Security News > 2020 > March > LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News.
Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.
Intel CPUs 'Load Value Injection' Vulnerability Unlike previously disclosed Intel chipset vulnerabilities-including Meltdown, Spectre, and MDS-where an attacker speculatively accesses the memory or sniffs the data when the victim accesses it, the new LVI-LFB attack involves attacker injecting malicious data into the buffers that victim program unwillingly uses during the speculative execution.
Though the latest flaw is a new variant of MDS attacks, it can't be mitigated with existing patches for previously disclosed Meltdown, Foreshadow, ZombieLoad, RIDL, or Fallout speculative-execution attacks.
As illustrated in the image above, the LVI attack can be executed in 4 simple steps:Poison a hidden processor buffer with attacker values,.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/wo34EcDLabQ/intel-load-value-injection.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-12 | CVE-2020-0551 | Unspecified vulnerability in Intel products Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 5.6 |