Intel Chips Vulnerable to New LVI Attacks

If the onslaught of Coronavirus news wasn’t enough, there are now some new machine bugs to worry about too. Being termed as the “Load Value Injection,” this new class of transient-execution attacks exploit microarchitectural flaws in processors enabling attackers to inject their own data into a victim program. This eventually leads to attackers stealing sensitive data and keys from Intel SGX – the Software Guard eXtensions, which is a secure digital vault used for storing encryption keys, passwords, digital rights management technology, and other sensitive data.

This new transient-execution attack is similar to exploits like Spectre and Meltdown, however, goes a step further. Researchers explained that LVI “turns previous data extraction attacks around,” and “defeats all existing mitigations.”

Calling it a “reverse Meltdown”-type attack, researchers explained that while Meltdown allowed attackers to read an app’s data from inside a CPU’s memory while in a transient state, LVI enables attackers to inject their own code to get access to sensitive data.

Unlike Spectre, Meltdown, Foreshadow, and other similar exploits, LVI doesn’t leak data from the victim to the attacker. Instead, it “smuggles” the data by injecting attacker’s data into a victim program and hijacking transient execution to acquire sensitive information. This essentially means that attacker would get the target machine to run a malicious code (JavaScript through a malicious site or an app) to exploit a side channel to get access to content that should technically be inaccessible.

Intel explains:

If an adversary can cause a specified victim load to fault, assist, or abort, the adversary may be able to select the data to have forwarded to dependent operations by the faulting/assisting/aborting load. For certain code sequences, those dependent operations may create a covert channel with data of interest to the adversary. The adversary may then be able to infer the data’s value through analyzing the covert channel. This transient execution attack3 is called load value injection (LVI) and is an example of a cross-domain transient execution attack.

How LVI works

Impacted Intel chips

Load Value Injection or LVI impacts all families where SGX is supported. Intel has published the following list of  processors that are “potentially” affected by the Load Value Injection:

  • Intel® Xeon® processor E5 Family based on Intel microarchitecture code name Sandy Bridge, Intel® Core™ i7-39xx Processor Extreme Edition
  • Intel® Xeon® processor E3-1200 product family; 2nd Generation Intel® Core™ i7, i5, i3 Processors 2xxx Series (Sandy Bridge)
  • Intel® Xeon® processor E7-8800/4800/2800 v2 product families based on Ivy Bridge-E microarchitecture
  • Intel® Xeon® processor E5-2600/1600 v2 product families and Intel® Xeon® processor E5-2400 v2 product family and Intel® Core™ i7-49xx Processor Extreme Edition based on Ivy Bridge-E microarchitecture
  • 3rd Generation Intel® Core™ Processor and Intel® Xeon® processor E3-1200 v2 product family based on Ivy Bridge microarchitecture
  • Intel® Xeon® processor E5-4600/2600/1600 v3 product families, and Intel® Xeon® processor E7 v3 product families Intel® Core™ i7-59xx Processor Extreme Edition based on Haswell-E microarchitecture
  • 4th Generation Intel® Core™ processor and Intel® Xeon® processor E3-1200 v3 product family based on Haswell microarchitecture
  • Intel® Xeon® processor D-1500 product family based on Broadwell microarchitecture
  • Intel® Xeon® processor E5 v4 Family based on Broadwell microarchitecture, Intel® Xeon® processor E7 v4 Family, Intel® Core™ i7-69xx Processor Extreme Edition based on Broadwell-E microarchitecture
  • 5th generation Intel® Core™ processors, Intel® Xeon® processor E3-1200 v4 product family based on Broadwell microarchitecture
  • Intel® Core™ M-5xxx Processor, 5th generation Intel® Core™ processors based on Broadwell microarchitecture
  • First generation Intel® Xeon® Scalable Processor Family based on Skylake microarchitecture
  • Second generation Intel® Xeon® Scalable Processor Family based on Cascade Lake microarchitecture
  • Second generation Intel® Xeon® Scalable Processor Family based on Cascade Lake microarchitecture
  • 6th generation Intel® Core™ processors and Intel® Xeon® processor E3-1500m v5 product family and E3- 1200 v5 product family based on Skylake microarchitecture
  • 7th/8th generation Intel® Core™ processors, Intel Xeon processor E3 v6 product family and Intel Xeon-E Processor product family based on Kaby Lake/Coffee Lake microarchitectures†
  • 7th/8th generation Intel® Core™ processors based on Kaby Lake/Coffee Lake microarchitecture†
  • 8th/9th generation Intel® Core™ processors, Intel® Pentium™ processors, and Intel Xeon E processor family based on Coffee Lake microarchitecture†
  • 8th Generation Intel® Core™ i7 Processors, Intel® Pentium® Gold Processor Series, and Intel® Celeron® Processor 4000 Series based on Whiskey Lake (ULT) microarchitecture†
  • 8th Generation Intel® Core™ i7 Processors, Intel® Pentium® Gold Processor Series, and Intel® Celeron® Processor 4000 Series based on Whiskey Lake (ULT refresh) microarchitecture†
  • Intel Xeon E-2200 Processor product family based on Coffee Lake-R microarchitecture†
  • 8th/10th Generation Intel® Core™ processors based on Amber Lake Y
  • 10th Generation Intel® Core™ Processors product family based on Comet Lake
  • 10th Generation Intel® Core™ processors based on Ice Lake microarchitecture

More details about the affected chips available over here.

Are there any fixes / mitigations?

Similar to other transient-execution flaws, we can only look forward to mitigations and not fixes as these require silicon changes. According to researchers, experimental mitigations resulted in performance reduction varying from 2x to 19x depending upon workload. While this could eventually be avoided through hardware changes, current systems are potentially at risk of performance degradation.

“Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory,” researchers wrote.”Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations 2 up to 19 times.”

Intel has said that the attack is theoretical, but it has still released updates to the SGX Platform Software and SDK to mitigate the issue. Fixes will be deployed in the future silicon design to completely address the exploit.

Intel is saying attack is too impractical in real world

In a statement released today, Intel has said that there are several requirements that have to be met for this exploit to work. The company said it doesn’t believe if LVI is practical in real world environments. Here is the complete statement:

Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface. We thank the researchers who worked with us, and our industry partners for their contributions on the coordinated disclosure of this issue.

To mitigate the potential exploits of Load Value Injection (LVI) on platforms and applications utilizing Intel SGX, Intel is releasing updates to the SGX Platform Software and SDK starting today. The Intel SGX SDK includes guidance on how to mitigate LVI for Intel SGX application developers. Intel has likewise worked with our industry partners to make application compiler options available and will conduct an SGX TCB Recovery.

Researchers at Bitdefender believe that these type of attacks are “particularly devastating in multi-tenant environments such as enterprise workstations or servers in the data center, where one less-privileged tenant would be able to leak sensitive information from a more privileged user or from a different virtualised environment on top of the hypervisor.”

While Intel processors are confirmed impacted, researchers have warned not to rule out AMD and ARM chips. “In principle, any processor that is vulnerable to Meltdown-type data leakage would also be vulnerable to LVI-style data injection,” researchers wrote. “Some non-Intel processors have been shown to be affected by some variants of Meltdown and Foreshadow.”

Intel along with some security experts strongly suggest the impracticality of the LVI attacks, which is why the microcode updates will probably be avoided by many considering the performance hits. However, these researches do help in pushing chipmakers to redesign their chips and make them more secure.

– Tracked as CVE-2020-0551, you can read the complete report on Intel LVI exploits here

Leave a Reply

Your email address will not be published. Required fields are marked *