Just last week, researchers found that a security flaw inside the ROM of Intel processors could pose a security risk that is “impossible to fix” and now a new class of security threat has been found in Intel processors that could significantly reduce performance.
According to a report by The Register, researchers who uncovered Meltdown and Spectre vulnerabilities have developed a new attack technique named Load Value Injection (LVI) which relies on microarchitecture data leakage to inject malicious code that breaks the confidentiality of Intel systems.
Intel processors have already taken a performance hit due to fixes implemented that defend against previous side-channel attacks. If the company tries to thwart this latest security threat it could mean that Intel processors get even slower. Researchers suggest in an LVI white paper, an Intel redesign of software compilers, for full mitigation of the LVI vulnerability means performance reductions could range from 2x to 19x.
LVI is much more difficult to mitigate compared to previous attacks as it can potentially affect any access to memory, it cannot be mitigated through existing processes and relies on software patches which slow down the performance of Intel SGX enclave calculations. However, it is believed that the vulnerability isn’t exclusive to Intel processors, just most practical to exploit.
An abstract from the white paper reads “We believe that none of the ingredients for LVI are exclusive to Intel processors, However, LVI turns out to be most practically exploitable on Intel processors because of the combination of the facts that we have seen more Meltdown-type leakage sources there that can potentially be inverted, plus certain design decisions that are specific to the Intel SGX architecture (i.e. untrusted page tables).”
Discuss no our Facebook page HERE.
KitGuru says: Have you noticed a slow down of your intel systems since these side-attack security vulnerabilities have been fixed? Would you continue using an Intel system if it was hit by further performance reductions due to this latest security threat?