Security News > 2020 > March > Intel's data center CPUs vulnerability could lead to "devastating" attacks
Cybersecurity researchers have found a vulnerability within Intel's data center CPUs that gives attackers the ability to inject rogue values in certain microarchitectural structures and steal information.
Bogdan Botezatu, director of threat research and reporting at Bitdefender, said these attacks are "Particularly devastating in multi-tenant environments such as enterprise workstations or servers in the datacenter, where one less-privileged tenant would be able to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor."
All public cloud vendors that run vulnerable Intel CPUs would be exposed to this type of attack, Botezatu said.
"Researchers have identified a new mechanism referred to as Load Value Injection. Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface. We thank the researchers who worked with us, and our industry partners for their contributions on the coordinated disclosure of this issue," Intel said in a statement.
"However, given the nature of the attack, a security solution or any other alerting mechanism would be unable to detect or block this type of attack. This is why such attacks are more suitable for government or commercial, high profile threat actors than for regular cyber criminals," Botezatu said, adding that these kinds of attacks are particularly difficult to deal with.
News URL
Related news
- Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)