Load Value Injection: A New Intel Attack Bypasses SGX with Significant Performance Mitigation Concerns

www.anandtech.com
7 min read
fairly difficult
Microarchitectural attacks have been all the rage. For the past two years, we've seen attacks like Meltdown, Spectre, Foreshadow/L1TF, Zombieload, and variants all discuss...
different ways to probe or leak data from a victim to a host. A new attack, published on March 10th by the same research teams that found the previous exploits, turns this principle on its head, and allows an attacker to inject their own values into the victim's code. The data injection can either be instructions or memory addresses, allowing the attacker to obtain data from the victim. This data injection bypasses even stringent security enclave environments, such as Intel's Software Guard Extensions (SGX), and the attackers claim that successful mitigation may result in a slowdown of 2x to 19x for any SGX code.

The High Level Overview

The attack is formally known as LVI, short for 'Load Value Injection', and has the MITRE reference CVE-2020-0551. The official website for the attack is https://lviattack.eu/. The attack was discovered on April 4th 2019 and reported to Intel, and disclosed publicly on March 10th 2020. A second group discovered and produced a proof-of-concept for one LVI attack variant in February 2020.

Currently Intel has plans to provide mitigations for SGX-class systems, however non-SGX environments (such as VMs or containers that aren't programmed with SGX) will remain vulnerable. The researchers state that 'in principle any processor that is vulnerable to Meltdown-type data leakage would also be vulnerable to LVI-style data injection'. The researchers focus was primarily on breaking Intel SGX protections, and proof of concept code is available. Additional funding for the project was provided by 'generous gifts from Intel, as well as gifts from ARM and AMD' – one of the researchers involved has stated on social media that some of his research students are at least part-funded by Intel.

Intel was involved in the disclosure, and has a security advisory available, listing the issue as a 5.6 MEDIUM on the severity scale. Intel also lists all the processors affected, including Atom, Core and Xeon, which goes as far back as Silvermont, Sandy…
Dr. Ian Cutress
Read full article