New Intel “LVI” Vulnerability Discovered: Mitigations Could Reduce CPU Performance by 19x

[Tsing]

Image: Intel



There doesn’t seem to be an end in sight for Intel’s ongoing security nightmare.



The researchers who were responsible for discovering the heavily publicized Meltdown and Spectre vulnerabilities have found yet another attack plaguing Intel processors. This one is called Load Value Injection (LVI), and it affects any chip with Intel’s SGX technology. Previous mitigations do nothing against it.









“LVI is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data,” wrote researchers on the official LVI site.



“LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all...

Continue reading...

 

[Zarathustra]

Holy crap, that's a huge hit.

Essentially, if accurate and your workload depends on patching it, your system is now useless and needs to be replaced.

I can't think of any system that can see this type of performance impact and continue in service.

 

[Dan_D]

Jesus Christ.

 

[Burticus]

Crikey!

 

[Grimlakin]

Yea I mean it's only SGX... you know... where we keep encryption information for things like... VPN Tunnels and HTTPS Tunnels, and really anything using encryption with hardware acceleration.

So if Intel DOES patch this out it means that those using this are going to be slowed to a freaking crawl without the accelerated instruction sets... for now. But 19x slower on encrypting and decrypting data... isn't really THAT huge.