New CPU Vulnerabilities Discovered
RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers responsibly informed Intel, and kept the information confidential at Intel’s request, to give the CPU maker time to prepare patches. Reports indicate that Intel is still working on fixes, but may have another patch(s) ready very soon to protect their products.
Hacking hardware, like the Central Processing Unit (CPU) is especially problematic for security as such vulnerabilities reside below the operating system and typically outside the view of cybersecurity products. It can take much longer than software flaws to develop, test, and deploy. Additionally, patching hardware with new microcode is especially difficult as it can have serious repercussions to the system. In the past, customers complained about unacceptable performance impacts with previous security fixes, and researchers complained that some of the mitigations were insufficient, resulting in customers remaining vulnerable.
Wired magazine did a great write-up: https://www.wired.com/story/intel-zombieload-third-patch-speculative-execution/