Intel processors need hardware fixes due to new LVI attack

LVI attack on Intel processors

Security experts discovered a new attack on Intel processors called Load Value Injection (LVI). This claim is not an attempt to to balance yesterday’s news about vulnerabilities in the processors of Intel’s rival AMD. Indeed, the news came one after another.

A team of scientists from the Worcester Polytechnic Institute, Graz Technical University, the University of Michigan, the University of Adelaide, as well as Bitdefender experts, spoke about a new problem that threatens Intel processors (a list of affected processors can be seen here).

The new attacks are called Load Value Injection (LVI), and although Intel engineers have already released software patches, a complete fix to these problems is not possible – in the future, the company’s processors will require hardware changes.

LVI attacks are to the certain extend “heritage” of the sensational vulnerabilities Meltdown and Specter, emerged in 2018, starting from which experts have identified many other side-channel problems, including Spoiler, RIDL, Fallout and ZombieLoad, ZombieLoad 2, NetCAT, TPM -FAIL, Plundervolt.

As experts explain, LVI is a reversed Meltdown. Therefore, if the Meltdown problem allowed attackers to extract application data in the CPU memory, then LVI attacks allow injecting code into the CPU and execute it as a transient operation, which gives the attacker control over the situation.

Tests, successfully performed by two research groups that discovered the LVI problem independently of each other, prove the wide range of effects of the new threat. For example, scientists focused on issues of data leaks (encryption keys) from Intel SGX enclaves, while Bitdefender engineers focused on attacks on cloud environments.

“This type of attack is especially damaging in common environments, such as corporate workstations or servers in data centers, where one tenant with small privileges can merge sensitive information from a more privileged user or from another virtual environment on top of the hypervisor”, — Bitdefender writes.

Let me remind you that in January 2018, when the details of the Meltdown vulnerability were revealed, Intel announced that only a firmware update would be required to fix it, while hardware corrections were needed to eliminate the Specter threat. Now researchers write that everything has changed: from now on, the class of attacks Meltdown and LVI also require hardware patches and software patches are no longer enough.

The researchers explained that in order to implement their attacks, they relied on the same hardware operations as Meltdown, which means that while Meltdown is running, LVI attacks will work. Moreover, LVI attacks were successfully tested on systems that received all patches for protection against Meltdown, that is, existing patches do not always successfully block new versions of Meltdown attacks.

Current demonstrations of LVI attacks are based on running malicious code directly on the target computer, i.e. it is assumed that the attacker already has local access. Nevertheless, a remote attack using JavaScript is also possible, and for this, it is enough to trick the user into a malicious site (similar to the original Meltdown attack). In practice, researchers have not yet tested the vector of attacks using JavaScript, but they claim that theoretically this should work.

“However, LVI attacks would be difficult to implement in practice, especially if to compare them with other attacks on third-party channels (MDS, L1TF, SWAPGS). Currently, LVI attacks are seen as theoretical rather than direct threat to users right now”, – reassure IS experts.

However, in the future, as information security researchers discover more problems and learn more about how processors actually work, the current CPU design may be considered unsafe.

Currently, real tests have confirmed that LVI attacks pose a threat to Intel processors, but researchers do not exclude that AMD and ARM solutions, as well as any processors that are vulnerable to Meltdown data leaks, can also be prone to a new problem.

In addition, it is reported that according to preliminary tests, already released Intel software patches seriously affect performance. Therefore, installing patches can reduce performance from 2 to 19 times.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *