Skip to main content

Intel CPUs attacked again as ZombieLoad V2 exploit rises from Spectre’s grave

Intel CPUs that received hardware, software, and microcode fixes for various Spectre-related bugs are still vulnerable to a new speculative execution attack called ZombieLoad v2. This latest flaw in Intel’s chip design doesn’t make every single Core processor vulnerable, but it affects the latest few generations, from 2013’s Haswell architecture through to the latest Cascade Lake designs.

ZombieLoad v2 is the fifth of the micro-architectural data sampling (MDS) vulnerabilities that have affected Intel CPUs. One of those, ZombieLoad, caused concern for every Intel CPU going back to 2011 and Intel was quick to fix it. But that did lead to some performance degradation and raised questions about the viability of Intel’s hyperthreading feature — which enables a CPU to simultaneously work on a number of threads equal to double its number of cores — and whether disabling it altogether might be worth the added security such a performance-inhibiting move would provide.

Recommended Videos

In the case of ZombieLoad V2, Intel was informed of the potential exploit on April 23 of this year, with the researchers behind the discovery confirming that the attack vector was also present on new Cascade Lake CPUs in May. Intel has reportedly not patched this issue at this time, but did release a statement downplaying its potential effects, as well as promising a microcode fix in the near future.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

“We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” Intel said on its new security blog, suggesting that existing ZombieLoad fixes make it unlikely that ZombieLoad V2 would be a viable attack vector. It then went on to claim, however, that, “Shortly before this disclosure […] we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates. We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel.”

As the researchers pointed out, via WCCFTech, the main problem with ZombieLoad V2 is that it works on CPUs that have hardware fixes against Meltdown. That could suggest that Intel will need to further change its chip designs in future if it wants to put a more permanent stop to these kinds of attacks.

Digital Trends spoke with some chip developers earlier this year who suggested that using a secure core on die could help circumvent the problems faced by speculative execution attacks. It’s too early to tell how effective such a solution would be, but Microsoft recently announced it was incorporating a “Secured core” in its Surface Pro X. We haven’t had extensive testing time with it yet, but the overall design seems solid.

But what about AMD in all this? Since its CPUs don’t use transactional synchronization extensions (TSX) — which enable faster multithreaded software support — it isn’t vulnerable to ZombieLoad-style attacks, in the same way that it wasn’t vulnerable to the initial Meltdown exploit. Indeed, when it comes to chip security and performance-inhibiting mitigations against exploits, AMD is leaps and bounds ahead of Intel. While AMD’s CPUs have slowed down by a few percent since the advent of the first Spectre attacks, Intel hardware with the full complement of fixes has seen far greater performance degradation.

For Intel, things look a little bleaker. Spectre-like attacks seem destined to continue to appear until Intel changes its CPU designs permanently. With AMD breathing down its neck in almost every market sector, that won’t be an attractive prospect, especially since the blue team is already behind on the race to ever-smaller CPU dies.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Someone just got the Intel B570 GPU a month in advance — and it works
ASRock's Arc B570 Challenger GPU.

Although Intel's Arc B580 is already here, the B570 is only set to launch on January 16. However, a German retailer listed the card well ahead of time and, surprisingly, one B570 actually shipped to a customer. The B580 is one of the best graphics cards for budget-conscious gamers, but how will the B570 compare?

Early listings and preorders happen shockingly often. For example, yesterday we found an RTX 5090 PC priced at well over $6,000. However, those listings often don't amount to much, and the items don't ship until their designated release dates -- but not this time.

Read more
We might get a new Steam Deck next month — and Valve isn’t making it
The Steam Deck OLED on a pink background.

I expected to see some new handheld gaming PCs this year at CES, but it looks like something even more exciting is in store. AMD and Lenovo are hosting an event during the week of the show, and it'll have two special guests in attendance: Valve's Pierre-Loup Griffais and Microsoft's Jason Ronald.

I'll be attending the event on January 7, about which Sean Hollister over at The Verge initially shared out the details. There are a couple of reasons why this event could be significant. First, Valve. Since the launch of the Asus ROG Ally, there have been a handful of these types of events featuring spokespeople from AMD, Microsoft, and the company making a handheld -- Lenovo or Asus. Valve hasn't ever been in attendance, and considering Valve makes the Linux-based Steam Deck, it would be odd for the company to have a presence.

Read more
OpenAI teases its ‘breakthrough’ next-generation o3 reasoning model
Sam Altman describing the o3 model's capabilities

For the finale of its 12 Days of OpenAI livestream event, CEO Sam Altman revealed its next foundation model, and successor to the recently announced o1 family of reasoning AIs, dubbed o3 and 03-mini.

And no, you aren't going crazy -- OpenAI skipped right over o2, apparently to avoid infringing on the copyright of British telecom provider O2.

Read more