New unsolvable flaw in Intel processors from 2012 to today: here is LVI or Load Value Injection

A new security flaw unsolvable via software afflicts i Intel processors produced from 2012 to 2020, according to the findings made independently by two teams of security researchers (one of the two part of BitDefender). The only way to make processors safe is to implement a properly revised and correct hardware design. For the moment, AMD processors and those based on ARM architecture are not interested, but researchers do not rule it out a priori; the newer Intel chips, namely the 10th generation Ice Lake cores announced last year, are invulnerable.

The flaw is potentially serious, in the sense that it could lead to the theft of sensitive user data on whose servers the data is stored, but it remains to be clarified how conductive an attack with this system is in the real world. Intel and some independent researchers believe it is extremely difficult: BitDefender, however, believes that once the flaw is discovered theoretically further studies could lead to the development of exploitable methods in the real world. There is however another parameter to evaluate: it is possible to extract only the data being processed at the time of the attack, not those saved for example on a hard disk. Which further complicates things for a potential hacker.

The problem has been called a sort of "reverse Meltdown", for those who remember the other big mess in CPU security dating back to a couple of years ago. It always comes from the same function as processors: the so-called speculative execution, in which the chip, to save time, tries to guess what the next operation will be to perform and completes it "in free time". Meltdown and Specter were the first attacks discovered, followed by others such as ZombieLoad (May 2019), Fallout and Foreshadow (August 2018). The new one has been baptized Load Value Injection, or LVI. To simplify a lot, LVI manages to reveal to the processor the results of operations performed in advance; the particularly serious fact is that it also manages to get into the stored contents of the maximum security area called SGX (Intel Software Guard eXtensions). The data processed by SGX are the most sensitive – cryptographic keys, DRM, passwords and so on.

The researchers inaugurated a website dedicated to LVI attacks where they plan to publish all updates on the topic; there are also all the necessary resources for those wishing to learn more about the exploitation mechanism. Intel has also compiled one, which can be read by following this link. HERE, however, there is a list (always drawn up by Intel) indicating which processors are affected (but it is easily summarized with the opening sentence of the first paragraph).