- Joined
- Oct 9, 2007
- Messages
- 47,235 (7.55/day)
- Location
- Hyderabad, India
System Name | RBMK-1000 |
---|---|
Processor | AMD Ryzen 7 5700G |
Motherboard | ASUS ROG Strix B450-E Gaming |
Cooling | DeepCool Gammax L240 V2 |
Memory | 2x 8GB G.Skill Sniper X |
Video Card(s) | Palit GeForce RTX 2080 SUPER GameRock |
Storage | Western Digital Black NVMe 512GB |
Display(s) | BenQ 1440p 60 Hz 27-inch |
Case | Corsair Carbide 100R |
Audio Device(s) | ASUS SupremeFX S1220A |
Power Supply | Cooler Master MWE Gold 650W |
Mouse | ASUS ROG Strix Impact |
Keyboard | Gamdias Hermes E2 |
Software | Windows 11 Pro |
A new class of security vulnerabilities affect Intel processors, which can cause them to leak out sensitive information if probed in a certain way, but that's not the worst news for Intel and its users. The software- or firmware-level mitigation for this vulnerability can inflict performance reductions "ranging from 2x to 19x," according to a report by The Register. A full mitigation for the new Load Value Injection (LVI) class of vulnerabilities requires Intel to redesign software compilers. The vulnerability is chronicled under CVE-2020-0551 and Intel-SA-00334. It is not a remote code execution threat, however, it puts multi-tenant machines, such as physical servers handling multiple tenants via virtual servers.
"LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim's fingerprints or passwords," the reasearchers write in the abstract of their paper describing the vulnerability. Anti-virus manufacturer BitDefender independently discovered LVI and shared its study with Intel. The company could publish its findings in February. Additional technical details are found in the group's website here.
Many Thanks to biffzinker for the tip.
View at TechPowerUp Main Site
"LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim's fingerprints or passwords," the reasearchers write in the abstract of their paper describing the vulnerability. Anti-virus manufacturer BitDefender independently discovered LVI and shared its study with Intel. The company could publish its findings in February. Additional technical details are found in the group's website here.
Many Thanks to biffzinker for the tip.
View at TechPowerUp Main Site