[TC] [Updated] New secret-spilling flaw affects almost every Intel chip since 2011

“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

Big tech is stepping in to patch newly disclosed security flaws affecting almost every Intel chip since 2011.

FAQ

Am I affected?

Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware. Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.

Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.

In an attempt to claw back some of the performance loss, and to permanently eliminate Fore-shadow and Meltdown related issues, Intel announced already back in 2018 strong, silicon-based Meltdown defenses in future processors enumerating Rogue Data Cache Load resilience (RDCLNO) [22]. With the recent release of the 9th generation Coffee Lake R microarchitecture, such Meltdown-resistant processors are finally available on the mass consumer market. The RDCLNO security feature promises to obviate the need for KPTI and other defenses, while improving overall performance [6]. However, while Intel claims that these fixes address Meltdown and Foreshadow, it remains unclear whether new generations of Intel processors are properly protected against Meltdown-type transient execution attacks. Thus, in this work we set out to investigate the fol-lowing question:

Is kernel data safe in the new generation of processors? Can ad-hoc software mitigations be safely disabled on post-Meltdown Intel hardware?

1.1 Our Contribution

Unfortunately, in this paper, we answer these questions in the negative.

Security Analysis of Speculation Mechanisms and Coffee Lake Refresh. As a final contribution, we present the first analysis of various exception-creation and exception-suppression mechanisms used to mount Fallout across various Intel architectures. As we show, not all creation and suppression mechanisms are interchangeable, and the exact combination is, in fact, architecture dependent. Finally, we show that the hardware change in exception creation and suppression introduced by Intel in the latest Coffee Lake Refresh architecture make them more vulnerable to our attack.

6 Conclusions and Future Work

Flushing-Based Countermeasures. Because the store buffer is not shared across hyperthreads, leaks can only occur when the security domain changes within a hyperthread. Thus, flushing the store buffer on security domain change is sufficient to mitigate the attack. In particular, we verified that using MFENCE as part of the switch from kernel mode to user mode thwarts the attack.

Limitations. As mentioned above, the attacks described in Section 4 are unable to leak information across hyperthreads. Moreover, as Meltdown software countermeasures (KPTI) flush the buffer on leaving the kernel, and as the store buffer is automatically flushed on change of the CR3 register (i.e., on context switch), only latest generation Coffee Lake R machines are vulnerable to the attack described in Section 4. Ironically, the hardware mitigations present in newer generation Coffee Lake R machines make them more vulnerable to Fallout than older generation hardware.