The culprit of the latest TSX Speculative Attack is found. This flaw is known as the ZombieLoad2 or the TSX Asynchronous Abort. Experts tagged this new flaw as CVE-2019-11135, which infects the latest versions of Intel CPU and exploits it to launch a TSX Theoretical attack.
This new attack is called as such because it affects the Transactional Synchronization Extensions or the TSX feature found in processors manufactured by Intel. Once it has done so, it can have the hackers or attackers run a code that can steal information from the operating system. ZombieLoad is made to target an unpredictable execution is used in new CPUs to enhance its performance.
During the past few months, software security firms had been trying to figure out the culprit. They devised different speculative channels, including Rogue In-flight Data Load (RIDL), Microarchitectural Data Sampling (MDS attacks) Fallout, and ZombieLoad. However, unlike Spectre, Meltdown, and Foreshadow attacks, the MDS Attacks goal is the CPUs’ microarchitectural data infrastructures.
In addition, the researchers also found that the newest form of the ZombieLoad attack impacts the processors in the Intel Cascade Lake CPU series, which are impenetrable by previous attacks before. It only attacks the CPUs that are ancillary to the Intel TSX instruction set extension. This condition is commonly found in Intel CPUs that are manufactured from 2013 to the present.
The TSX feature is responsible for improving the performance of the system by using the memory involving hardware transactions to its full advantage. It means that any operation on this memory does not have any bearing on the overall functioning of the CPU.
What the researchers found is that the vulnerability of the TSX Asynchronous Abort (TAA) is the same as the Microarchitectural Data Sampling as it affects similar buffers like the fill buffer, store buffer, and the load port writeback data bus. The security threat memo issued by Intel released the same information.
Because the Intel TSX supports aborted or committed memory transactions, when the memory transaction is canceled, all the previous memory and operations are returned to their original status before the transaction. In a suspended Intel TAA (TSX Asynchronous Abort), some specific loads in this transaction that are incomplete may peruse information from microarchitectural assemblies and pass these data to other operations.
Many experts found out that when aborting transactions that involve memory, it may allow other sources to process the data that are located in other ongoing processes, and that includes operating kernel data. A hacker can use this flaw to get sensitive data like encryption keys and passwords.