Intel Vulnerability: Hijacking Transient Execution with Load Value Injection

souensouen OG
edited March 2020 in Technical

Another day, another Intel exploit.

LVI is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.

LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.

[...]

LVI in 4 simple steps:
1. Poison a hidden processor buffer with attacker values.
2. Induce a faulting or assisted load in the victim program.
3. The attacker's value is transiently injected into code gadgets following the faulting load in the victim program.
4. Side channels may leave secret-dependent traces, before the processor detects the mistake and rolls back all operations.

Source: https://lviattack.eu/

Comments

Sign In or Register to comment.