For all you Intel fans out there … some great news for y’all. Taken from ZDNet … The Zombieload vulnerability disclosed earlier this year in May has a second variant that also works against more recent Intel
processors, not just older ones, including Cascade Lake, Intel’s latest line of high-end CPUs — initially thought to have been unaffected.
Intel is releasing microcode (CPU firmware) updates today to address this new Zombieload attack variant, as part of its monthly Patch Tuesday — known as the Intel Platform Update (IPU) process.
WHAT IS ZOMBIELOAD
Back in May, two teams of academics disclosed a new batch of vulnerabilities that impacted Intel CPUs. Collectively known as MDS attacks, these are security flaws in the same class as Meltdown, Spectre, and Foreshadow.
The attacks rely on taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance.
Vulnerabilities like Meltdown, Spectre, and Foreshadow, showed that the speculative execution process was riddled with security holes.
Disclosed in May, MDS attacks were just the latest line of vulnerabilities impacting speculative execution.
They were different from the original Meltdown, Spectre, and Foreshadow bugs disclosed in 2018 because they attacked different areas of a CPU’s speculative execution process.
While Meltdown, Spectre, and Foreshadow attacked data stored inside the L1 cache, MDS attacks went after a CPU’s microarchitectural data structures — hence, the name of Microarchitectural Data Sampling (MDS) attacks. These microarchitectural data structures included the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU.
The original MDS attacks disclosed in May targeted store buffers (CVE-2018-12126 aka Fallout), load buffers (CVE-2018-12127), line fill buffers (CVE-2018-12130, aka the Zombieload attack, or RIDL), and uncacheable memory (CVE-2019-11091). At the time, Zombieload was deemed the most dangerous of all four MDS attacks because it could retrieve more information than the others.
MEET ZOMBIELOAD V2
But unbeknownst to the world, there was a fifth MDS attack at the time, which researchers kept secret because Intel had yet to release a patch.
Nicknamed Zombiload v2 (CVE-2019-11135), this is a variation of the Zombieload v1 vulnerability, but one that worked on Intel’s newer line of CPUs, those which the company claimed had protections against speculative execution attacks baked in at the hardware level.
According to an updated version of the Zombieload academic paper that ZDNet received this week, the Zombieload v2 attack exploits the Intel Transactional Synchronization Extensions (TSX) Asynchronous Abort operation that occurs when an attacker uses malicious code to create a conflict between read operations inside a CPU.
This read conflict for TSX Asynchronous Abort (TAA) operations leaks data about what’s being processed inside an Intel CPU.
“The main advantage of this approach is that it also works on machines with hardware fixes for Meltdown, which we verified on an i9-9900K and Xeon Gold 5218,” the research team explained in the revised version of their whitepaper.
The only condition for a Zombieload v2 attack is that the targeted CPU supports the Intel TSX instruction-set extension, which the research team said is available by default in all Intel CPUs sold since 2013.
The first Intel CPU series to have featured TSX support was the Haswell platform. Everything that came after is affected. Intel’s Cascade Lake, which the company released in April this year, was supposed to be the company’s first product that featured protections against side-channel and speculative execution attacks at the hardware level.
