Security News > 2020 > March > Intel patches graphics drivers and offers new LVI flaw mitigations

Intel patches graphics drivers and offers new LVI flaw mitigations
2020-03-12 13:05

Intel's March security updates reached its customers this week and on the face of it, the dominant theme is the bundle of flaws affecting the company's Graphics drivers.

The star flaw of the month is CVE 29, the Load Value Injection weakness publicised this week by a diverse group of mainly academic security researchers.

Reported to Intel last April, it's a novel technique which could, for example, be used to steal data from Software Guard eXtension enclaves, a secure memory location inside post-2015 Intel processors used to store things like encryption keys, digital certificates, and passwords.

Due to the numerous complex requirements that must be satisfied to successfully carry out the LVI method, Intel does not believe LVI is a practical exploit in real-world environments where the OS and VMM are trusted.

The full list of affected processors can be found on Intel's website, essentially all processors that come with SGX. For now, because LVI is a theoretical exercise, it isn't an issue the average Intel user needs to worry about.


News URL

https://nakedsecurity.sophos.com/2020/03/12/intel-patches-graphics-drivers-and-offers-new-lvi-flaw-mitigations/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539