Security News > 2020 > March > Load Value Injection: Intel CPUs Vulnerable to Reverse Meltdown Attack

Load Value Injection: Intel CPUs Vulnerable to Reverse Meltdown Attack
2020-03-10 17:00

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection, but the chip maker has told customers that the attack is not very practical in real world environments.

A variation of the LVI attack, dubbed Load Value Injection in the Line Fill Buffers, was also reported to Intel by researchers at Bitdefender.

Intel says at least one version of the attack works against its Xeon, Core and some Atom processors.

The company noted that an attack is not easy to carry out in real world scenarios, but it has released both updates and mitigation advice to address the risks posed by LVI. "Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted," Intel told SecurityWeek.

Part of the LVI attack that is not specific to Intel chips has also been reported to ARM and IBM. Schwarz told SecurityWeek that while they have not specifically analyzed IBM or ARM processors, they are assuming that CPUs affected by Meltdown are also impacted by LVI. The researchers noted in their paper that while LVI attacks can be more difficult to carry out compared to other Meltdown-style attacks, the new method shows that "Meltdown-type incorrect transient forwarding effects are not as easy to fix as expected."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/E0bLp63DZ-U/load-value-injection-intel-cpus-vulnerable-reverse-meltdown-attack

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6811 274 747 379 28 1428