LVI Attack Hits Intel SGX - Defeats Existing Mitigations, More Performance Hits

Written by Michael Larabel in Intel on 10 March 2020 at 01:27 PM EDT. 41 Comments
INTEL
Load Value Injection (LVI) is being disclosed today as a new class of transient-execution attacks and the researchers claim can defeat all existing mitigations around Meltdown, Foreshadow, Zombieload, RIDL and Fallout. The researchers say LVI can affect virtually any access to memory and compiler-based mitigations can be expensive.

LVI combines Spectre-style code gadgets with Meltdown-type illegal data flows to bypass existing defenses and allow injecting data into a victim's transient execution. LVI was discovered in April of 2019 while today the researchers and Intel are making a coordinated disclosure. The initial discovery was made again by university researchers but Bitdefender ended up also discovering the same vulnerability.

It is important to note that LVI appears to be predominantly impact Intel SGX and Icelake's hardware mitigations do protect against this vulnerability while other partially mitigated Intel CPUs are only partially vulnerable.


LVI mitigations amount to inserting lfence barriers before every vulnerable load instruction. The researchers also believe that certain instructions need to be blacklisted. The researchers found the prototype compiler-based mitigations have an Intel SGX performance hit of 2x to 19x but the actual real-world impact may differ. Once there are patches available, I'll certainly fire up some real-world benchmarks.


More details on this new attack vector at LVIattack.eu. Intel also published an extensive deep dive on LVI and will be releasing an updated SGX SDK to help with mitigations.
41 Comments
Related News
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
Intel Enabling Linux Driver Display Support For Upcoming "Battlemage" GPUs
Intel Media Driver 2024Q1 Brings Arrow Lake H Support
Intel Compute Runtime 24.13.29138.7 Brings Improved OpenCL/OpenGL Sharing
Intel oneVPL GPU Runtime 2024Q1 Brings VP9 Fix & AV1 Refinements
Intel Preps Adaptive Sync SDP, Lunar Lake Display & More DG2 PCI IDs In Linux 6.10
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"