Intel processors are affected by a new vulnerability named as Load Value Injection (LVI). According to security experts of BitDefender, this vulnerability is “particularly devastating ” for data center servers. The LVI vulnerability affects all Intel Core families that range from the 3rd Generation Ivy Bridge architecture, launched in 2012, to the last generation Comet Lake (10th Gen), which has not yet debuted on desktop computers.
According to the researchers’ statements, the bug is based on Meltdown vulnerabilities that are already patched at the software level, but the attack still works on systems with the necessary software mitigations. As such, Intel is reportedly required to use hardware-level mitigations to completely block the LVI attack vector and that’s the only way to solve problem or in other words to from existing Intel processor switch to an Intel processor not yet launched, or of course, purchase AMD CPU.
In particular, it is said that vulnerability (CVE-2020-0551) dubbed as “Load Value Injection in the Line Fill Buffers” or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system.
“The attacker to sprays the LFBs with the address of a malicious function, and when the victim issues an indirect branch through memory which requires a microcode assist, the address of the malicious function is loaded from the LFBs, thus leading to the attacker function being speculatively executed,” Bitdefender researchers told The Hacker News.
This allows data theft, but can supposedly reveal encryption or passwords stored in memory, which could then allow an attacker to take control of the target server.
Bitdefender says it shared the vulnerability with Intel on February 10, 2020. The company also states that the existing mitigations for Meltdown, Specter and MDS are insufficient to mitigate the new failure, and a complete solution currently requires disabling Hyper-Threading or buying new hardware with corrections at the architecture level.