Intel’s new Cascade Lake chips hit by ‘Zombieload’ flaw Vuln allows hackers to read data in chips.

Intel’s new Cascade Lake chips hit by ‘Zombieload’ flaw Vuln allows hackers to read data in chips.

Security researchers have discovered a flaw in Intel’s new Xeon Cascade Lake family of chips that could be used to steal sensitive data directly from the processor.


To combat the attack, Intel released microcode updates on 12 November to address the issue, which stems from a new variant of Zombieload. The new Zombieload flaw, which Intel calls Transactional Asynchronous Abort (TAA), can enable hackers with physical access to a device the ability to read sensitive data stored in the processor.


Intel has confirmed that its new chips are vulnerable to the newest Zombieload flaw.


“The TAA mitigation provides the ability to clear stale data from microarchitectural structures through use of a VERW instruction on processors that already have hardware-based mitigations for MDS [microarchitectural data sampling],” said Jerry Bryant, director of security communication for Intel’s Platform Assurance and Security Group, in a security update blog post Tuesday.


“It also provides system software the means to disable [TAA] for customers who do not use this functionality. We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” said Bryant. “Shortly before this disclosure, however, we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques [for TAA, only if TSX is enabled] and will be addressed in future microcode updates.”


The new variant of Zombieload is closely related to an MDS attack, which targets components used for fast reads/writes of information processed inside the CPU like the load, store and line fill buffers. It can be triggered in PCs, laptops and virt ..

Support the originator by clicking the read the rest link below.