LVI Attack Hits Intel SGX - Defeats Existing Mitigations, More Performance Hits

Written by Michael Larabel in Intel on 10 March 2020 at 01:27 PM EDT. 41 Comments
INTEL
Load Value Injection (LVI) is being disclosed today as a new class of transient-execution attacks and the researchers claim can defeat all existing mitigations around Meltdown, Foreshadow, Zombieload, RIDL and Fallout. The researchers say LVI can affect virtually any access to memory and compiler-based mitigations can be expensive.

LVI combines Spectre-style code gadgets with Meltdown-type illegal data flows to bypass existing defenses and allow injecting data into a victim's transient execution. LVI was discovered in April of 2019 while today the researchers and Intel are making a coordinated disclosure. The initial discovery was made again by university researchers but Bitdefender ended up also discovering the same vulnerability.

It is important to note that LVI appears to be predominantly impact Intel SGX and Icelake's hardware mitigations do protect against this vulnerability while other partially mitigated Intel CPUs are only partially vulnerable.


LVI mitigations amount to inserting lfence barriers before every vulnerable load instruction. The researchers also believe that certain instructions need to be blacklisted. The researchers found the prototype compiler-based mitigations have an Intel SGX performance hit of 2x to 19x but the actual real-world impact may differ. Once there are patches available, I'll certainly fire up some real-world benchmarks.


More details on this new attack vector at LVIattack.eu. Intel also published an extensive deep dive on LVI and will be releasing an updated SGX SDK to help with mitigations.
41 Comments
Related News
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
Intel Compute Runtime 24.45.31740.9 Released Ahead Of The Arc B580 "Battlemage" Launch
Intel ANV Driver Improves Vulkan Image Compression Going Back To Tigerlake
Intel CEO Pat Gelsinger Retires
Turbostat Utility Lands New Features With Linux 6.13
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features