A new vulnerability has been uncovered in Intel's Transactional Synchronization Extensions (TSX), affecting even hardware mitigated 9th Gen Coffee Lake and Cascade Lake chips. The TSX Asynchronous Abort (TAA) vulnerability once again utilises speculative execution to allow nefarious users to scrape information through a side channel – and it works even on the most up-to-date, hardware mitigated silicon.
Resurfaced by the original team of security researchers behind the Zombieload disclosure (via Techcrunch), the new variant of Zombieload is possible on even those CPUs now resistant to Microarchitectural Data Sampling (MDS) vulnerabilities reported earlier in the year. Mds Attacks were ruled out with either firmware or hardware fixes for Intel's chip lineup. However, the latest vulnerability, TAA, may allow a user to exploit the same weakness as MDS attacks through a different, unpatched mechanism.
Processors that were vulnerable to MDS attacks (modern CPUs prior to the latest Coffee Lake Core i9 9900K, Core i7 9700K, and Core i5 9600K processors), which have since received microcode patches, are not wholly affected by TAA. The existing mitigation “helps address the TAA CVE vulnerability” in Intel’s own words. However, those chips with hardware mitigations for MDS attacks that also support TSX (Coffee Lake R and Cascade Lake) could now be exposed to TAA.