LVI-LFB Attack

New side-channel attack discovered by Bitdefender

LVI-LFB Side-Channel Attack

A new critical side-channel attack LVI-LFB (Load Value Injection in the Line Fill Buffers) has been discovered

Bitdefender researchers have again identified and created a proof-of-concept for a new side-channel attack.

The attack, dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers) allows an attacker to inject rogue values in certain micro-architectural structures which are then used by the victim, which can lead to revealing secret, protected data across levels of privilege.

This new attack (CVE-2020-0551) affects newer Intel CPUs which use speculative execution.

Brief Overview

In the pursuit of ever-faster CPUs, vendors have implemented various versions of speculative execution. This functionality has the CPU making educated guesses about instructions which may be required before determining if they are, in-fact, required. This speculative execution can leave traces in cache which attackers can use to leak privileged, kernel memory.

What makes research into these attacks cutting-edge compared to cyber attacks against more traditional vulnerabilities is that it gets to the root of how modern CPUs operate. To properly investigate, research teams must have a thorough understating of CPU internals (branch prediction, out-of-order execution, speculative execution, pipeline, and caches), OS internals (system calls, interrupt and exception handling and KPTI), and side-channels and speculative-execution attacks in general.

SWAPGS Attack Impact Detailed description of SWAPGS Attack Impact on unpatched Windows systems running on 64-bit Intel hardware Impact
Discover & Disclosed How the SWAPGS Attack was discovered and disclosed by Bitdefender researcher adter Meltdown and Spectre How
Vulnerable Systems See which systems are affected and at what level Affected systems
Mitigation solution How to use Hypervisor Introspection to stop SWAPGS attack Mitigation
Credits Credits Credits
 

Impact

This new attack may be particularly devasting in multi-tenant and multi-workload environments which run on hardware shared between groups of workloads within an organization, or between organizations, such as public- and private-clouds. This is because, as the PoC shows, there is the potential for a lesser-privileged process under attacker control to speculatively hijack control flow in a higher-privileged process, when specific requirements are met.

The most straightforward risk is the theft of secret data which should otherwise be kept private by security boundaries at the hardware, hypervisor, and operating system levels. This information can include anything from encryption keys, to passwords, or other information which an attacker could exfiltrate, or use to gain further control of a targeted system.

How the LVI-LFB Attack Was Discovered And Disclosed

This new attack technique is called Load Value Injection, and the CVE assigned to it is CVE-2020-0551.

Researchers have previously looked at MDS (Microarchitectural Data Sampling) from one direction only; the victim accesses the secret, which gets loaded in the MDS buffers, while the attacker leaks the contents of the MDS buffers by issuing a load instruction which requires microcode assists (for example, by reading an invalid address). However, the MDS buffers can also be abused the other way around; if an attacker sprays the MDS buffers with a particular value, a victim may speculatively load that particular value when a load instruction triggers such a microcode assist (for example, the load instruction triggers a fault). By carefully analyzing what Spectre is and what MDS is, a keen eye will quickly identify the root cause of the new, LVI-LFB, vulnerability; an indirect memory branch which requires a microcode assist being fed stale values from the MDS buffers which can be controlled by an attacker, thus leading to speculative arbitrary code execution.

Other attack scenarios have been described by academic researchers who independently discovered and first reported the issue to Intel in April, 2019. Bitdefender reported the issue to Intel on February 10th, 2020. Their response on February 25th acknowledged the issue, and also revealed that public disclosure would occur on March 10th 2020.

Which Systems Are Affected?

The LVI-LFB Attack affects newer Intel CPUs which make use speculative-execution.

Mitigation

Mitigation strategies for hardware-based, side-channel attacks fall under several categories, each with a degree of operational impact on organizations.

  1. Hardware. These are fixes included directly within hardware and apply to only generations of CPUs which were built after the architectural flaws were identified.
  2. Software. These are patch implementations which function entirely within software. Kernel Page Table Isolation (KPTI) is an example of a fix that protects the kernel memory in an isolated virtual address space, thus rendering several speculative side-channel attacks, such as Meltdown, ineffective. However, to be effective against app-to-app LVI-LFB, a new type of KPTI – horizontal KPTI – is needed. Alternatively, the operating system must also flush the MDS buffers (LFBs in particular) when transitioning from a less privileged mode into a more privileged mode, to avoid microcode assisted memory accesses from executing speculatively with attacker controlled data
  3. Microcode. These mitigations require cooperation between hardware and software. The hardware vendor supplies a microcode patch to expose new functionality (for example, the Spectre, L1TF or MDS mitigations) which are then used by the hypervisor or the operating system vendor(s) to mitigate the vulnerabilities.
  4. Disabling features. Disabling hyperthreading is a good idea on systems where security is critical, as would serializing all critical load operations using the lfence instruction. Other mitigations could involve modifications to the compilers, in order to generate code that is not vulnerable to such type of attacks.

Another side channel attack which was discovered by Bitdefender, the SWAPGS Attack can be mitigated using Bitdefender Hypervisor Introspection.

Credits

The Bitdefender advanced research team would like to credit the researchers who first reported this issue to Intel in April, 2019, and also thank them for their cooperation and collaboration leading-up to (and beyond) the public disclosure of this issue. The academic researchers are:

Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, and Frank Piessens

These researchers have created a dedicated website and detailed academic paper, which are available as follows:

https://lviattack.eu/ (a detailed description of the issue)

https://lviattack.eu/lvi.pdf (an academic whitepaper)

Additional information is also available from Intel, as follows:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html (advisory)

https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection (technical deep-dive)