Security? What security? Say hello to 'LVI' (Load Value Injection), a new class of' transient-execution attacks' exploiting flaws in modern processors and it defeats all existing countermeasures.
Oh hell. This comes shortly after Intel had another one announced that was 'unfixable', plus one for AMD too and now this all in the space of a month. Rough time right now, for Intel specifically on this one.
LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.
It's serious, as they claim the difficulty in solving it is much harder than all previous attacks and will require some computationally expensive software patches. They say it may "slow down Intel SGX enclave computations 2 up to 19 times"—ouch.
They give a quick 4-step process to LVI:
- Poison a hidden processor buffer with attacker values.
- Induce a faulting or assisted load in the victim program.
- The attacker's value is transiently injected into code gadgets following the faulting load in the victim program.
- Side channels may leave secret-dependent traces, before the processor detects the mistake and rolls back all operations.
You can also see a demo video below:
Direct Link
What about AMD? Well, their current assessment is that LVI only applies to Intel processors that have SGX tech. However, it can affect any other processor if they're vulnerable to a Meltdown-type data leakage.
See more about it on the official site and the research paper is found here. You can see the official Intel security advisory here, plus a list of affected processor products here. Additionally, Intel have their own deep dive here.
Quoting: Duck Hunt-Pr0What Dedale said: I meant the Chinese would seek to rapidly develop and produce their own X86 CPUs so as not to be dependent on North American suppliers. Since this is already I believe one of the stated goals of their "Made in China 2025" schtick, and since various events have shown trade to be surprisingly fragile, this still seems to me pretty likely.Quoting: Purple Library GuyQuoting: Duck Hunt-Pr0Among all the things I've been saying around here the last day or so, it didn't occur to me that this would be controversial. WTF?Quoting: Purple Library GuyI'm sure the Chinese will now be doing a crash program
As sure as Planet Nibiru, FEMA guillotines, and the Mayan Calendar, combined , no doubt.
I may or may not have misread your post, and not quite understood what you meant by "crash program".
Did you mean the Chinese will be looking for a way to intentionally crash Intel cpu's ?
/me drink and skim alot :/
See more from me