Intel to release more patches for 'Zombieload' vulnerabilities affecting its processors

Security researchers criticise Intel for its piecemeal approach towards micro-architectural data sampling flaws

Intel is to release new patches "in the coming weeks" to address two more vulnerabilities affecting the speculative execution functionality of its processor technology.

"These issues are closely related to INTEL-SA-00233, released in November 2019, which addressed an issue called Transactional Synchronization Extensions (TSX) Asynchronous Abort, or TAA," Jerry Bryant, director of security communications at Intel, said in a blog post.

"At the time, we confirmed the possibility that some amount of data could still potentially be inferred through a side-channel and would be addressed in future microcode updates," Bryant added.

This is the third time in less than a year that Intel has released patches for Zombieload, or micro-architectural data sampling (MDS) flaws in its chips.

The company released patches for similar vulnerabilities in May and November last year.

The company first came to know about MDS vulnerabilities in June 2018, after being notified by different teams of researchers about the flaw. The research teams named the security flaw as Zombieload or Rogue In-Flight Data Load (RIDL).

RIDL-class vulnerabilities are non-trivial to fix or mitigate, and current 'spot' mitigation strategies for resolving these issues are questionable

Much like the infamous Spectre and Meltdown attacks, Zombieload attacks also take advantage of the speculative execution feature of Intel's processors, originally developed to improve processor performance.

The two new vulnerabilities that Intel will address in its upcoming patches have a couple of limitations, though.

One of them, dubbed L1D Eviction Sampling (L1DES), doesn't work on Intel chips sold after the third quarter of 2018. Moreover, it can't be used to launch attacks via a web browser. Indexed as CVE-2020-0549, this information disclosure vulnerability requires authenticated local access.

"This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations," Intel said.

The second flaw, indexed as CVE-2020-0548, is referred to as vector register sampling, and was given a fairly low CVSS score of 2.8 out of 10 by Intel.

But security researchers who first discovered these RIDL-class vulnerabilities have criticised Intel for its piecemeal and incomplete approach towards these flaws.

"We spent months trying to convince Intel that leaks from L1D evictions were possible and needed to be addressed," claimed the researchers on their website.

"We reiterate that RIDL-class vulnerabilities are non-trivial to fix or mitigate, and current 'spot' mitigation strategies for resolving these issues are questionable," they added.

Intel, however, downplayed the criticism by saying that it had taken several steps to mitigate the risk posed by the flaws.

"We continue to conduct research in this area - internally, and in conjunction with the external research community," the company stated.

Intel added that there were no reports of anyone taking advantage of the flaws outside the lab.