Security News > 2020 > March > You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance

You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance
2020-03-10 17:00

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences.

"Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

The researchers in their paper make clear the chip maker isn't quite so blasé about the risks where SGX comes into play: "Intel considers LVI particularly severe for SGX". "We agree with Intel's assessment that LVI is less practical and more difficult to mount in a non-SGX setting where the operating system and VMM are trusted," said Van Bulck in an email to The Register.

Chipzilla is releasing updates to its SGX Platform Software and SDK. It has also worked with partners like Microsoft to make compiler and assembler options available to guard against LVI. Defending against LVI, the researchers' paper explains, "Requires serializing the processor pipeline with lfence instructions after possibly every memory load. Additionally and even worse, due to implicit loads, certain instructions have to be blacklisted, including the ubiquitous x86 ret instruction."

"We consider non-SGX LVI attacks of mainly academic interest and we agree with Intel's current assessment to not deploy extra mitigations for non-SGX environments, but we encourage future research to further investigate LVI in non-SGX environments," said Van Bulck.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/10/lvi_reverse_meltdown_intel_attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6812 274 748 379 28 1429