Speculative-Execution CPU Flaws Exposed Data Across Intel, AMD, and ARM Systems
Researchers disclosed the Meltdown and Spectre hardware flaws, showing that speculative execution in modern processors could let attackers read sensitive data across security boundaries on affected devices. Reuters reported that Meltdown primarily affected Intel processors by breaking memory isolation, while Spectre impacted Intel, AMD, and ARM chips by tricking applications into leaking secrets such as passwords and other protected data. CERT/CC later summarized the broader issue as cache side-channel attacks against CPU hardware using speculative execution, underscoring that the weakness was architectural rather than limited to a single product line.
Major vendors and cloud providers moved to contain the fallout with software, firmware, and microcode mitigations, including Microsoft Azure protections for hosted customers and public advisories from manufacturers such as Huawei. Subsequent research showed the problem persisted beyond the initial disclosures: the ZombieLoad attacks demonstrated additional Intel data-leakage paths tied to speculative execution, and a later TSX Asynchronous Abort (TAA) variant affected some processors previously thought to be resistant. Intel issued microcode updates, but researchers and vendors warned that mitigations reduced rather than eliminated risk, that exploitation generally required local code execution, and that fully disabling the underlying CPU behavior would carry significant performance costs.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
New ZombieLoad variant via TAA affects more Intel CPUs
Researchers disclosed a new ZombieLoad variant tied to TSX Asynchronous Abort (TAA), showing that some newer Intel processors previously thought resistant could still leak data. Intel released a microcode update, while researchers and Intel acknowledged the mitigations were incomplete and further updates were expected.
ZombieLoad attack on Intel processors is disclosed
Researchers disclosed ZombieLoad, a speculative-execution side-channel attack affecting Intel processors that can leak sensitive data. The disclosure showed that new CPU data-leakage issues continued to emerge after Meltdown and Spectre.
CERT/CC publishes advisory on speculative-execution side channels
CERT/CC released VU#180049 warning that CPU hardware using speculative execution may be vulnerable to cache side-channel attacks. The advisory documented the broader vulnerability class and associated vendor impact beyond the initial disclosure period.
Huawei issues statement on Intel CPU design vulnerabilities
Huawei published a security notice responding to media disclosure of vulnerabilities in Intel CPU architecture design. The notice reflected vendor acknowledgement and customer guidance following the broader Meltdown and Spectre disclosure.
Meltdown and Spectre are publicly disclosed
Public reporting revealed the Meltdown and Spectre vulnerabilities, warning that they put a vast number of phones, computers, and cloud systems at risk. Vendors including Apple, Microsoft, Intel, ARM, AMD, and Google were reported to be preparing or distributing software and firmware mitigations.
Microsoft announces Azure protections for CPU vulnerability
Microsoft said it had taken steps to secure Azure customers against the newly disclosed CPU vulnerability class and published guidance on mitigations. The announcement was part of the coordinated industry response to Meltdown and Spectre disclosures.
Researchers discover Meltdown and Spectre CPU flaws
Google Project Zero researchers and academic and industry partners identified two major speculative-execution vulnerabilities later named Meltdown and Spectre. The flaws affected modern processors from Intel, AMD, and ARM, with Meltdown primarily impacting Intel and Spectre affecting multiple chip vendors.
Sources
4 references tracked. Mallory keeps watching after this page renders.
True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant
theregister.co.uk
Open sourceZombieLoad attack lets hackers steal data from Intel chips | The Verge
theverge.com
Open sourceVU#180049 - CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
kb.cert.org
Open sourceGoogle Online Security Blog: Today's CPU vulnerability: what you need to know
security.googleblog.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Meltdown and Spectre Flaws Triggered Broad Patching and Performance Tradeoffs
Researchers disclosed the speculative-execution attacks **Meltdown** (`CVE-2017-5754`) and **Spectre** (`CVE-2017-5753`, `CVE-2017-5715`), showing that modern Intel, AMD, and ARM processors could leak sensitive data across privilege boundaries through cache-timing side channels. Google Project Zero demonstrated kernel and virtual-machine memory disclosure, while browser vendors including Mozilla confirmed that web content could abuse similar techniques, prompting Firefox to reduce timer precision and disable `SharedArrayBuffer` by default. Microsoft, Apple, Linux distributors, cloud providers, and hardware vendors issued operating-system, browser, and microcode mitigations, with Microsoft saying Azure had already been updated and Intel later announcing hardware changes for future chips. Early mitigation rollouts brought significant operational concerns, including uneven performance degradation and unstable firmware updates. Linux and macOS testing found that common desktop benchmarks often changed little, but syscall-heavy, storage, and IO-intensive workloads could slow noticeably, with some macOS microbenchmarks degrading by roughly **2x to 4x** and Windows Server or older systems expected to see larger impacts than newer Windows 10 devices. Intel’s early Spectre-related microcode updates were later linked to reboots and possible data corruption, leading Microsoft to publish an emergency update that disabled one mitigation path, while vendors such as Dell and NetApp tracked product exposure and remediation guidance as the industry continued responding to follow-on speculative-execution issues.
May 27, 2026
Intel Faced Expanded Spectre-Class CPU Flaws as Mitigations Shifted to Hardware
Researchers and industry reporting revealed that Intel processors were affected by a broader set of speculative-execution vulnerabilities beyond the original **Meltdown** and **Spectre** disclosures, including eight additional issues dubbed **Spectre-NG**. Several of the newly reported flaws were described as high risk, with at least one capable of crossing virtual machine boundaries and threatening cloud environments by exposing sensitive data such as passwords and cryptographic keys; reports also said Intel **SGX** protections were not sufficient against some of these attacks. The wider Spectre/Meltdown family affected Intel most heavily for Meltdown and Intel, AMD, and Arm for Spectre, reinforcing warnings that complete remediation would ultimately require hardware changes rather than software alone.
Jun 8, 2026
Downfall CPU flaw exposes data on affected Intel systems via Gather Data Sampling
Intel, Microsoft, VMware, Xen, and Linux maintainers published mitigation guidance for **Downfall** / **Gather Data Sampling (GDS)**, a transient execution side-channel vulnerability tracked as **`CVE-2022-40982`** that affects multiple Intel processor generations from **Skylake through Tiger Lake/Ice Lake-era parts**. Research by Google’s Daniel Moghimi showed the flaw can leak sensitive data across security boundaries—including processes, the kernel, virtual machines, sibling threads, and some trusted execution environments—by abusing speculative execution of **gather** instructions to expose stale vector register contents. Reported impacts include theft of passwords, encryption keys, SGX-protected data, and other memory-derived secrets, with shared and cloud environments highlighted as particularly exposed. Intel said mitigation relies primarily on updated **microcode** that blocks transient results of gather instructions from being observed speculatively, while Microsoft directed Windows customers to obtain Intel platform updates from OEMs and noted the protection is enabled by default. VMware said hypervisor patches are generally not required if underlying firmware is updated, while Xen issued advisory **XSA-435** and stable-tree fixes plus options such as restricting **AVX** for untrusted guests. Intel and downstream guidance warned that mitigation can carry noticeable performance costs—minimal for many workloads but up to **50%** for gather-heavy applications—and added that newer Intel families such as **Alder Lake, Raptor Lake, and Sapphire Rapids** include protections and are not considered affected.
May 26, 2026