Intel processors identified Load Value Injection vulnerability (video)

Enviable Cybersecurity Specialistsregularly identify more and more problems with Intel processors. More recently, the Converged Security and Management Engine (CSME) was discovered to be unrecoverable, and Bitdefender reports a new issue. The identified vulnerability in Intel chips, already called by experts of Load Value Injection (LVI), is primarily a threat to servers in the data center. The LVI problem affects all Core families: the third generation from Ivy Bridge and ending with the 10th generation Comet Lake processors.

According to Bitdefender experts whoconducted a successful attack using the vulnerability CVE-2020-0551, Intel was notified of an existing problem on February 10, 2020. The attack was based on Meltdown vulnerabilities that were previously fixed by Intel software. However, the LVI vulnerability is still a threat, even after programmatic changes are made.

Bitdefender believes that to fixidentified vulnerabilities and blocking the LVI attack vector, Intel will have to solve the problem at the level of architectural change. Nevertheless, to reduce the risk of attack, you can use software and firmware patches, which truth will lead to a decrease in performance from 2 to 19 times.

LVI attack technology is to usethe hacker can substitute his own malicious line of code into the microarchitectural elements, which allows you to hack into the system and gain access to the necessary information. As a result of the attack, the attacker not only gains access to confidential data, but also steals passwords, bypasses encryption and ultimately can establish complete control over the computer.

Experts also note that for an attackLVI, you must enter data in the Intel SGX enclave, which can be done using javascript scripts. Therefore, for a successful attack, there is no need to gain physical access to the computer. At the same time, Bitdefender noted that they did not conduct research on this attack direction. For multi-user systems that are common in virtual servers, the attack allows you to listen to neighboring nodes. Such an attack is difficult to implement in practice and does not pose a threat to ordinary users.

Meanwhile, Intel held a detailedanalysis of the LVI vulnerability and noted that due to the many complex requirements that must be satisfied for the successful implementation of the LVI method, this vulnerability "... is not a practical means of use in real environments." However, Intel recommends that system administrators and developers consider the potential for an LVI attack.