Security News > 2020 > January > Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws
Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that's tying down Intel's patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling affecting Intel's speculative execution technology introduced in the late 1990s to improve chip performance.
ZombieLoad was originally made public by researchers last May as part of a triplet of hypothetical issues which included two others, Fallout and Rogue In-Flight Data Load, affecting post-2011 Intel processors.
The new attacks showed that the original May 2019 mitigations hadn't been sufficient, with the first and most serious, CVE-2020-0549, first being reported to Intel at the time of the original ZombieLoad disclosure.
There are no fixes for these yet although Intel has said it will offer these "In the near future."
Intel microprocessors are inside a lot of computers, so should users be worried?
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |