- This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
- Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
- Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
- Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not sufficient to completely remove the new vulnerability
A Brief History Leading to LVI-LFB
In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs - MFBDS, load ports - MLPDS or store buffers - MSBDS).
This new, LVI-LFB method allows an attacker to inject rogue values in certain microarchitectural structures which are then used by the victim, which can lead to revealing secret, protected data across levels of privilege.
This new attack may be particularly devastating in multi-tenant and multi-workload environments which run on hardware shared between groups of workloads within an organization, or between organizations, such as public- and private-clouds. This is because, as the PoC shows, there is the potential for a lesser-privileged process under attacker control to speculatively hijack control flow in a higher-privileged process when specific requirements are met.
The most straightforward risk is the theft of secret data which should otherwise be kept private by security boundaries at the hardware, hypervisor, and operating system levels. This information can include anything from encryption keys, to passwords, or other information which an attacker could exfiltrate, or use to gain further control of a targeted system.
Mitigation strategies for hardware-based, side-channel attacks fall under several categories, each with a degree of operational impact on organizations.
- Hardware. These are fixes included directly within hardware and apply to only generations of CPUs which were built after the architectural flaws were identified.
- Software. These are patch implementations which function entirely within software. Kernel Page Table Isolation (KPTI) is an example of a fix that protects the kernel memory in an isolated virtual address space, thus rendering several speculative side-channel attacks, such as Meltdown, ineffective. However, to be effective against app-to-app LVI-LFB, a new type of KPTI – horizontal KPTI – is needed. Alternatively, the operating system must also flush the MDS buffers (LFBs in particular) when transitioning from a less privileged mode into a more privileged mode, to avoid microcode assisted memory accesses from executing speculatively with attacker controlled data.
- Microcode. These mitigations require cooperation between hardware and software. The hardware vendor supplies a microcode patch to expose new functionality (for example, the Spectre, L1TF or MDS mitigations) which are then used by the hypervisor or the operating system vendor(s) to mitigate the vulnerabilities.
- Disabling features. Disabling hyperthreading is a good idea on systems where security is critical, as would serializing all critical load operations using the lfence instruction. Other mitigations could involve modifications to the compilers, in order to generate code that is not vulnerable to such type of attacks.
This is a new attack which takes advantage of performance-centric functionality of modern Intel CPUs. LVI-LFB further breaks-down barriers between trust levels by demonstrating another methodology of attack in this highly advanced field of research.
To take a deep-dive into LVI-LFB, read the whitepaper available here.
To find more resources and information, including the PoC code, consult the information page here.
To read more about recent Bitdefender advanced research in this realm, check-out the SWAPGS Attack.
The Bitdefender advanced research team would like to credit the researchers who first reported this issue to Intel in April, 2019, and also thank them for their cooperation and collaboration leading-up to (and beyond) the public disclosure of this issue. The academic researchers are:
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, and Frank Piessens
These researchers have created a dedicated website and detailed academic paper, which are available as follows:
Additional information is also available from Intel, as follows:
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection (technical deep-dive)