A new vulnerability has been uncovered in Intel’s Transactional Synchronization Extensions (TSX), affecting even hardware mitigated 9th Gen Coffee Lake and Cascade Lake chips. The TSX Asynchronous Abort (TAA) vulnerability once again utilises speculative execution to allow nefarious users to scrape information through a side channel – and it works even on the most up-to-date, hardware mitigated silicon.
Resurfaced by the original team of security researchers behind the Zombieload disclosure (via Techcrunch), the new variant of Zombieload is possible on even those CPUs now resistant to Microarchitectural Data Sampling (MDS) vulnerabilities reported earlier in the year. MDS attacks were ruled out with either firmware or hardware fixes for Intel’s chip lineup. However, the latest vulnerability, TAA, may allow a user to exploit the same weakness as MDS attacks through a different, unpatched mechanism.
Processors that were vulnerable to MDS attacks (modern CPUs prior to the latest Coffee Lake Core i9 9900K, Core i7 9700K, and Core i5 9600K processors), which have since received microcode patches, are not wholly affected by TAA. The existing mitigation “helps address the TAA CVE vulnerability” in Intel’s own words. However, those chips with hardware mitigations for MDS attacks that also support TSX (Coffee Lake R and Cascade Lake) could now be exposed to TAA.
“The main advantage of this approach is that it also works on machines with hardware fixes for Meltdown,” the edited paper republished by researchers from Graz University of Technology, Cyberus Technology, KU Leuven, and Worcester Polytechnic, says (via The Register), “which we verified on an Core i9 9900K and Xeon Gold 5218. However, in contrast to Variant 1, we require the Intel TSX instruction set extension, which is only available in selected CPUs since 2013.”
TAA, or CVE-2019-11135, has been assigned a CVSS rating of 6.5 (medium). Most side-channel attacks are, by their very nature, incredibly difficult to exploit – so don’t panic.
Previous firmware mitigations applied to Intel’s CPUs had a ranging impact on performance – anywhere from entirely negligible to over 10% on some specific server workloads.
|Processor series||Affected by TAA|
|Whiskey Lake (ULT refresh)||If TSX supported|
|2nd Gen Intel Xeon Scalable Processors based on Cascade Lake microarchitecture||If TSX supported|
|Coffee Lake R (9th Gen)||If TSX supported|
Without hardware mitigations in place for TAA, Intel is recommending either software and firmware MDS mitigations – the same ones it intended on avoiding with the hardware mitigations on its latest processors – or disabling Intel TSX altogether. This is unlikely to have any major impact on gaming PC performance, and will have Intel’s server partners more worried than most.