Load value injection
| File:Load Value Injection logo.svg Logo for the Load Value Injection security vulnerability | |
| CVE identifier | CVE-2020-0551 |
|---|---|
| Date discovered | March 2020 |
| Affected hardware | Intel x86 microprocessors |
| Website | lviattack |
Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's Software Guard Extensions (SGX) technology.[1] It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.[2][3]
In theory, any processor affected by Meltdown may be vulnerable to LVI,[4] but as of March 2020[update], LVI is only known to affect Intel microprocessors.[2] Intel has published a guide to mitigating the vulnerability by using compiler technology, requiring existing software to be recompiled to add LFENCE memory barrier instructions at every potentially vulnerable point in the code.[5] However, this mitigation appears likely to result in substantial performance reductions in the recompiled code.[6]
See also
[edit | edit source]References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).