Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal. You can also buy games using our partner links for GOG and Humble Store.
We do often include affiliate links to earn us some pennies. See more here.

Security? What security? Say hello to 'LVI' (Load Value Injection), a new class of' transient-execution attacks' exploiting flaws in modern processors and it defeats all existing countermeasures.

Oh hell. This comes shortly after Intel had another one announced that was 'unfixable', plus one for AMD too and now this all in the space of a month. Rough time right now, for Intel specifically on this one.

LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.

It's serious, as they claim the difficulty in solving it is much harder than all previous attacks and will require some computationally expensive software patches. They say it may "slow down Intel SGX enclave computations 2 up to 19 times"—ouch.

They give a quick 4-step process to LVI:

  1. Poison a hidden processor buffer with attacker values.
  2. Induce a faulting or assisted load in the victim program.
  3. The attacker's value is transiently injected into code gadgets following the faulting load in the victim program.
  4. Side channels may leave secret-dependent traces, before the processor detects the mistake and rolls back all operations.

You can also see a demo video below:

YouTube Thumbnail
YouTube videos require cookies, you must accept their cookies to view. View cookie preferences.
Accept Cookies & Show   Direct Link

What about AMD? Well, their current assessment is that LVI only applies to Intel processors that have SGX tech. However, it can affect any other processor if they're vulnerable to a Meltdown-type data leakage.

See more about it on the official site and the research paper is found here. You can see the official Intel security advisory here, plus a list of affected processor products here. Additionally, Intel have their own deep dive here.

Article taken from GamingOnLinux.com.
20 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
20 comments

Comandante Ñoñardo Mar 10, 2020
This is why we need another player in the x86 CPU market: Nvidia
dpanter Mar 10, 2020
Another day, another Intel security disaster.
It's not like people warned about this back in 2014 or anything.
PopeRigby Mar 10, 2020
This is why we need another player in the x86 CPU market: Nvidia

I'd love to see RISC-V be a viable desktop architecture. We need fully open source CPUs to help with security issues like this.
Purple Library Guy Mar 10, 2020
Another day, another Intel security disaster.
It's not like people warned about this back in 2014 or anything.
Interesting article. As soon as they described just what the point of SGX was, I immediately thought "Wait, couldn't you use that to make malware that was basically unfindable and undeletable?" and, later on in the article, it indeed brings up that exact issue.
I don't really know anything about computers, at a technical level. If I could figure that out in three seconds, why couldn't the engineers at Intel?
Cybolic Mar 10, 2020
Is SGX actually used in any way on a standard Linux desktop though?
Linas Mar 10, 2020
View PC info
  • Supporter Plus
I immediately thought "Wait, couldn't you use that to make malware that was basically unfindable and undeletable?" ... I don't really know anything about computers, at a technical level. If I could figure that out in three seconds, why couldn't the engineers at Intel?
Not an expert on the issue, but my bet would be DRM and enterprise environments where they want to lock down and control everything. Many of those "security" and "management" applications are not that dissimilar from spyware in the first place. At least that was probably the original intent. In practice I am yet to see this used for anything other than an attack vector.
omer666 Mar 10, 2020
This is why we need another player in the x86 CPU market: Nvidia
God no! Not them!
They are as unfriendly towards open source as a vendor can get. Also don't forget their GPUs already have security flaws to begin with.
Linas Mar 10, 2020
View PC info
  • Supporter Plus
Is SGX actually used in any way on a standard Linux desktop though?
No. There exist a Linux SGX implementation from Intel themselves, but I am not aware of any application actually using it for anything. Definitely not on your regular desktop at least.


Last edited by Linas on 10 March 2020 at 10:52 pm UTC
Ehvis Mar 10, 2020
View PC info
  • Supporter Plus
Another day, another Intel security disaster.
It's not like people warned about this back in 2014 or anything.

As mentioned in the article AMD had one as well. The only thing this proves is that when people start looking, they will find something.
Purple Library Guy Mar 11, 2020
This is why we need another player in the x86 CPU market: Nvidia
I'm sure the Chinese will now be doing a crash program, having noticed between the trade war and the epidemic that not making their own is a key strategic vulnerability.
At which point I suppose everyone will get their choice: Do you want to be spied on via American back doors, or Chinese ones?


Last edited by Purple Library Guy on 11 March 2020 at 12:55 am UTC
SirLootALot Mar 11, 2020
This is why we need another player in the x86 CPU market: Nvidia

I'd love to see RISC-V be a viable desktop architecture. We need fully open source CPUs to help with security issues like this.
For now PowerPC is your best bet. It is the only 100% open architecture, that is usable today and properly performant. Risc-V on regular consumer computers probably won't happen until we reach the year of the Linux desktop.
Duck Hunt-Pr0 Mar 11, 2020
Now i feel even happier having gone to AMD :D
Duck Hunt-Pr0 Mar 11, 2020
I'm sure the Chinese will now be doing a crash program

As sure as Planet Nibiru, FEMA guillotines, and the Mayan Calendar, combined , no doubt.


Last edited by Duck Hunt-Pr0 on 11 March 2020 at 1:29 am UTC
GustyGhost Mar 11, 2020
This is why we need another player in the x86 CPU market: Nvidia

My day to day hasn't changed much since switching to PowerPC. x86 is fully locked down with licensing constraints and so any x86 instructions newer than 20 years require any aspiring x86 vendors-to-be to bow down to Intel (and by extension, to Hollywood and friends).

Oh and also that detail about a master CPU embedded in all x86 chips which has full access and control over the end user-controllable portion. I would urge everyone here to at least consider keeping a RISC-V, PPC or any other freer architecture box around, for freedom's sake.
Purple Library Guy Mar 11, 2020
I'm sure the Chinese will now be doing a crash program

As sure as Planet Nibiru, FEMA guillotines, and the Mayan Calendar, combined , no doubt.
Among all the things I've been saying around here the last day or so, it didn't occur to me that this would be controversial. WTF?


Last edited by Purple Library Guy on 11 March 2020 at 5:10 am UTC
Purple Library Guy Mar 11, 2020
This is why we need another player in the x86 CPU market: Nvidia

I'd love to see RISC-V be a viable desktop architecture. We need fully open source CPUs to help with security issues like this.
For now PowerPC is your best bet. It is the only 100% open architecture, that is usable today and properly performant. Risc-V on regular consumer computers probably won't happen until we reach the year of the Linux desktop.
What about ARM stuff? Could that move up the food chain?
SirLootALot Mar 11, 2020
This is why we need another player in the x86 CPU market: Nvidia

I'd love to see RISC-V be a viable desktop architecture. We need fully open source CPUs to help with security issues like this.
For now PowerPC is your best bet. It is the only 100% open architecture, that is usable today and properly performant. Risc-V on regular consumer computers probably won't happen until we reach the year of the Linux desktop.
What about ARM stuff? Could that move up the food chain?
While it is possible to build a ARM-computer without blobs the ARM architecture is not free. So you could not build and design your own CPU, Chipset and Mainboard-circuitry without ARM licenseing it to you and I am only aware of one commercially available ARM computer, that is 100% FLOSS. This used to be the case fore PowerPC too but since the competition from Risc-V is here you can now build your own PowerPC without the need for IBMs blessing.
Duck Hunt-Pr0 Mar 12, 2020
I'm sure the Chinese will now be doing a crash program

As sure as Planet Nibiru, FEMA guillotines, and the Mayan Calendar, combined , no doubt.
Among all the things I've been saying around here the last day or so, it didn't occur to me that this would be controversial. WTF?

I may or may not have misread your post, and not quite understood what you meant by "crash program".

Did you mean the Chinese will be looking for a way to intentionally crash Intel cpu's ?

/me drink and skim alot :/


Last edited by Duck Hunt-Pr0 on 12 March 2020 at 6:31 pm UTC
Purple Library Guy Mar 12, 2020
I'm sure the Chinese will now be doing a crash program

As sure as Planet Nibiru, FEMA guillotines, and the Mayan Calendar, combined , no doubt.
Among all the things I've been saying around here the last day or so, it didn't occur to me that this would be controversial. WTF?

I may or may not have misread your post, and not quite understood what you meant by "crash program".

Did you mean the Chinese will be looking for a way to intentionally crash Intel cpu's ?

/me drink and skim alot :/
What Dedale said: I meant the Chinese would seek to rapidly develop and produce their own X86 CPUs so as not to be dependent on North American suppliers. Since this is already I believe one of the stated goals of their "Made in China 2025" schtick, and since various events have shown trade to be surprisingly fragile, this still seems to me pretty likely.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.