Researchers at Bitdefender and a number of universities have found a Meltdown-like vulnerability in Intel processors. In theory, the leak could be used to steal data from computers running on Intel chips.
The researchers gave the vulnerability the name Load Value Injection (LVI). After the report of the researchers, Intel immediately came up with a patch for LVI. Without the patch, it would be possible to exploit a vulnerability in the speculative execution. This process should improve speed by performing certain calculations before they are actually needed.
Whereas Meltdown focused on obtaining data from the so-called ‘speculative execution’ process, LVI is all about injecting malicious code. Programs from users could be reached in this way, after which certain data would be captured as passwords or stored fingerprints. The data stored in the Intel SGX, where such data should be safe, can thus be accessed.
Difficult to counteract
According to the researchers, combating LVI is more difficult than previous Meltdown types. It requires a rebuild and redesign of an extremely complex procedure. According to the researchers, this could be accompanied by a considerable delay of CPU’s, which in turn could result in admins postponing the implementation of the patch.
A significant risk, as Intel itself, states that it finds LVI ‘not a practical exploit’ due to the complexity of the vulnerability. However, Intel is looking for a solution to the problem in view of new CPUs, since security is not something to ignore.