June 9, 2023

Intel Cascade Lake CPUs hit by new Zombieload v2 attack

Once again, the security of Intel hardware was questioned after another serious security vulnerability was found which is known as Zombieload.

Zombieload v2 Attack:

Intel
Intel

The vulnerability, known as ZombieLoad 2, or TSX Asynchronous Abort, targets the Intel Processors feature of Transactional Synchronization Extensions (TSX). Speculative execution typically seeks to boost the CPU’s performance by running instructions before knowing whether or not they are needed.

Two academic teams revealed a new batch of vulnerabilities that affected Intel CPUs back in May. These are security flaws in the same class as Meltdown, Spectre, and Foreshadow, collectively known as MDS attacks.

Zombieload MDS
Zombieload MDS

Now, a second-generation, ZombieLoad 2, was found to be able to get around the defences set up after detecting the initial attacks and stealing sensitive data from the kernel of the operating system or other processes.

Intel notes that this vulnerability affects a wide range of Intel CPUs, including their Cascade Lake processor line, which are not compromised by other vulnerabilities in Microarchitectural Data Sampling (MDS), such as Fallout and RIDL.

While Meltdown, Spectre, and Foreshadow targeted data stored inside the L1 cache, MDS attacks followed the microarchitectural data structures of a CPU; hence the name of attacks on Microarchitectural Data Sampling (MDS). Such microarchitectural data structures included the load, store, and line fill buffers that the CPU uses to process data within the CPU for quick reads/writing.

The main advantage of this approach is that it also works on machines with hardware fixes for Meltdown, which we verified on an i9-9900K and Xeon Gold 5218, the research team explained in the revised version of their whitepaper.

This issue should be resolved through Microsoft’s latest November 2019 Patch updates on Tuesday, with Intel recommending that users immediately patch their systems.

Leave a Reply

Your email address will not be published. Required fields are marked *