This post is also available in: Deutsch (German)
Intel has confirmed a vulnerability called ZombieLoad that allows data to be recorded. The patch makes the processors much slower.
ZombieLoad: Another microcode gap in Intel CPUs
Intel released another serious vulnerability yesterday on Patch Day, which takes place every second Tuesday of the month. This is called ZombieLoad and is like Spectre and Meltdown a problem in the microcode. The gap was found by members of Graz University of Technology together with the IT security company Cyberus Technology, and colleagues from KU Leuven and the Worcester Polytechnic Institute. Intel also discovered the gap earlier together with three other gaps. They have also put a website online with information about ZombieLoad.
Specifically, ZombieLoad is a side channel attack called Microarchitectural Data Sampling (MDS) by Intel. An exploit can record data from processes running on the same processor core. Other data cannot be listened to, but with appropriate technical tricks the process can be started exactly when sensitive data can be stolen. This enables a malicious program to collect a lot of important data – even across operating system boundaries. This means that data from virtual machines can also be affected without any problems. The attack works even better with processors that use hyperthreading, since the malicious process and the process to be spyed on share more resources here. Cyberus Technology shows in a video how well this works. The exploit used records data from the Tor browser, which runs on Linux Tails in a qemu machine.
Many processors affected, patch slows down CPUs drastically in some cases
Many processor families are affected by ZombieLoad. Almost all Core i and Xeon processors from 2011 onwards will be affected. Only the latest Whiskey Lake-U generation for notebooks and Coffee Lake Refresh from the 13 stepping (R0) are not affected. Intel has also published a list of which processors are affected.
Intel has also released a patch for the vulnerability. This patch currently includes the ability to disable hyperthreading. Some processors have a big disadvantage because of this. The company itself has already published benchmarks that show the drop in performance. In some situations the performance degradation is negligibly low, but in memory processes the data center processors are 14 percent slower when hyperthreading is enabled. Without hyperthreading, the performance in compute tasks also drops by 11 percent, while in Java tasks it even drops by 19 percent. How the patch could affect gaming CPUs remains to be seen. However, data centers are again primarily affected.
AMD CPUs not affected
Intel competitor AMD has also responded to the release of the MDS attacks. According to a statement, AMD processors are not affected by RIDL, ZombieLoad or Fallout.