Hot on the heels of last week’s exposure of an unfixable security vulnerability hard-coded into Intel CPUs, an additional security vulnerability in Intel CPUs has been made public this week. Unlike the vulnerability exposed last week, this vulnerability is another transient execution vulnerability stemming from speculative execution optimization. It follows a long history of similar vulnerabilities, including Spectre, Meltdown, SPOILER, Foreshadow, SwapGS, ZombieLoad, RIDL, Fallout, and recently, CacheOut.
This new vulnerability is being called LVI, which stands for Load Value Injection. LVI bypasses the current patches intended to mitigate transient execution vulnerabilities by taking a different approach to data extraction.
Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — “inject” — the attacker’s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.
According to the research team behind the discovery of LVI, the attack “can affect virtually any access to memory.” That said, one of the members of the team told The Register that “LVI is less practical and more difficult to mount in a non-SGX setting where the operating system and VMM are trusted.” Nevertheless, a vulnerability that allows access to data from SGX enclaves is a serious matter. Intel’s SGX is intended to create a strongly encrypted secure vault isolated at the hardware level, so non-authorized, outside access to this vault is clearly problematic.
The research team discovered and reported the vulnerability back in April of last year, but did not go public with it until yesterday (PDF). However, last month, a research team from Bitdefender independently speculated (PDF) the possibility of a particular variant of LVI. The vulnerability has been assigned the identifiers CVE-2020-0551 and Intel-SA-00334, and has a vulnerability score of 5.6 (medium). Intel has its own deep dive into LVI that you can read here.
The research team reports that prototype implementations of full LVI mitigation slow down SGX enclave computations by a factor anywhere from two to nineteen.
Fully mitigating our attacks requires serializing the processor pipeline with lfence instructions after possibly every memory load. Additionally and even worse, due to implicit loads, certain instructions have to be blacklisted, including the ubiquitous x86 ret instruction. Intel plans compiler and assembler-based full mitigations that will allow at least SGX enclave programs to remain secure on LVI-vulnerable systems.