Patches Released For ZombieLoad Intel CPU Vulnerability Affecting Chips Since 2011
Patched Intel consumer devices will see at most a 3 percent performance hit, while most data center environments will see a performance impact of no more than 9 percent, according to Intel.
Security researchers have discovered a new set of flaws in Intel chips that could be used to steal sensitive data directly from the processor.
The most vexing vulnerability is called ZombieLoad, and it takes advantage of the speculative execution process just like the Meltdown and Spectre bugs discovered last year. Speculative execution improves data processing speeds and performance by attempting to predict what an application or operating system might need next.
Meltdown and Spectre grabbed headlines in 2018 by demonstrating how CPU components can leak sensitive data like private messages, passwords and account tokens during the speculative execution process. But instead of injecting malicious code like its predecessors, researchers said the ZombieLoad side-channel vulnerability makes it possible for adversaries to exploit design flaws in the Intel chips.
[Related: The Latest: Spectre And Meltdown]
"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs," the ZombieLoad researchers wrote.
Nearly every computer dating back to 2011 with an Intel chip is affected by ZombieLoad, according to Intel. ZombieLoad is made up of four separate vulnerabilities, which were reported a month ago by the academics to Intel.
Intel said microcode patches will help clear the processor's buffers, preventing data from being read. Like previous patches, Intel's microcode update will have an impact on processor performance, with consumer devices seeing at most a 3 percent performance hit and most data center environments seeing a performance impact of no more than 9 percent.
However, certain storage and server side java patches could result in performance impacts of 14 percent and 19 percent, respectively, according to Intel. Intel's stock is up $0.48 (1.07 percent) to $45.23 in trading Tuesday afternoon.
Vulnerable Intel chips include: Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake, Haswell, Intel Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake. All Atom and Knights processors are also affected, according to the research.
"As technologies become more and more complex, we believe it takes the ecosystem working together to keep products and data more secure," Intel wrote on a webpage describing the vulnerabilities. "We appreciate the research community and our industry partners for their contributions and coordinated disclosure of these issues."
AMD said its products aren't susceptible to the latest side-channel attacks thanks to hardware protection checks in its architecture. ARM chips are also not said to be vulnerable. No exploits of the ZombieLoad vulnerability have been publicly reported, though the academics said attacks wouldn't necessarily leave a trace.
Flaws like ZombieLoad could be exploited to see which websites a person is visiting in real-time, according to researchers. The vulnerability could also be repurposed to obtain passwords or access tokens for a victim's online accounts.
In one example provided by researchers, adversaries deployed ZombieLoad to monitor the websites a user was visiting even though the user was running a privacy-protected Tor Browser inside a virtual machine. In essence, ZombieLoad breaks all privacy protections that exist between apps, making it possible for data to bleed across those boundary walls.
ZombieLoad is a microarchitectural data sampling (MDS) attack, which targets components used for fast reads/writes of information processed inside the CPU like the load, store, and line fill buffers. It can be triggered in PCs, laptops and virtual machines, meaning that the cloud is vulnerable as well.
By exploiting normal speculative execution operations, an MDS attack can infer data that is being processed in the CPU by other apps. Adversaries shouldn't normally have access to this information.
MDS attacks targeted line fill buffers are classified as ZombieLoad, which is considered to be the most dangerous since it can retrieve more information than the others. The other MDS attacks are known as Fallout and RIDL.