Intel chips faces damaging new LVI flaw

A new security flaw in Intel processors has been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics fr...

A new security flaw in Intel processors has been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics from universities around the world.

The flaw has been given the name Load Value Injection or LVI for short and it represents a whole new class of theoretical attacks that can be launched against Intel's CPUs. Although the attack is just a theoretical threat at this time, Intel has already released firmware patches to mitigate attacks against its current CPUs and the chipmaker plans to deploy fixes at the hardware level in future generations.

While the Meltdown bug, that was first discovered in 2018, allowed attackers to read an app's data from inside a CPU's memory while in a transient state, LVI attacks could allow an attacker to inject code inside the CPU and have it executed as transient operation which would give attackers more control over what happens.

The two research teams discovered the new LVI attack on their own but both teams have been successfully able to prove the broad impact that LVI attacks could have. The academic research team focused on leaking data from a secure area of Intel processors called the Intel SGX enclave and Bitdefender focused on proving how the attack could impact cloud environments.

LVI security flaw

At this time, only Intel CPUs have been confirmed to be impacted by LVI attacks in real-world tests, though the researchers have not ruled out that CPUs from AMD and ARM could also be affected.

Proof-of-concept demo code for LVI attacks currently relies on running malicious code on a computer which means that local access is needed. However, a remote attack could also be possible via JavaScript by tricking users into visiting a malicious site. 

Using JavaScript to launch an LVI attack has not yet been proven but the academic researchers and Bitdefender both believe that this delivery method could theoretically work.

Thankfully though, both teams also came to the conclusion that an LVI attack would be difficult for an attacker to pull off. While this new attack type may not pose a danger to users now, once more is learned about how CPUs work, the current CPU design will likely be proven to be insecure.

Expect to hear more about LVI attacks as researchers and hardware makers learn more about this new type of CPU security flaw.

Via ZDNet



from TechRadar - All the latest technology news https://ift.tt/2Uby5zt
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,110,Video,5,XIAOMI,13,YouTube - 9to5Google,109,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Intel chips faces damaging new LVI flaw
Intel chips faces damaging new LVI flaw
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/03/intel-chips-faces-damaging-new-lvi-flaw.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/03/intel-chips-faces-damaging-new-lvi-flaw.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy