INSUBCONTINENT EXCLUSIVE:
A new security flaw in Intel processors has been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics
from universities around the world.The flaw has been given the name Load Value Injection or LVI for short and it represents a whole new
class of theoretical attacks that can be launched against Intel's CPUs
Although the attack is just a theoretical threat at this time, Intel has already released firmware patches to mitigate attacks against its
current CPUs and the chipmaker plans to deploy fixes at the hardware level in future generations.While the Meltdown bug, that was first
discovered in 2018, allowed attackers to read an app's data from inside a CPU's memory while in a transient state, LVI attacks could allow
an attacker to inject code inside the CPU and have it executed as transient operation which would give attackers more control over what
happens.The two research teams discovered the new LVI attack on their own but both teams have been successfully able to prove the broad
impact that LVI attacks could have
The academic research team focused on leaking data from a secure area of Intel processors called the Intel SGX enclave and Bitdefender
focused on proving how the attack could impact cloud environments.At this time, only Intel CPUs have been confirmed to be impacted by LVI
attacks in real-world tests, though the researchers have not ruled out that CPUs from AMD and ARM could also be affected.Proof-of-concept
demo code for LVI attacks currently relies on running malicious code on a computer which means that local access is needed
an LVI attack has not yet been proven but the academic researchers and Bitdefender both believe that this delivery method could
theoretically work.Thankfully though, both teams also came to the conclusion that an LVI attack would be difficult for an attacker to pull
While this new attack type may not pose a danger to users now, once more is learned about how CPUs work, the current CPU design will likely
be proven to be insecure.Expect to hear more about LVI attacks as researchers and hardware makers learn more about this new type of CPU
