Intel CPUs attacked again as ZombieLoad V2 exploit rises from Spectre’s grave
Intel CPUs that received hardware, software, and microcode fixes for various Spectre-related bugs are still vulnerable to a new speculative execution attack called ZombieLoad v2. This latest flaw in Intel’s chip design doesn’t make every single Core processor vulnerable, but it affects the latest few generations, from 2013’s Haswell architecture through to the latest Cascade Lake designs.
ZombieLoad v2 is the fifth of the micro-architectural data sampling (MDS) vulnerabilities that have affected Intel CPUs. One of those, ZombieLoad, caused concern for every Intel CPU going back to 2011 and Intel was quick to fix it. But that did lead to some performance degradation and raised questions about the viability of Intel’s hyperthreading feature which enables a CPU to simultaneously work on a number of threads equal to double its number of cores and whether disabling it altogether might be worth the added security such a performance-inhibiting move would provide.
In the case of ZombieLoad V2, Intel was informed of the potential exploit on April 23 of this year, with the researchers behind the discovery confirming that the attack vector was also present on new Cascade Lake CPUs in May. Intel has reportedly not patched this issue at this time, but did release a statement downplaying its potential effects, as well as promising a microcode fix in the near future.
“We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” Intel said on its new security blog, suggesting that existing ZombieLoad fixes make it unlikely that ZombieLoad V2 would be a viable attack vector. It then went on to claim, however, that, “Shortly before this disclosure […] we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates. We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel.”
As the researchers pointed out, via WCCFTech, the main problem with ZombieLoad V2 is that it works on CPUs that have hardware fixes against Meltdown. That could suggest that Intel will need to further change its chip designs in future if it wants to put a more permanent stop to these kinds of attacks.
Digital Trends spoke with some chip developers earlier this year who suggested that using a secure core on die could help circumvent the problems faced by speculative execution attacks. It’s too early to tell how effective such a solution would be, but Microsoft recently announced it was incorporating a “Secured core” in its Surface Pro X. We haven’t had extensive testing time with it yet, but the overall design seems solid.
But what about AMD in all this? Since its CPUs don’t use transactional synchronization extensions (TSX) which enable faster multithreaded software support it isn’t vulnerable to ZombieLoad-style attacks, in the same way that it wasn’t vulnerable to the initial Meltdown exploit. Indeed, when it comes to chip security and performance-inhibiting mitigations against exploits, AMD is leaps and bounds ahead of Intel. While AMD’s CPUs have slowed down by a few percent since the advent of the first Spectre attacks, Intel hardware with the full complement of fixes has seen far greater performance degradation.
For Intel, things look a little bleaker. Spectre-like attacks seem destined to continue to appear until Intel changes its CPU designs permanently. With AMD breathing down its neck in almost every market sector, that won’t be an attractive prospect, especially since the blue team is already behind on the race to ever-smaller CPU dies.