A team including some of the researchers who discovered the Spectre and Meltdown vulnerabilities in AMD and Intel CPU announced a new class of vulnerability affecting Intel CPU which they called Zombieload.
Like Spectre and Meltdown, the Zombieload vulnerability exploits weaknesses in the implementation of speculative execution in Intel CPUs. The different attack names reflect the different parts of the CPU architecture that are being abused in the attack.
For Meltdown and Spectre, the attacker is able to gain access to application and kernel data stored in memory.
For Zombieload, the attacker is able to gain access to data stored in micro-architectural buffers within the CPU itself. This means a process in one hyperthread on a CPU core can get access to data loaded by a another hyperthread running in the same CPU. Since the placement of processes within threads across CPU cores is usually arbitrary (controlled by the operating system), the two threads on the same CPU core could come from different application or even a different virtual machines for example.
The researchers say in their paper:
ZombieLoad is a transient-execution attack which observes the values of memory loads on the current physical CPU. ZombieLoad exploits that the fill buffer is accessible by all logical CPUs of a physical CPU core and that it does not distinguish between processes or privilege levels.
How to mitigate against Zombieload
Systems Administrators responsible for servers running multiple Virtual Machines should consider adjusting the mapping of VMs against available physical CPUs to avoid Virtual Machines of different security value running on the same physical CPU. It would be even better to avoid running Virtual Machines of different security value (such as one VM used for testing and another VM which is a live Web server) on the same physical server.
While the main hosting providers and operating system vendors are issuing patches which mitigate the recently published flaws (both in their own software and rolling out CPU microcode updates from Intel), it would appear that the only real defence against this new class of attacks is to disable hyperthreading. The loss of hyperthreading could impact system performance by up to 40% according to a security advisory for their laptops from Apple.
Intel has published their own detailed advisory which has more optimistic predictions for the performance impact of the fixes