Intel chips at risk from major new security flaw

(Image credit: Future)

A new security flaw in Intel processors has been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics from universities around the world.

The flaw has been given the name Load Value Injection or LVI for short and it represents a whole new class of theoretical attacks that can be launched against Intel's CPUs. Although the attack is just a theoretical threat at this time, Intel has already released firmware patches to mitigate attacks against its current CPUs and the chipmaker plans to deploy fixes at the hardware level in future generations.

While the Meltdown bug, that was first discovered in 2018, allowed attackers to read an app's data from inside a CPU's memory while in a transient state, LVI attacks could allow an attacker to inject code inside the CPU and have it executed as transient operation which would give attackers more control over what happens.

The two research teams discovered the new LVI attack on their own but both teams have been successfully able to prove the broad impact that LVI attacks could have. The academic research team focused on leaking data from a secure area of Intel processors called the Intel SGX enclave and Bitdefender focused on proving how the attack could impact cloud environments.

LVI security flaw

At this time, only Intel CPUs have been confirmed to be impacted by LVI attacks in real-world tests, though the researchers have not ruled out that CPUs from AMD and ARM could also be affected.

Proof-of-concept demo code for LVI attacks currently relies on running malicious code on a computer which means that local access is needed. However, a remote attack could also be possible via JavaScript by tricking users into visiting a malicious site. 

Using JavaScript to launch an LVI attack has not yet been proven but the academic researchers and Bitdefender both believe that this delivery method could theoretically work.

Thankfully though, both teams also came to the conclusion that an LVI attack would be difficult for an attacker to pull off. While this new attack type may not pose a danger to users now, once more is learned about how CPUs work, the current CPU design will likely be proven to be insecure.

Expect to hear more about LVI attacks as researchers and hardware makers learn more about this new type of CPU security flaw.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.