Once again, technology giant Intel is moving to repair its CPU microcode after the disclosure of yet another data-leaking side-channel flaw.
In May, a team of experts revealed a number of new vulnerabilities impacting Intel processors. These new attack procedures rely on Microarchitectural Data Sampling (MDS) flaws and they have been called ZombieLoad, RIDL and Fallout.
The MDS flaws can be misused by a malicious application to get possibly sensitive information from other apps, the operating system, and virtual machines. The attacks work against both personal computers and cloud settings, and they can be leveraged to attain information such as passwords, website content, disk encryption keys and browser history.
When they first revealed the MDS flaws, experts said that although they affected most Intel CPUs made in the last ten years, but they created no impact on some of the newer processors.
Related Article: New Spectre-like Attacks affect Intel CPUs
Tracked as CVE-2019-11135, ZombieLoad Variant 2 is associated with Intel’s Transactional Synchronization Extensions (TSX), which is intended to enhance performance for multi-threaded software.
Experts reported ZombieLoad Variant 2 to Intel on April 23 and apprised the company that the attack works against newer CPUs on May 10, just days before details of the original ZombieLoad attack were made public. Nevertheless, Intel asked them not to reveal the details of Variant 2 until now.
Intel says it has fixed as many as 77 flaws this month, including 67 issues exposed internally.
Linux kernel developers, VMware, Microsoft, Red Hat and others have issued advisories for their customers to inform them about the effect of ZombieLoad Variant 2 and provide extenuations.