Skip to main content

Intel CPUs attacked again as ZombieLoad V2 exploit rises from Spectre’s grave

Intel CPUs that received hardware, software, and microcode fixes for various Spectre-related bugs are still vulnerable to a new speculative execution attack called ZombieLoad v2. This latest flaw in Intel’s chip design doesn’t make every single Core processor vulnerable, but it affects the latest few generations, from 2013’s Haswell architecture through to the latest Cascade Lake designs.

ZombieLoad v2 is the fifth of the micro-architectural data sampling (MDS) vulnerabilities that have affected Intel CPUs. One of those, ZombieLoad, caused concern for every Intel CPU going back to 2011 and Intel was quick to fix it. But that did lead to some performance degradation and raised questions about the viability of Intel’s hyperthreading feature — which enables a CPU to simultaneously work on a number of threads equal to double its number of cores — and whether disabling it altogether might be worth the added security such a performance-inhibiting move would provide.

In the case of ZombieLoad V2, Intel was informed of the potential exploit on April 23 of this year, with the researchers behind the discovery confirming that the attack vector was also present on new Cascade Lake CPUs in May. Intel has reportedly not patched this issue at this time, but did release a statement downplaying its potential effects, as well as promising a microcode fix in the near future.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

“We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” Intel said on its new security blog, suggesting that existing ZombieLoad fixes make it unlikely that ZombieLoad V2 would be a viable attack vector. It then went on to claim, however, that, “Shortly before this disclosure […] we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates. We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel.”

As the researchers pointed out, via WCCFTech, the main problem with ZombieLoad V2 is that it works on CPUs that have hardware fixes against Meltdown. That could suggest that Intel will need to further change its chip designs in future if it wants to put a more permanent stop to these kinds of attacks.

Digital Trends spoke with some chip developers earlier this year who suggested that using a secure core on die could help circumvent the problems faced by speculative execution attacks. It’s too early to tell how effective such a solution would be, but Microsoft recently announced it was incorporating a “Secured core” in its Surface Pro X. We haven’t had extensive testing time with it yet, but the overall design seems solid.

But what about AMD in all this? Since its CPUs don’t use transactional synchronization extensions (TSX) — which enable faster multithreaded software support — it isn’t vulnerable to ZombieLoad-style attacks, in the same way that it wasn’t vulnerable to the initial Meltdown exploit. Indeed, when it comes to chip security and performance-inhibiting mitigations against exploits, AMD is leaps and bounds ahead of Intel. While AMD’s CPUs have slowed down by a few percent since the advent of the first Spectre attacks, Intel hardware with the full complement of fixes has seen far greater performance degradation.

For Intel, things look a little bleaker. Spectre-like attacks seem destined to continue to appear until Intel changes its CPU designs permanently. With AMD breathing down its neck in almost every market sector, that won’t be an attractive prospect, especially since the blue team is already behind on the race to ever-smaller CPU dies.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Best Woot Prime Day deals: TVs, headphones and appliances
Sony WH-1000XM5

There are plenty of Prime Day deals going on right now and we don’t just mean at Amazon. The nice thing about Prime Day is that it means other retailers also launch their own sales and that includes Amazon-owned Woot. That means whether you’re looking for cheap Prime Day TV deals or high-end Prime Day headphone deals, you should check out Woot. To help you narrow things down, we’ve picked out our highlights so you can quickly find the right deal for your needs. Here’s what you need to know.
Woot Prime Day TV deals

Amazon 55-inch Fire TV Omni 4K Smart TV (refurbished) --
Samsung 65-inch The Frame QLED 4K Smart TV (refurbished) --
LG 65-inch C3 OLED evo 4K Smart TV (refurbished) --
Samsung 75-inch The Frame QLED 4K Smart TV --
LG 77-inch C3 OLED evo 4K Smart TV (refurbished) --
LG 83-inch C3 OLED evo 4K Smart TV (refurbished) --

Read more
Best Alienware Prime Day deals: Cheap gaming laptops and PCs
The Alienware m18 gaming laptop.

The savings that you can get from Prime Day deals will let you afford Prime Day gaming laptop deals and Prime Day gaming PC deals that were previously out of your reach -- and that includes machines made by Alienware. Dell's gaming-focused brand is extremely popular, which is why we think there's going to be lots of demand for this year's Alienware Prime Day deals. We've gathered our favorite Alienware deals for the shopping event for you to browse, but if you want to take advantage of any of them, you need to be quick because stocks may run out at any moment.
Best Alienware gaming laptop Prime Day deals

If you want a portable gaming machine, a gaming laptop is the perfect choice for you, and buying from Alienware gaming laptop Prime Day deals is highly recommended. These machines come at a premium price because of the power that they pack, but you can get them for much cheaper than usual during the shopping event. There's no time to waste though, as other gamers will surely be interested in these offers -- there's no telling how long stocks will last.

Read more
This pack of corn puffs hasn’t left my gaming PC — here’s why
A pack of Kuai Kuai sitting on a gaming PC.

In Taiwan, I fell in love. I didn't find a spouse, a pet, or suddenly decide to move my life to the other side of the world. I fell in love with a coconut-flavored corn puff called Kuai Kuai (or "Guai Guai"). And since returning home, I've had an unopened bag of the snack leaning on my gaming PC.

If you're one of the few that knows about Kuai Kuai, you already know what's up. For everyone else, you probably think I'm a little off my rocker. You might be onto something there, but Kuai Kuai has an entire culture around it that I learned about on my trip to Computex this year, and it's been a great way to bring a little piece of Taiwan home with me.

Read more