- Home page
- Intel continues to struggle with vulnerabilities in its processors
Intel is struggling to get rid of the “ZombieLoad” vulnerabilities. On 27 January, the American foundry reported two flaws in its processors, which will in principle be corrected within a few weeks. It remains to be seen whether these patches will finally allow the group to move on: indeed, this is the third time in less than a year that the group has intervened to fix this type of vulnerability.
Intel had already deployed patches in May and November 2019 but, like Sisyphus with his rock, the processor specialist has to roll up his sleeves once again to try to prevent data leaks. The description of both vulnerabilities talks about the possibility for “an authenticated user to potentially disclose information via local access“.
However, the two faults do not have the same degree of dangerousness: the first is considered not very critical, while the second is more serious. The good news is that Intel has no indication that third parties are exploiting them. This is fortunate, a priori, because the number of processors involved is significant: the Amber Lake, Cascade Lake, Coffee Lake Kaby Lake, Skylake and Whiskey Lake generations are mentioned.
The problem facing Intel is referred to as Microarchitectural Data Sampling (MDS). It affects Intel processors that use Hyper-Threading, a process that allows tasks to be parallelized so that they are processed at the same time. That would be fine, if there were no leaks.
The problem is that an attack “remains possible against processors with hardware mitigation measures against the MDS,” write the researchers who named the series of faults ZombieLoad. “In addition, we show…that on some processors, software mitigation measures, including the necessary firmware updates, do not fully prevent the attack. »
They add that with the most recent disclosures about these vulnerabilities (the most recent was on January 26th and is called L1D Eviction Sampling), “ZombieLoad mitigation measures are incomplete and opponents continue to disclose data that is being expelled from the processor’s first-level cache. Hence the Intel reaction.
A visual representation of speculative execution.
MDS vulnerabilities take advantage of speculative execution, a term that refers to computing operations that processors do “in anticipation” of tasks that have not yet occurred – processors try to predict the next instructions: if they do occur, the PC saves time on the processing to be performed. Otherwise, he abandons them.
The problem is that speculative execution is also a never-ending source of worry for Intel. This type of approach was already at the origin of the Spectre and Meltdown attacks that hit the headlines in January 2018. Since then, the American foundryman has been struggling to try and plug all the gaps in its processors, including the latest ones – even if it means reducing their performance.
- Read more: Intel launches special program to track Meltdown and Spectrum-like vulnerabilities
The editors recommend