Intel CPUs From Haswell to Cascade Lake Vulnerable to Zombieload V2
All Intel CPUs based upon Haswell up to the latest Cascade Lake CPUs have been discovered to be vulnerable to a new variant of Zombieload attacks, now known as Zombieload V2 as detailed in this whitepaper.
Zombieload V2 marks the fifth entry to the list of Microarchitectural Data Sampling (MDS) vulnerabilities, building upon four previously discovered and patched by 1H 2019. Intel’s HEDT and enterprise microarchitecture, Cascade Lake, was initially believed to be immune to Zombieload-type security exploits, though this has proven to be false as Zombieload V2 may very well compromise a Cascade Lake system, let alone microarchitectures before Cascade Lake going back to as far as 2013 for Zombieload V2 and 2011 for the original Zombieload vulnerability.
Due to the nature of Intel’s microarchitectures, no hardware-level mitigations may be put into place. Intel’s alternate solution is to push out a microcode update in the form of a firmware patch that will become available through motherboard manufacturers as BIOS updates. Patches may also become available through an operating system patch.