Intel CPUs vulnerable to new LVI attacks, allows information injection

Named Load Value Injection, or LVI for short, this is a new class of theoretical attacks against Intel CPUs.

While the attack has been deemed only a theoretical threat, Intel has released firmware patches to mitigate attacks against current CPUs, and fixes will be deployed at the hardware (silicon design) level in future generations.

A reverse Meltdown attack

To understand what an LVI attack is, users must first be aware of the Meltdown and Spectre attacks, and more particularly Meltdown.

Disclosed in January 2018, the Meltdown attack allowed an attacker running code on a CPU to read data from the CPU’s memory, while the CPU was processing “speculative” operations.

Speculative execution is a feature of all modern CPUs, one in which the CPU computes information in advance in an attempt to guess future results. The entire idea of speculative execution is to have the data ready for the CPU, if it ever needs it, and help improve the CPU’s speed and performance. Once data is not needed, it’s discarded. Meltdown and Spectre attacks target data while in this “transient” state, while waiting to be dismissed.

lvi-transient.png

The Meltdown and Spectre attacks were groundbreaking when they were first revealed in 2018, showing a major flaw in the designs of modern CPUs.

Based on the original attacks, academics around the world later expanded the original research and discovered an entire class of so-called “transient attacks” that also leaked data from CPUs in their “transient” speculative execution states.

Besides Meltdown and Spectre, other transient attacks were eventually discovered during the past two years, including the likes of Foreshadow, Zombieload, RIDL, Fallout, and LazyFP.

lvi-table.png

LVI’s position in all these attacks is, technically, of a reverse-Meltdown. While the original Meltdown bug allowed attackers to read an app’s data from inside a CPU’s memory while in a transient state, LVI allows the attacker to inject code inside the CPU and have it executed as a transient “temporary” operation, giving attackers more control over what happens.

lvi-steps.png

Tests performed by the two research teams — who found the LVI attack independently from one another — have been successful at proving the attack’s broad impact.

[…]

Current LVI attack demos rely on running malicious code on a computer, suggesting that local access is needed — such as delivering malicious code to the target via malware.

However, a remote attack is also possible via JavaScript, by tricking users into accessing a malicious site — similar to the original Meltdown attack, which could also be carried out via JavaScript.

[…]

While a change in the silicon design will eventually come with future CPUs, currently, Intel has prepared software-based mitigations, in the form of CPU firmware (microcode) updates.

However, according to preliminary tests, these mitigations come with a severe performance impacted that may slow down computations from 2 to 19 times, depending on the number of mitigations system administrators decide to apply to their CPUs.

Currently, many administrators are expected to skip these patches, primarily because of the severe performance impact.

Source: Intel CPUs vulnerable to new LVI attacks | ZDNet