LVI vulnerability in Intel CPUs affects SGX and cannot be solved with microcode

Researchers have found a new vulnerability in processors that cannot be solved with microcode. LVI, or Load Value Injection, is described as a “reverse Meltdown” attack and primarily affects the SGX enclave of Intel processors.

University researchers who previously discovered CPU vulnerabilities such as Meltdown, Specter, Foreshadow and Zombieload have discovered a new side-channel attack. The researchers call it LVI, or Load Value Injection, and have put a website online with information.

With previous vulnerabilities it was possible to extract data from the processor, with LVI the opposite happens. By injecting data through hidden processor buffers, the execution of certain processes can be influenced, after which sensitive information can be stolen.

LVI bypasses all existing protections added to Intel microcoded processors so far. According to the researchers, the vulnerability cannot be solved with new microcode either. This is only possible with hardware adjustments to the architecture, or with extensive compiler changes which can have a significant impact on performance. Because the problem is not microcoded, Intel is releasing updates to its SGX software and SDk. Intel has also worked with companies such as Microsoft to protect against LVI through software.

According to the researchers, the attack basically works on all processors that are vulnerable to Meltdown, but they have focused on Intel CPUs to make the attack particularly impact on Intel processors with Software Guard eXtensions and in situations where SGX is actually used. . The SGX enclaves are a part of the processor that can store sensitive information such as a password or encryption key in isolation. Intel processors since 2015 with SGX have been affected. Only CPUs based on the new Ice Lake generation are not affected, because that architecture has hardware changes.

This is not a remote code execution attack, so an attacker must have local access to exploit the vulnerability. This is especially a risk in servers in data centers where several users share a single processor. Intel ranks the severity of the vulnerability as medium.

The new vulnerability is unlikely to have a direct impact on consumers. Bitdefender told The Register that the attack is “moderately complex” to execute. The security firm does not expect it to be widely used against consumers, but says it is an attack that state attackers could use in environments such as public cloud services, where multiple users are using the same CPU. The attack leaves no trace.

The new vulnerability was discovered on April 4, 2019 by Jo Van Bulck, of the imec-DistriNet research group at KU Leuven. Researchers from numerous other universities then joined and published their findings together in a paper. Intel also put extensive articles about LVI online on Tuesday. For example, the CPU manufacturer publishes a deep dive with technical background information, a list of affected processors and a blog.

The researchers contacted Intel prior to publication and planned to make the details public in February. After consultation, it turned out that researchers from security company Bitdefender had also discovered a variant of the vulnerability in the meantime and had shown a proof of concept to Intel. All parties involved are now publishing their information.