Intel LVI (Load Value Injection) mitigation comes with another serious performance cost

Posted on Wednesday, March 11 2020 @ 12:58 CET by Thomas De Maesschalck
INTC logo
Security researchers discovered another vulnerability in Intel's processors. Called LVI (Load Value Injection), the new vulnerability makes it possible to steal encryption keys, passwords, and other sensitive data from the processor's Software Guard eXtensions (SGX), which is supposed to act as sort of a digital vault.

This side-channel attack is somewhat similar to the previous ones and affects Intel CPUs from the Ivy Bridge to Comet Lake generation, and possibly also chips from other vendors. While primarily a concern in the server market, ZD Net reports that at least in theory, LVI could be exploited via a JavaScript delivery vector. However, this hasn't been proven yet, so that's speculatively at this point.
Current LVI attack demos rely on running malicious code on a computer, suggesting that local access is needed -- such as delivering malicious code to the target via malware.

However, a remote attack is also possible via JavaScript, by tricking users into accessing a malicious site -- similar to the original Meltdown attack, which could also be carried out via JavaScript.
Intel released mitigation code but security researchers believe the flaw can only be fully solved via hardware-level fixes, making it basically unfixable in current processors. The mitigation also comes with a very high performance cost.
However, according to preliminary tests, these mitigations come with a severe performance impacted that may slow down computations from 2 to 19 times, depending on the number of mitigations system administrators decide to apply to their CPUs.
Intel downplays the severity of the LVI attack and security researchers point out that the attack is indeed difficult to pull off:
"Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted," an Intel spokesperson told ZDNet in an email last week.

"Agree with Intel," Bogdan Botezatu, Director of Threat Research and Reporting, told ZDNet yesterday. "This type of attack is much harder to pull off in practice, compared with other side-channel attacks such as MDS, L1TF, SWAPGS."

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments