Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards.
The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware.
ZombieLoad v2 Affects Latest Intel CPUs
Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135, that resides in Intel’s Transactional Synchronization Extensions (TSX).
Intel TSX provides transactional memory support in hardware, aiming to improve the performance of the CPU by speeding up the execution of multi-threaded software and aborting a transaction when a conflict memory access was found.
Intel has referred ZombieLoad v2 as “Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA)” vulnerability because the exploitation of this flaw requires a local attacker, with the ability to monitor execution time of TSX regions, to infer memory state by comparing abort execution times.
ZombieLoad v2 affects desktops, laptops, and cloud computers running any Intel CPUs that support TSX, including Core, Xeon processors, and Cascade Lake, Intel’s line of high-end CPUs that was introduced in April 2019.
Microcode Patches Available for ZombieLoad v2
Researchers warned Intel about ZombieLoad Variant 2 on April 23, the same time they discovered and reported the other MDS flaws that the chipmaker patched a month later in May.
On May 10, the team also informed Intel that the ZombieLoad Variant 2 attack works against newer lines of the company’s CPUs, even when they include hardware mitigations against MDS attacks.
Intel asked the researchers not to disclose the details of Variant 2 until now when the chipmaker came up with security patches with a microcode update that addresses this vulnerability.
The company has also provided MDS mitigations for operating system developers, virtual machine manager (VMM) developers, software developers using Intel SGX, and system administrators.
For more details on the new ZombieLoad variant, you can head on to the original research paper published by researchers in May, which has now been updated to add information on the second variant as well.
Meanwhile, Red Hat has also released a script using which users can detect if their Intel-powered system is also vulnerable to this flaw.