00\u4e9b\u8cc7\u6599\u5f8c\u5206\u6790\u72c0\u6cc1\u5982\u4e0b\uff0c\u63d0\u4f9b\u5927\u5bb6\u53c3\u8003\u3002<\/p>\n

\u672c\u6b21\u767c\u73fe\u7684\u653b\u64ca\u5206\u70ba\u5169\u90e8\u5206\u540d\u70baMeltdown\u53caSpectre\uff0c\u7686\u7531Google\u7684\u5718\u968a\u6240\u767c\u73fe\uff0c\u5be6\u4f5c\u65b9\u6cd5\u6709\u6240\u5dee\u7570\u3002(\u5169\u7a2e\u653b\u64ca\u76ee\u524d\u90fd\u5728\u9a57\u8b49\u968e\u6bb5\uff0c\u66ab\u6642\u6c92\u6709\u5be6\u969b\u7684\u653b\u64ca\u78bc\u5916\u6d41)<\/p>\n

\u4ee5\u4e0b\u5206\u5169\u90e8\u5206\u63cf\u8ff0\uff1a<\/p>\n

1) Meltdown<\/strong>
\n\uff0a\u5229\u7528CVE-2017-5754\u5be6\u65bd\uff0c1995\u4ee5\u4f86\uff0cIntel\u9664\u4e86Intel Itanium\u53caIntel Atom\u5916\u7684\u8655\u7406\u5668\u90fd\u53d7\u6b64\u5f31\u9ede\u6ce2\u53ca\u3002
\n\uff0a\u96d6\u7136\u767c\u4f48\u8005\u4e0d\u78ba\u5b9aAMD\u7684\u8655\u7406\u5668\u662f\u5426\u4ea6\u64c1\u6709\u76f8\u540c\u5f31\u9ede\uff0c\u4f46\u773e\u591a\u6587\u737b\u53caAMD\u672c\u8eab\u5747\u8868\u793a\uff0cAMD\u7cfb\u7d71\u662f\u4e0d\u5b58\u5728\u8a72\u5f31\u9ede\u7684\u3002[2]
\n\uff0a\u8a72\u5f31\u9ede\u53ef\u4ee5\u8b93User\u5c64\u7d1a\u7684\u7a0b\u5f0f\u7e5e\u904e\u9632\u8b77\u5b58\u53d6\u7cfb\u7d71\u5c64\u7d1a\u7684\u8a18\u61b6\u9ad4\u5167\u5bb9\u3002[3]
\n\uff0a\u6b64\u5f31\u9ede\u53ef\u5728\u5404\u7a2eOS\u5be6\u4f5c\uff0c\u4e0d\u904e\u76ee\u524d\u5404\u7cfb\u7d71\u90fd\u5df2\u5148\u5f8c\u767c\u4f48\u4fee\u88dc\u5305\u3002[4][5]
\n\uff0a\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u76ee\u524d\u6240\u5be6\u4f5c\u7a31\u70baKPTI\u6216KAISER\u7684Patch\u65b9\u6848\uff0c\u662f\u5728\u4f5c\u696d\u7cfb\u7d71\u5340\u9694\u8a18\u61b6\u9ad4\u5340\u6bb5\u3002
\n\uff0a\u76ee\u524d\u5df2\u7d93\u767c\u73fe\u9019\u500b\u65b9\u6cd5\u5be6\u4f5c\u5728\u7cfb\u7d71\u547c\u53eb\u8207\u4e2d\u65b7\u6703\u589e\u52a0\u6578\u767e\u500b\u52d5\u4f5c\uff0c\u56e0\u6b64\u65bc\u7cfb\u7d71\u6548\u80fd\u67095%~30%\u9593\u7684\u5f71\u97ff\uff0c\u9ad8\u6548\u80fd\u904b\u4f5c\u74b0\u5883\u5efa\u8b70\u6e2c\u8a66\u8a55\u4f30\u5f8c\u518d\u4f7f\u7528\u3002[6]
\n\uff0a\u4f9d\u4e0a\u8ff0\u56e0\u7d20\uff0cAMD\u67b6\u69cb\u4e0a\u4e26\u4e0d\u6703\u555f\u52d5\u672c\u4fee\u88dc\u5305\u3002[7]
\n\uff0a\u672c\u5f31\u9ede\u5728\u5168\u865b\u64ec\u5316\u74b0\u5883\u4e2d\u82e5\u65bcGuest\u4e3b\u6a5f\u9032\u884c\u653b\u64ca\uff0c\u50c5\u80fd\u53d6\u5f97Guest\u4e3b\u6a5f\u7684\u8a18\u61b6\u9ad4\u5167\u5bb9\uff0c\u4e26\u4e0d\u6703\u5f71\u97ffHost\u7684\u5b89\u5168\u6027\u3002[8]<\/p>\n

2) Spectre<\/strong>
\n\uff0a\u5229\u7528CVE-2017-5753\u53caCVE-2017-5715\u6240\u5be6\u65bd\u3002
\n\uff0a\u4e0d\u540c\u65bc\u524d\u8005\uff0cSpectre\u662f\u89f8\u767c\u5176\u4ed6\u61c9\u7528\u7a0b\u5f0f\u8d8a\u6b0a\u5b58\u53d6\u5176\u4ed6\u61c9\u7528\u7684\u8a18\u61b6\u9ad4\u5167\u5bb9\u3002[3]
\n\uff0a\u8a72\u5f31\u9ede\u5be6\u4f5c\u65b9\u5f0f\u8f03\u70ba\u8907\u96dc\uff0c\u76f8\u5c0d\u7684\u4fee\u88dc\u65b9\u6cd5\u4e5f\u66f4\u70ba\u56f0\u96e3\uff0c\u56e0\u6b64\u76ee\u524d\u4e5f\u9084\u6c92\u6709\u5b8c\u6574\u7684\u9632\u8b77\u65b9\u6848\u516c\u958b\uff0c\u9810\u4f30\u5f71\u97ff\u6642\u7a0b\u6703\u66f4\u5ef6\u9577\u3002[9]
\n\uff0a\u5f71\u97ff\u7bc4\u570d\u904d\u53caIntel\u3001AMD\u53caARM\u7684\u5e73\u53f0\uff0c\u96d6AMD\u5ba3\u7a31\u4e0d\u6703\u53d7\u6ce2\u53ca\uff0c\u4f46\u5728\u6587\u737b\u4e2d\u767c\u73feAMD Ryzen\u7cfb\u5217\u5df2\u906d\u53d7\u90e8\u5206\u5f71\u97ff\u3002[10][11]
\n\uff0a\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u9019\u500b\u653b\u64ca\u884c\u70ba\u5728\u865b\u64ec\u5316\u74b0\u5883\u4e2d\uff0c\u82e5Guest\u4e3b\u6a5f\u906d\u53d7\u653b\u64ca\uff0c\u53ef\u80fd\u53d6\u5f97\u5176\u4ed6Guest\u751a\u81f3Host\u7684\u8a18\u61b6\u9ad4\u5167\u5bb9\u3002
\n\uff0a\u6b64\u5f31\u9ede\u5c0d\u65bc\u96f2\u7aef\u670d\u52d9\u4f9b\u61c9\u5546\u6709\u660e\u986f\u7684\u5f71\u97ff\u3002[11][12]
\n\uff0a\u5efa\u8b70\u5bc6\u5207\u95dc\u6ce8\u8a72\u5f31\u9ede\u61c9\u7528\u8207\u4fee\u88dc\u72c0\u6cc1\u4e4b\u767c\u5c55\u8da8\u52e2\u3002<\/p>\n

\u53c3\u8003\u8cc7\u6599
\n[1]\u00a0https:\/\/googleprojectzero.blogspot.tw\/\u2026\/reading-privileged-\u2026<\/a><\/p>\n

\n

[2]\u00a0https:\/\/git.kernel.org\/\u2026\/li\u2026\/kernel\/git\/tip\/tip.git\/commit\/\u2026<\/a><\/p>\n

[3]\u00a0https:\/\/meltdownattack.com\/<\/a><\/p>\n

[4]\u00a0https:\/\/meltdownattack.com\/#faq-fix<\/a><\/p>\n

[5]\u00a0https:\/\/www.cyberciti.biz\/\u2026\/patch-meltdown-cpu-vulnerabili\u2026\/<\/a><\/p>\n

[6]\u00a0https:\/\/lwn.net\/Articles\/738975\/<\/a><\/p>\n

[7]\u00a0https:\/\/git.kernel.org\/\u2026\/li\u2026\/kernel\/git\/tip\/tip.git\/commit\/\u2026<\/a><\/p>\n

[8]\u00a0http:\/\/blog.cyberus-technology.de\/\u2026\/2018-01-03-meltdown.html<\/a><\/p>\n

[9]\u00a0https:\/\/spectreattack.com\/<\/a><\/p>\n

[10]\u00a0https:\/\/wccftech.com\/intel-affected-by-critical-kernel-bug\u2026\/<\/a><\/p>\n

[11]\u00a0https:\/\/www.theregister.co.uk\/\u2026\/intel_amd_arm_cpu_vulnerab\u2026\/<\/a><\/p>\n

[12]\u00a0https:\/\/xenbits.xen.org\/xsa\/advisory-254.html<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/123"}],"collection":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/comments?post=123"}],"version-history":[{"count":2,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/123\/revisions"}],"predecessor-version":[{"id":126,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/123\/revisions\/126"}],"wp:attachment":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/media?parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/categories?post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/tags?post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}