intel processor load value injection vulnerability

It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them.

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News.

Tracked as CVE-2020-0551, dubbed “Load Value Injection in the Line Fill Buffers” or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system.

According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter.

And, that’s because a less-privileged rouge tenant could exploit this issue to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor.

Intel CPUs ‘Load Value…

http://feedproxy.google.com/~r/TheHackersNews/~3/wo34EcDLabQ/intel-load-value-injection.html

Leave a Reply