Jump to content

Load value injection

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by The Anome (talk | contribs) at 09:45, 11 March 2020 (recompiled to add LFENCE instructions). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Load value injection
Logo for the Load Value Injection security vulnerability
CVE identifier(s)CVE-2020-0551
Date discoveredMarch 2020; 5 years ago (2020-03)
Affected hardwareIntel x86 microprocessors
Websitelviattack.eu

Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's SGX technology.[1] It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.[2][3]

As of March 2020, LVI is only known to affect Intel microprocessors.[2] Intel has published a guide to mitigating the vulnerability by using compiler technology, requiring existing software to be recompiled to add LFENCE instructions at every potentially vulnerable point in the code.[4]

References

  1. ^ "Load Value Injection". software.intel.com. 2020-03-10. Retrieved 2020-03-11.{{cite web}}: CS1 maint: url-status (link)
  2. ^ a b Cimpanu, Catalin. "Intel CPUs vulnerable to new LVI attacks". ZDNet. Retrieved 2020-03-11.
  3. ^ Alcorn, Paul (10 March 2020). "New Load Value Injection Vulnerability Found In Intel Chips". Tom's Hardware. Retrieved 2020-03-11.{{cite web}}: CS1 maint: url-status (link)
  4. ^ "An Optimized Mitigation Approach for Load Value Injection". software.intel.com. Retrieved 2020-03-11.

See also


Stub icon

This computer science article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Load_value_injection&oldid=945018412"