Nicknamed Zombiload v2 (CVE-2019-11135), this is a variation of the Zombieload v1 vulnerability, but one that worked on Intel's newer line of CPUs, those which the company claimed had protections against speculative execution attacks baked in at the hardware level.Full details at ZD Net.
According to an updated version of the Zombieload academic paper that ZDNet received this week, the Zombieload v2 attack exploits the Intel Transactional Synchronization Extensions (TSX) Asynchronous Abort operation that occurs when an attacker uses malicious code to create a conflict between read operations inside a CPU.
This read conflict for TSX Asynchronous Abort (TAA) operations leaks data about what's being processed inside an Intel CPU.
All Intel CPUs since 2013 hit by Zombieload v2 vulnerability
Posted on Wednesday, November 13 2019 @ 16:18 CET by Thomas De Maesschalck