Operating system developers such as Microsoft have released security updates to their operating systems this month, and this update includes mitigations for the latest vulnerabilities in Intel processors. The vulnerabilities found in the Intel processor this time are called Load Value Injection (LVI). The affected Intel processors include most of the second, third, fourth, fifth, sixth, seventh, eighth, and ninth generations. Only Intel’s latest 10th-generation processors can be fully immune to the vulnerability, without the need for mitigation through microcode and without degrading processor performance.
The Meltdown and Spectre series vulnerabilities that Intel processors were previously exposed were mainly caused by speculative execution of modern processors, which are used to increase processor speed.
Due to design flaws, push attackers can use speculative execution to steal data in memory, including critical data stored in memory by software.
“LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL, and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — “inject” — the attacker’s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.”
It is also true that this vulnerability is more harmful than the previous vulnerability, and it will cause serious damage to enterprise users, especially in data centers.
The affected products can only disable Intel’s Hyper-Threading Technology to avoid the vulnerability in principle, but closing Hyper-Threading also means a higher performance loss.
PHORONIX uses the Intel Xeon E3-1275 v6 (Kabylake) processor to test under the Linux environment. The actual test results show that the maximum performance may be lost by 70%.
The post Intel has released patches to mitigate Load Value Injection vulnerabilities appeared first on InfoTech News.