Skip to main content

Intel Cascade Lake CPUs hit by new security flaw

(Image credit: Shutterstock.com / Nicescene)

The security of Intel hardware has once again been called into question after another serious security vulnerability was uncovered.

Following the well-publicised issues surrounding Meltdown and Spectre, a new flaw has been uncovered that could allow hackers to gain entry to devices powered by Intel CPUs.

However the affected systems don't feature older generations of Intel hardware, but instead are those powered by the latest Cascade Lake CPUs, with both 10th Gen Intel Core and 2nd Generation Intel Xeon processors affected.

Flaw

The vulnerability, named ZombieLoad 2, or TSX Asynchronous Abort, targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. Speculative execution typically looks to boost the performance of the CPU by running instructions in advance of knowing if they are needed or not.

ZombieLoad attacks were first detected in May 2019, when it was discovered they could use malicious program to steal sensitive data from memory locations that normally they could not access.

Now, a second generation, ZombieLoad 2, has been found to be able to get around the defences put in place after the initial attacks were detected and steal sensitive data from the operating system kernel or other processes.

Intel has documented the full extent of the flaw in a blog post, noting that the issue should be fixed through Microsoft's latest November 2019 Patch Tuesday updates, with Intel recommending users patch their systems immediately.

Via BleepingComputer