Enviable Cybersecurity Specialistsregularly identify more and more problems with Intel processors. More recently, the Converged Security and Management Engine (CSME) was discovered to be unrecoverable, and Bitdefender reports a new issue. The identified vulnerability in Intel chips, already called by experts of Load Value Injection (LVI), is primarily a threat to servers in the data center. The LVI problem affects all Core families: the third generation from Ivy Bridge and ending with the 10th generation Comet Lake processors.
According to Bitdefender experts whoconducted a successful attack using the vulnerability CVE-2020-0551, Intel was notified of an existing problem on February 10, 2020. The attack was based on Meltdown vulnerabilities that were previously fixed by Intel software. However, the LVI vulnerability is still a threat, even after programmatic changes are made.
Bitdefender believes that to fixidentified vulnerabilities and blocking the LVI attack vector, Intel will have to solve the problem at the level of architectural change. Nevertheless, to reduce the risk of attack, you can use software and firmware patches, which truth will lead to a decrease in performance from 2 to 19 times.
LVI attack technology is to usethe hacker can substitute his own malicious line of code into the microarchitectural elements, which allows you to hack into the system and gain access to the necessary information. As a result of the attack, the attacker not only gains access to confidential data, but also steals passwords, bypasses encryption and ultimately can establish complete control over the computer.
Meanwhile, Intel held a detailedanalysis of the LVI vulnerability and noted that due to the many complex requirements that must be satisfied for the successful implementation of the LVI method, this vulnerability "... is not a practical means of use in real environments." However, Intel recommends that system administrators and developers consider the potential for an LVI attack.