Security News > 2020 > March > LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News.

Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

Intel CPUs 'Load Value Injection' Vulnerability Unlike previously disclosed Intel chipset vulnerabilities-including Meltdown, Spectre, and MDS-where an attacker speculatively accesses the memory or sniffs the data when the victim accesses it, the new LVI-LFB attack involves attacker injecting malicious data into the buffers that victim program unwillingly uses during the speculative execution.

Though the latest flaw is a new variant of MDS attacks, it can't be mitigated with existing patches for previously disclosed Meltdown, Foreshadow, ZombieLoad, RIDL, or Fallout speculative-execution attacks.

As illustrated in the image above, the LVI attack can be executed in 4 simple steps:Poison a hidden processor buffer with attacker values,.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wo34EcDLabQ/intel-load-value-injection.html