It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them.
Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News.
Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system.
According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter.
And, that's because a less-privileged rouge tenant could exploit this issue to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor.
Intel CPUs 'Load Value Injection' Vulnerability
Unlike previously disclosed Intel chipset vulnerabilities—including Meltdown, Spectre, and MDS—where an attacker speculatively accesses the memory or sniffs the data when the victim accesses it, the new LVI-LFB attack involves attacker injecting malicious data into the buffers that victim program unwillingly uses during the speculative execution.
"The atta ..
Support the originator by clicking the read the rest link below.
