[Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort
Current Intel hardware mitigations do not cover TAA and current Cascade Lake CPUs remain vulnerable. TAA can allow leaking of data across processes, privilege boundaries and Hyper Threading. With Hyper Threading disabled, TAA can still leak data from protected domains.
For mitigating TAA Asynchronous Abort there is no new software workaround out today short of disabling Intel TSX. It is recommended to disable Hyper Threading while Cyberus ultimately recommends running trusted/untrusted applications on separate physical systems.
So far all versions of all operating systems (Microsoft Windows, Linux, MacOS, BSDs, …)
All hypervisors (VMWare, Microsoft HyperV, KVM, Xen, Virtualbox, …)
All container solutions (Docker, LXC, OpenVZ, …)
Intel CPUs with support for Intel TSX (most recent Intel Core and Xeon CPUs).
Playin' the lead roll in a dwerg tossing contest...
Hardware mitigations only cover known attacks and do not cover the vector. Unless Intel builds a CPU from the ground up these will keep popping like mushrooms... (MUSHROOM!!!).
yep, nothings changing until core officially dies. It's grown quite long in the tooth.
i was just explaining this to my old man over dinner, as he laughed at me for not buying in on AMD in 2015. Asked if AMD still has upward momentum. I basically explained that ^^^ will keep happening, which will continue to slow down existing hardware, and tarnish their "good" name. = more money for AMD.
R.I.P. Zawarudo, may you OC angels' wings in heaven.
Furthermore, Intel released 18 security related advisories yesterday (the 12th), as well as a number of mitigating patches (which don't necessarily fix all the holes). Anyway, Linux users have already started seeing the patches, but as of now there's no word yet on when they'll start showing up elsewhere.
ZDnet's got an easy to follow article on the topic, if you're interested in it:
Most people with Haswell based PC's will have TSX disabled because Intel found a bug in TSX back in 2014 and issued a microcode update to disable it. Only Xeons E7 based on Haswell-EX have the bug fixed and TSX enabled.
As to Broadwell, it's a bit unclear as to exactly what models have TSX enabled and disabled, but Broadwell-Y has the bug and is thus disabled. The i7 5650U and 5600U, i5 5350U and 5300U are supposed to have it working. Xeon-D has it working and so do the desktop i5-5675C and i7-5775C. Broadwell-E (HEDT) apparently doesn't have TSX enabled, there is nothing on it in the ARK pages.
So, when it comes to Haswell and Broadwell, it's a bit of a mess, especially Broadwell.