Intel CPUs released since 2013 are impacted by Zombieload v2

In May of this year, the Zombieload vulnerability, which affects older Intel CPUs, was disclosed to the public. Zombieload now has a second variant that also works against more recent Intel processors. This means that Cascade Lake, Intel’s latest line of high-end CPUs, is also affected. It was initially thought that the Cascade Lake processors would be unaffected by the Zombieload vulnerability.

The Zombieload vulnerability is a security flaw in the same class as Meltdown, Spectre, and Foreshadow. Known collectively as Microarchitectural Data Sampling (MDS) attacks, these attacks rely on taking advantage of the speculative execution process. That process is an optimization technique that Intel added to its CPUs in order to improve data processing speeds and performance.

Unfortunately, the vulnerabilities such as Meltdown, Spectre, and Foreshadow made it clear that the speculative execution process was riddled with security holes.

MDS are just the latest line of vulnerabilities impacting speculative execution. What makes them different from the original Meltdown, Spectre, and Foreshadow bugs that were disclosed in 2018 is that they attack a different area of a CPU’s speculative execution process.

Attacks like Meltdown, Spectre and Foreshadow attack data stored inside the L1 cache. MDS attacks go after a CPU’s microarchitectural data structure. The microarchitectural data structures affected include the load, store, and line fill buffers that the CPU uses for fast reads/writes of data being processed inside the CPU.

When the original MDS attacks were disclosed in May, it was deemed that Zombieload was the most dangerous MDS attack as it could retrieve more information than other known MDS attacks.

This newest MDS attack, known as Zombieload v2, is a variation of the Zombieload v1 vulnerability, but one that worked on Intel’s newer line of CPUs. The same CPUs that Intel claimed had protections against speculative execution attacks baked in at the hardware level.

Zombieload v2 only needs for the targeted CPU to support the Intel TSX instruction-set extension in order to attack. That instruction-set extension has been available by default in all Intel CPUs sold since 2013.

Intel has been playing down the seriousness of the vulnerability, but has released a CPU firmware update as part of their monthly patch in order to address the newest Zombieload attack variant.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648