Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards.
The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware.
ZombieLoad v2 Affects Latest Intel CPUs
Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135, that resides in Intel’s Transactional Synchronization Extensions (TSX).
Intel TSX provides transactional memory support in hardware, aiming to improve the performance of the CPU by speeding up the execution of multi-threaded software and aborting a transaction when a conflict memory access was found.
images from Hacker News