{"id":447014,"date":"2024-03-25T18:00:02","date_gmt":"2024-03-25T17:00:02","guid":{"rendered":"https:\/\/www.eenewseurope.com\/?p=447014"},"modified":"2024-03-25T18:01:52","modified_gmt":"2024-03-25T17:01:52","slug":"nouvelle-vulnerabilite-dans-tous-les-cpu-linux","status":"publish","type":"post","link":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/","title":{"rendered":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux"},"content":{"rendered":"

Des chercheurs d’IBM et de la Vrije Universiteit Amsterdam ont r\u00e9cemment d\u00e9couvert \u00ab\u00a0GhostRace\u00a0\u00bb, une nouvelle version de l’attaque contre le noyau Linux qui permet aux pirates d’acc\u00e9der \u00e0 des donn\u00e9es sensibles et de les divulguer.<\/h2>\n

Extrait du site web de recherche d’IBM<\/a><\/p>\n

\n
\n

D\u00e9but 2018, les vuln\u00e9rabilit\u00e9s \u00ab\u00a0Spectre\u00a0\u00bb et \u00ab\u00a0Meltdown\u00a0\u00bb ont boulevers\u00e9 en quelques jours la s\u00e9curit\u00e9 des microprocesseurs modernes. Les fabricants et les syst\u00e8mes d’exploitation se sont empress\u00e9s de trouver des solutions pour \u00e9liminer ces vuln\u00e9rabilit\u00e9s critiques qui entra\u00eenaient des fuites de mots de passe et d’autres donn\u00e9es sensibles. Apr\u00e8s six ans, on pourrait croire que cette cat\u00e9gorie de vuln\u00e9rabilit\u00e9s est bien comprise et corrig\u00e9e. Mais pas si vite.<\/em><\/p>\n

Des chercheurs d’IBM et de la Vrije Universiteit Amsterdam ont r\u00e9cemment d\u00e9couvert \u00ab\u00a0GhostRace\u00a0\u00bb, une nouvelle version de l’attaque contre le noyau Linux qui permet aux pirates d’acc\u00e9der \u00e0 des donn\u00e9es sensibles et de les divulguer. Apr\u00e8s avoir signal\u00e9 la vuln\u00e9rabilit\u00e9 de mani\u00e8re responsable \u00e0 l’\u00e9quipe Linux en novembre 2023, et apr\u00e8s plusieurs mois de collaboration sur les mesures de correction, l’attaque a \u00e9t\u00e9 rendue publique aujourd’hui sous les noms de CVE-2024-2193<\/a> et CVE-2024-26602<\/a>.<\/em><\/p>\n

L’attaque exploite une combinaison de deux types d’attaques (ex\u00e9cution sp\u00e9culative et conditions de course) pour permettre l’espionnage et l’extraction d’informations sensibles dans le noyau Linux, le c\u0153ur de la majorit\u00e9 des unit\u00e9s informatiques commercialis\u00e9s dans le monde. Cette attaque am\u00e9liore notre compr\u00e9hension des attaques par ex\u00e9cution sp\u00e9culative, ce qui permet de concevoir et d’adopter des d\u00e9fenses plus compl\u00e8tes.<\/em><\/p>\n

Les conditions \u00ab\u00a0racing\u00a0\u00bb surviennent lorsque plusieurs threads tentent d’acc\u00e9der \u00e0 une ressource partag\u00e9e sans synchronisation appropri\u00e9e, ce qui entra\u00eene souvent des vuln\u00e9rabilit\u00e9s. Pour \u00e9viter qu’ils ne se produisent, les syst\u00e8mes d’exploitation s’appuient sur des primitives de synchronisation telles que les mutex et les spinlocks. L’id\u00e9e ma\u00eetresse de GhostRace est que ces primitives de synchronisation peuvent \u00eatre contourn\u00e9es lors de l’ex\u00e9cution sp\u00e9culative, une optimisation du processeur con\u00e7ue pour am\u00e9liorer massivement les performances.<\/em><\/p>\n

Lorsque cela se produit dans des morceaux de code sp\u00e9cifiques du noyau (\u00e9galement appel\u00e9s \u00ab\u00a0gadgets\u00a0\u00bb), cela conduit \u00e0 une condition exploitable que les attaquants peuvent utiliser pour faire fuir des informations secr\u00e8tes du c\u0153ur du syst\u00e8me d’exploitation. Pour en savoir plus sur ces travaux, lisez le prochain article des chercheurs intitul\u00e9 article de l’USENIX Security 2024<\/a><\/strong> pour plus de d\u00e9tails, notamment les scripts permettant de trouver les gadgets vuln\u00e9rables, les mesures d’att\u00e9nuation sugg\u00e9r\u00e9es et les mesures d’att\u00e9nuation adopt\u00e9es par Linux.<\/em><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Des chercheurs d’IBM et de la Vrije Universiteit Amsterdam ont r\u00e9cemment d\u00e9couvert \u00ab\u00a0GhostRace\u00a0\u00bb, une nouvelle version de l’attaque contre le noyau Linux qui permet aux pirates d’acc\u00e9der \u00e0 des donn\u00e9es sensibles et de les divulguer. Extrait du site web de recherche d’IBM D\u00e9but 2018, les vuln\u00e9rabilit\u00e9s \u00ab\u00a0Spectre\u00a0\u00bb et \u00ab\u00a0Meltdown\u00a0\u00bb ont boulevers\u00e9 en quelques jours la […]<\/p>\n","protected":false},"author":34,"featured_media":446938,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[883],"tags":[5397,5934,3861],"domains":[47],"ppma_author":[1153,1139],"class_list":["post-447014","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologies","tag-linux-fr","tag-mcu-cpu","tag-securite-fr","domains-electronique-eci"],"acf":[],"yoast_head":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux ...<\/title>\n<meta name=\"description\" content=\"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert "GhostRace", une nouvelle version de l'attaque contre le syst\u00e8me Linux.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux\" \/>\n<meta property=\"og:description\" content=\"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert "GhostRace", une nouvelle version de l'attaque contre le syst\u00e8me Linux.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014\/\" \/>\n<meta property=\"og:site_name\" content=\"EENewsEurope\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-25T17:00:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-25T17:01:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2024\/03\/Screen-Shot-2024-03-25-at-6.14.14-AM-1024x659.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"659\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"A Delapalisse, Wisse Hettinga\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"A Delapalisse\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/\"},\"author\":{\"name\":\"A Delapalisse\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/0aa2cfb0bd8949724a68cbac8d8321b4\"},\"headline\":\"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux\",\"datePublished\":\"2024-03-25T17:00:02+00:00\",\"dateModified\":\"2024-03-25T17:01:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/\"},\"wordCount\":485,\"publisher\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#organization\"},\"keywords\":[\"Linux\",\"MCU-CPU\",\"s\u00e9curit\u00e9\"],\"articleSection\":[\"Technologies\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/\",\"url\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/\",\"name\":\"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux\",\"isPartOf\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#website\"},\"datePublished\":\"2024-03-25T17:00:02+00:00\",\"dateModified\":\"2024-03-25T17:01:52+00:00\",\"description\":\"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert \\\"GhostRace\\\", une nouvelle version de l'attaque contre le syst\u00e8me Linux.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ecinews.fr\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#website\",\"url\":\"https:\/\/www.ecinews.fr\/fr\/\",\"name\":\"EENewsEurope\",\"description\":\"Just another WordPress site\",\"publisher\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ecinews.fr\/fr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#organization\",\"name\":\"EENewsEurope\",\"url\":\"https:\/\/www.ecinews.fr\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2022\/02\/logo-1.jpg\",\"contentUrl\":\"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2022\/02\/logo-1.jpg\",\"width\":283,\"height\":113,\"caption\":\"EENewsEurope\"},\"image\":{\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/0aa2cfb0bd8949724a68cbac8d8321b4\",\"name\":\"A Delapalisse\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/image\/211ac42237c2e9683c0964086c393cb4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ad45a8c5da24bc9c7c4940dd1c48a695?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ad45a8c5da24bc9c7c4940dd1c48a695?s=96&d=mm&r=g\",\"caption\":\"A Delapalisse\"},\"sameAs\":[\"http:\/\/ECI\"]}]}<\/script>","yoast_head_json":{"title":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux ...","description":"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert \"GhostRace\", une nouvelle version de l'attaque contre le syst\u00e8me Linux.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014\/","og_locale":"fr_FR","og_type":"article","og_title":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux","og_description":"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert \"GhostRace\", une nouvelle version de l'attaque contre le syst\u00e8me Linux.","og_url":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014\/","og_site_name":"EENewsEurope","article_published_time":"2024-03-25T17:00:02+00:00","article_modified_time":"2024-03-25T17:01:52+00:00","og_image":[{"width":1024,"height":659,"url":"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2024\/03\/Screen-Shot-2024-03-25-at-6.14.14-AM-1024x659.png","type":"image\/png"}],"author":"A Delapalisse, Wisse Hettinga","twitter_card":"summary_large_image","twitter_misc":{"Written by":"A Delapalisse","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#article","isPartOf":{"@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/"},"author":{"name":"A Delapalisse","@id":"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/0aa2cfb0bd8949724a68cbac8d8321b4"},"headline":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux","datePublished":"2024-03-25T17:00:02+00:00","dateModified":"2024-03-25T17:01:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/"},"wordCount":485,"publisher":{"@id":"https:\/\/www.ecinews.fr\/fr\/#organization"},"keywords":["Linux","MCU-CPU","s\u00e9curit\u00e9"],"articleSection":["Technologies"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/","url":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/","name":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux","isPartOf":{"@id":"https:\/\/www.ecinews.fr\/fr\/#website"},"datePublished":"2024-03-25T17:00:02+00:00","dateModified":"2024-03-25T17:01:52+00:00","description":"Des chercheurs d'IBM et de la VU Amsterdam ont d\u00e9couvert \"GhostRace\", une nouvelle version de l'attaque contre le syst\u00e8me Linux.","breadcrumb":{"@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.ecinews.fr\/fr\/nouvelle-vulnerabilite-dans-tous-les-cpu-linux\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ecinews.fr\/fr\/"},{"@type":"ListItem","position":2,"name":"Nouvelle vuln\u00e9rabilit\u00e9 dans tous les CPU Linux"}]},{"@type":"WebSite","@id":"https:\/\/www.ecinews.fr\/fr\/#website","url":"https:\/\/www.ecinews.fr\/fr\/","name":"EENewsEurope","description":"Just another WordPress site","publisher":{"@id":"https:\/\/www.ecinews.fr\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ecinews.fr\/fr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.ecinews.fr\/fr\/#organization","name":"EENewsEurope","url":"https:\/\/www.ecinews.fr\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.ecinews.fr\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2022\/02\/logo-1.jpg","contentUrl":"https:\/\/www.ecinews.fr\/wp-content\/uploads\/2022\/02\/logo-1.jpg","width":283,"height":113,"caption":"EENewsEurope"},"image":{"@id":"https:\/\/www.ecinews.fr\/fr\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/0aa2cfb0bd8949724a68cbac8d8321b4","name":"A Delapalisse","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.ecinews.fr\/fr\/#\/schema\/person\/image\/211ac42237c2e9683c0964086c393cb4","url":"https:\/\/secure.gravatar.com\/avatar\/ad45a8c5da24bc9c7c4940dd1c48a695?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ad45a8c5da24bc9c7c4940dd1c48a695?s=96&d=mm&r=g","caption":"A Delapalisse"},"sameAs":["http:\/\/ECI"]}]}},"authors":[{"term_id":1153,"user_id":34,"is_guest":0,"slug":"adelapalisse","display_name":"A Delapalisse","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/ad45a8c5da24bc9c7c4940dd1c48a695?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""},{"term_id":1139,"user_id":7,"is_guest":0,"slug":"wisse-hettinga","display_name":"Wisse Hettinga","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/24a36fe68de56eac2a45cbaf9aa4bb58?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014"}],"collection":[{"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/comments?post=447014"}],"version-history":[{"count":0,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/posts\/447014\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/media\/446938"}],"wp:attachment":[{"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/media?parent=447014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/categories?post=447014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/tags?post=447014"},{"taxonomy":"domains","embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/domains?post=447014"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.ecinews.fr\/fr\/wp-json\/wp\/v2\/ppma_author?post=447014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}