Wednesday, March 11th 2020
Intel Processors Hit with LVI Security Vulnerabilities, Mitigation Hits Performance Hard
A new class of security vulnerabilities affect Intel processors, which can cause them to leak out sensitive information if probed in a certain way, but that's not the worst news for Intel and its users. The software- or firmware-level mitigation for this vulnerability can inflict performance reductions "ranging from 2x to 19x," according to a report by The Register. A full mitigation for the new Load Value Injection (LVI) class of vulnerabilities requires Intel to redesign software compilers. The vulnerability is chronicled under CVE-2020-0551 and Intel-SA-00334. It is not a remote code execution threat, however, it puts multi-tenant machines, such as physical servers handling multiple tenants via virtual servers.
"LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim's fingerprints or passwords," the reasearchers write in the abstract of their paper describing the vulnerability. Anti-virus manufacturer BitDefender independently discovered LVI and shared its study with Intel. The company could publish its findings in February. Additional technical details are found in the group's website here.
Many Thanks to biffzinker for the tip.
Source:
The Register
"LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim's fingerprints or passwords," the reasearchers write in the abstract of their paper describing the vulnerability. Anti-virus manufacturer BitDefender independently discovered LVI and shared its study with Intel. The company could publish its findings in February. Additional technical details are found in the group's website here.
92 Comments on Intel Processors Hit with LVI Security Vulnerabilities, Mitigation Hits Performance Hard
AMD is safer only because its market footprint is too small in the datacenter space, most of these side-channel attacks affect datacenters, and you can't hack AMD processors for rich bounties (it's similar to the "Macs don't get viruses" fallacy of the 1990s and 2000s).
Hiding the issues won't help the computing world, because determined attackers will find (a subset of) them.
Bta should indeed tame down. Jesus(the living one) might see it.
No progress and development should be ceased because of hiding things down.
Black market will live further, now it is just more profitable to report it officially, before those things were sold to whoever did the offer...
If one cannot comprehend it, it is sad. The can of worms is open.
"In our current assessment, we believe that LVI is mainly only relevant to Intel SGX enclaves. However, in the academic paper we showed that none of the ingredients for LVI are unique to Intel SGX and LVI attacks can in principle apply to non-SGX traditional cross-process, cross-virtual-machine, or user-to-kernel environments."
As I mentioned in many older threads, the problem is not the CVE discoveries, but the forced mitigations chipping away at performance. Even if by tiny bits.
Everybody gangsta until a new wave of bitcoin ransomware.
And trying to shift the blame on researchers is ridiculous, all of these attacks stem from a single decision Intel made about deferring access checks in speculation to chase cheap performance gains and now they are getting punished for it.
The mitigations are important in this scheme, as otherwise we will end up with machines that have publicly known vunerlabilities. You don’t find malware using these exploits, as the vunerlabilities are typically fixed at the time the research papers are released.
Also, no-one is forcing you to use the mitigations, so stop complaining! Just install linux and disable them, problem solved. Most of the windows mitigations can also be disabled if you like living on the edge.
It gets the elderly architectures first.
Your provided solution doesn't make sense much either.
A different kind of cyber-sec researchers are funded by Wall Street (hedge fund managers or those holding shorting positions against tech companies, remember CTSFlaws?).All that BBPs without permanent non-disclosure clauses end up achieving is giving malware writers ideas so they can go after the vast majority of computers that stay unpatched or rarely patched.These mitigations are made part of cumulative updates that include other fixes or feature updates, and eventually become part of Windows codebase with each version. The manner in which they're distributed makes them a ramthroat.
also, please refrain from the ”security through obscurity” -fallacy.
www.isaca.org/resources/isaca-journal/issues/2017/volume-5/exposing-the-fallacies-of-security-by-obscurity-full-disclosure
Linux is not a magic bullet either way regarding to CPU flaw exposure.