In case you didn't know, your Intel processor tries to guess your next move and does things in advance. That way, in case it guesses correctly, it can end up being faster and more efficient.
If, on the other hand, it guessed wrongly, the data it gathered gets discarded.
It's a nice little concept, but also one which is vulnerable to various attacks. In some cases, hackers can exploit this feature to gather sensitive data from the operating system kernel or other processes.
That was the case earlier this year, when security researchers disclosed three attacks, called RIDL, Fallout, and ZombieLoad. They were soon patched and thus eliminated. However, we have now learned that ZombieLoad has had a new version which was still operational until today.
It is called ZombieLoad 2, or TSX Asynchronous Abort.
Intel’s advisory says that aborting memory transactions could permit processes to compute the data found in other running processes, including the operating system kernel. Consequently, hackers could use it to get a hold of the victim’s encryption keys, passwords and so on.
This could be achieved either on site, or through malware.
“Intel TSX supports atomic memory transactions that are either committed or aborted. When an Intel TSX memory transaction is aborted, either synchronously or asynchronously, all earlier memory writes inside the transaction are rolled back to the state before the transaction start,” the advisory explains.
“While an Intel TSX asynchronous abort (TAA) is pending, certain loads inside the transaction that are not yet completed may read data from microarchitectural structures and speculatively pass that data to dependent operations. This may cause microarchitectural side effects, which can later be measured to infer the value of the data in the microarchitectural structures.”
A wide range of Intel’s CPUs were affected, including the Cascade Lake lineup.
The vulnerability has since been patched by Microsoft in its November 2019 Patch Tuesday.