Skip to main content

Intel CPUs attacked again as ZombieLoad V2 exploit rises from Spectre’s grave

Intel CPUs that received hardware, software, and microcode fixes for various Spectre-related bugs are still vulnerable to a new speculative execution attack called ZombieLoad v2. This latest flaw in Intel’s chip design doesn’t make every single Core processor vulnerable, but it affects the latest few generations, from 2013’s Haswell architecture through to the latest Cascade Lake designs.

ZombieLoad v2 is the fifth of the micro-architectural data sampling (MDS) vulnerabilities that have affected Intel CPUs. One of those, ZombieLoad, caused concern for every Intel CPU going back to 2011 and Intel was quick to fix it. But that did lead to some performance degradation and raised questions about the viability of Intel’s hyperthreading feature — which enables a CPU to simultaneously work on a number of threads equal to double its number of cores — and whether disabling it altogether might be worth the added security such a performance-inhibiting move would provide.

In the case of ZombieLoad V2, Intel was informed of the potential exploit on April 23 of this year, with the researchers behind the discovery confirming that the attack vector was also present on new Cascade Lake CPUs in May. Intel has reportedly not patched this issue at this time, but did release a statement downplaying its potential effects, as well as promising a microcode fix in the near future.

“We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” Intel said on its new security blog, suggesting that existing ZombieLoad fixes make it unlikely that ZombieLoad V2 would be a viable attack vector. It then went on to claim, however, that, “Shortly before this disclosure […] we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates. We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel.”

As the researchers pointed out, via WCCFTech, the main problem with ZombieLoad V2 is that it works on CPUs that have hardware fixes against Meltdown. That could suggest that Intel will need to further change its chip designs in future if it wants to put a more permanent stop to these kinds of attacks.

Digital Trends spoke with some chip developers earlier this year who suggested that using a secure core on die could help circumvent the problems faced by speculative execution attacks. It’s too early to tell how effective such a solution would be, but Microsoft recently announced it was incorporating a “Secured core” in its Surface Pro X. We haven’t had extensive testing time with it yet, but the overall design seems solid.

But what about AMD in all this? Since its CPUs don’t use transactional synchronization extensions (TSX) — which enable faster multithreaded software support — it isn’t vulnerable to ZombieLoad-style attacks, in the same way that it wasn’t vulnerable to the initial Meltdown exploit. Indeed, when it comes to chip security and performance-inhibiting mitigations against exploits, AMD is leaps and bounds ahead of Intel. While AMD’s CPUs have slowed down by a few percent since the advent of the first Spectre attacks, Intel hardware with the full complement of fixes has seen far greater performance degradation.

For Intel, things look a little bleaker. Spectre-like attacks seem destined to continue to appear until Intel changes its CPU designs permanently. With AMD breathing down its neck in almost every market sector, that won’t be an attractive prospect, especially since the blue team is already behind on the race to ever-smaller CPU dies.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Intel CEO reveals hardware plans for addressing Meltdown, Spectre exploits
insecure intel exploits ceo

Understanding Spectre and Meltdown
Intel CEO Brian Krzanich said on Thursday, March 15 that the first processors to see hardware changes that address the Meltdown and Spectre flaws will be the company's next-generation "Cascade Lake" Xeon Scalable chips for the server market, and eighth-generation Core processors shipping to the mainstream market in the second half of 2018. 
"We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3," Krzanich said. "Think of this partitioning as additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors." 
As previously reported, Meltdown (CVE-2017-5754), Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) are three exploits presented in January by Google Project Zero, Cybrus Technology, and Graz University of Technology. They take advantage of how modern processors “think ahead” while computing multiple instructions using a technique called speculative execution. 
More specifically, processors “predict” the outcome of their tasks based on information stored in memory. This method speeds up the overall computing process but leaves all that unsecured data wide open for the picking as seen with the Meltdown and Spectre exploits. Since their public disclosure in January, processor manufacturers including Intel and Qualcomm have scrambled to fix the glaring hardware-based security issues. 
On the Intel front, the company released an initial batch of updates but hit the brakes when customers began experiencing problems. After regrouping and ironing out the kinks, a second wave of updates arrived to plug the security holes without issues. According to Krzanich, 100 percent of the processors released over the last five years are now protected against Meltdown and Spectre exploits as long as customers actually apply the updates. 
"With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date. It’s one of the easiest ways to stay protected," Krzanich said. "As part of this, I want to recognize and express my appreciation to all of the industry partners who worked closely with us to develop and test these updates, and make sure they were ready for production." 
To date, updates addressing Meltdown and Spectre are available for all Intel processors ranging from its second-generation "Sandy Bridge" CPUs to its recent eighth-generation "Coffee Lake" chips. You can see the generational release of your processor by spotting the number after the hyphen in the processor's name, such as the "6" in the sixth-generation Intel Core i7-6820HK. Intel is still working on fixes for its first-generation "Nahalem" and "Westmere" CPUs. 
The eighth-generation processors slated to arrive in the second half of 2018 likely stem from Intel's "Cannon Lake" family based on 10nm process technology. It’s essentially a smaller version of Intel’s seventh-generation processor design, aka Kaby Lake, which began shipping to mobile device manufacturers at the end of 2017. Intel's ninth-generation "Ice Lake" processors for 2019 will have protections against Meltdown and Spectre exploits as well. 
"Our work is not done," Krzanich concluded. "This is not a singular event; it is a long-term commitment. One that we take very seriously." 

Read more
Researchers: Intel CPUs are inherently flawed and open to a specific attack
8th gen intel core launch building 01

Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called "address space layout randomization," or ASLR.

Read more
AMD attacks Intel over SYSMark benchmark, but do its own claims hold up?
AMD A10 7870K

AMD has gone on the offensive against Intel in a new YouTube video that examines SYSmark, a benchmark commonly used by Intel to describe the performance of its new processors.

In a video titled “Truth or Myth? Is SYSmark a Reliable Benchmark?" AMD’s John Hampton explains that SYSmark relies heavily on raw compute power, and as a result, it tends to favor Intel systems. A test performed in the video shows an Intel system with a Core i5 hitting a SYSmark 2014 score of 987, while an AMD rig hits 659.

Read more