Problems discovered with Intel’s processor chips mean that many computers face a performance slowdown, the company has confirmed. The new group of vulnerabilities is collectively called Microarchitectural Data Sampling (MDS).
MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program with the potential means to read data that program otherwise would not be able to see.
MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking, Intel said, and MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.
MDS is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family.
The flaw, dubbed Zombieload, was discovered by researchers at Graz University of Technology in Austria and KU Leuven university in Belgium.
It could enable an hacker to spy on tasks being handled by any Intel Core or Xeon-branded central processing unit (CPU) released since 2011, they explained.
It could allow attackers to steal sensitive information or provide the means to unscramble encrypted files. The researchers commented: “This could affect user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”
Intel said that data centres are likely to be worst affected by the patches required to rectify the problem, but the impact on most PC owners should be minimal.
The company believes that data centre servers carrying out tasks using the programming language Java will be affected the most.
Amazon Web Services, Google Cloud and Microsoft Azure all power their data centres with Intel technology, and may have to invest in additional computer servers if the software patches involved significantly impact performance.
The discovery of the Zombieload flaw follows the disclosure of the earlier Spectre, Meltdown and Foreshadow vulnerabilities in 2018.