Researchers merge Meltdown and Spectre to uncover a performance slashing Intel vulnerability
Researchers merge Meltdown and Spectre to uncover a performance slashing Intel vulnerability
This new attack combines both forms of vulnerability to attack Intel SGX (Software Guarded eXtensions), creating a vulnerability that’s harder to mitigate and requires computationally expensive mitigations. Software patches could lower Intel’s SGX enclave performance by 2-19 times, which is a disaster for the CPU giant.Â
A paper on the bug has been released on a dedicated website about the vulnerability (lviattack.eu), which contains a video and a paper which explains how the vulnerability works. Â
Intel has designated the vulnerability as a medium level threat and has reported that the bug is not a remote code execution thread. However, this bug will remain a threat in multi-user environments, such as enterprise workstations, servers, and datacenters. Intel processors from Sandy Bridge-E up to their 10th Generation Comet Lake processors are affected, with Ice Lake being listed as “not affected”.Â
The threat that this vulnerability delivers is the ability to use transient execution methods to acquire passwords, fingerprints and other sensitive information.Â
Â
  LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — “inject” — the attacker’s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.
Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory. Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations 2 up to 19 times.
To The Register, Intel has released the following comment, hoping to minimise the issue. As far as Intel is concerned, they don’t see this bug as a major issue outside of SGX environments. Even so, this bug is able to defeat Intel’s existing Spectre/Meltdown mitigations and bypass the boundaries of Intel’s silicon-level defences.Â
  Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted.
Â
At this time, it is hard to know what the long-term impact of this vulnerability will be, as while it isn’t a major threat to consumers, it represents a notable risk to could computing environments and shared enterprise systems. Even so, it is possible that similar methods to LVI can be used to uncover further hardware vulnerabilities.Â
Intel seemingly has no plans to mitigate this vulnerability with firmware updates (Intel Security Advisory), offering instead to address the issue with new SGX platform software and updates to their SGX SDK. Intel has also recommended that its users update to the latest version of their OS.
This stance means that regular consumers will not be hit with performance lowering software mitigations, but it also shows an unwillingness to address hardware vulnerabilities for all of their users. Only time will tell if this stance will come back to bite Intel in the future.Â
You can join the discussion on Intel being hit by yet another hardware vulnerability on the OC3D Forums.Â