Published on November 12th, 2019 📆 | 3641 Views ⚑0
True to its name, Intel ZombieLoad processor attack comes crawling back with new variant • DigitalMunition
Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability.
The same group of university boffins who uncovered the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into Chipzilla's processor line than previously reported.
The ZombieLoad hole can be exploited by malware running on a vulnerable machine, or a rogue logged-in user, to snoop on processor cores and extract sensitive information from memory that should be out of bounds. In practice, this would potentially allow an attacker already on the system to lift passwords, keys, and the like from other running software.
When the bug was publicly disclosed earlier this year, Intel said its latest chips – its 8th and 9th generation Core and second-generation Xeon Scalable microprocessors – were not vulnerable to this so-called Microarchitectural Data Sampling (MDS) info leak.
That, the researchers say, is no longer the case. A previously unreported ZombieLoad eavesdropping technique will work even on fully up-to-date processors that use Intel's Transactional Synchronization Extensions (TSX) and TSX Asynchronous Abort (TAA) side-channel attack protections – and even on Meltdown-resistant and Foreshadow-resistant silicon.
The crew of Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss have now reissued their original ZombieLoad paper to say as much. There's a diff here [PDF].
"In contrast to concurrent attacks on the fill buffer, we are the first to report data leakage of recently loaded and stored stale values across logical cores even on Meltdown and MDS-resistant processors," they write. "Hence, despite Intel's claims, we show that the hardware fixes in new CPUs are not sufficient."
As it turns out, this issue has been known to both Intel and the researchers for some time, but was kept secret by both parties so as to give Chipzilla time to develop and release a fix. With the microcode update landing today, which you should install as soon as possible, all involved feel it is okay to drop the details.
Like the Spectre and Meltdown attacks, ZombieLoad exploits the speculative execution technique modern microprocessors use to speed up their operation.
The ZombieLoad bug pulls data from the store, fill, and load buffers, allowing the attacker to view sensitive data that had previously been thought to be walled off by Intel's Spectre and Meltdown mitigations, this does not allow the attacker to target specific memory locations,but can still allow for sensitive info to be slurped, and the researchers say the only way to fully resolve the flaw is to turn off speculative execution, a move that will effectively cripple CPU performance.
In this case, Intel is opting to patch the flaw as best it can with a Microcode update (the fix only applies to the new processors that have the hardware mitigation for Spectre/Meltdown, and the Whiskey Lake, Coffee Lake-R and Cascade Lake-SP are not vulnerable), but Chipzilla acknowledges this release does not fully remedy the problem.
Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer
"We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface," Chipzilla said.
"Shortly before this disclosure, however, we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates."
It should be noted at this point that, while ZombieLoad and other side-channel attacks make for a good story and do pose a hard-to-remove security vulnerability, they are hardly the most pressing threats out there.
Side-channel vulnerabilities are notoriously difficult to reliably exploit in the wild and require the attacker to have already compromised the target machine, meaning in most cases the victim is already compromised to the point where a side-channel attack is of little necessity. Meanwhile, large businesses are routinely getting breached by spear-phishing attacks and poisoned Office documents.
Users and admins should definitely test and install Intel's microcode updates for these and other side-channel attacks, but in the grand scheme of things, there are far more pressing security threats out there. ®
Serverless Computing London - 6-8 Nov 2019