EnlargeIntel

For the past 26 months, Intel and other CPU makers have been assailed by Spectre, Meltdown, and a steady flow of follow-on vulnerabilities that make it possible for attackers to pluck passwords, encryption keys, and other sensitive data out of computer memory. On Tuesday, researchers disclosed a new flaw that steals information from Intels SGX, short for Software Guard eXtensions, which acts as a digital vault for securing users most sensitive secrets.

On the surface, Load Value Injection, as researchers have named their proof-of-concept attacks, works in ways similar to the previous vulnerabilities and accomplishes the same thing. All of these so-called transient-execution flaws stem from speculative execution, an optimization in which CPUs attempt to guess future instructions before they're called. Meltdown and Spectre were the first transient execution exploits to become public. Attacks named ZombieLoad, RIDL, Fallout, and Foreshadow soon followed. Foreshadow also worked against Intels SGX.

Breaking the vault

By getting a vulnerable system to run either JavaScript stored on a malicious site or code buried in a malicious app, attackers can exploit a side channel that ultimately discloses cache contents belonging to other apps and should normally be off limits. This latest vulnerability, which like other transient-execution flaws can only be mitigated and not patched, gives way to exploits that completely upend a core confidentiality guarantee of SGX.

Load Value Injection, or LVI for short, is especially important because the exploit allows for the raiding of secrets stored in the SGX enclave, the name often used for Intels Software Guard eXtensions. Apps that work with encryption keys, passwords, digital rights management technology, and other secret data often use SGX to run in a fortified container known as a trusted execution environment. LVI can also steal secrets out of other regions of a vulnerable CPU.

Released in 2015, SGX also creates isolated environments inside memory called enclaves. SGX uses strong encryption and hardware-level isolation to ensure the confidentiality of data and code and to prevent them from being tampered with. Intel designed SGX to protect apps and code even when the operating system, hypervisor, or BIOS firmware is compromised.

In the video below, researchers who discovered LVI show how an exploit can steal a secret encryption key protected by the SGX.

LVI (Load Value Injection) Demo Video

Intel has a list of affected processors here. Chips that have hardware fixes for Meltdown arent vulnerable. Exploitation may also be hindered by some defensive measures built into hardware or software that protect against null pointer dereference bugs. Some Linux distributions, for instance, dont allow the mapping of a virtual address zero in user space. Another mitigation example: recent x86 SMAP and SMEP architectural features further prohibit user-space data and code pointer dereferences respectively in kernel mode. “SMAP and SMEP have been shown to also hold in the microarchitectural transient domain,” the researchers said.

Poisoning the processor

As its name suggests, LVI works by injecting attacker data into a running program and stealing sensitive data and keys its using at the time of the attack. The malicious data flows through hidden processor buffers into the program and hijacks the execution flow of an application or process. With that, the attackers code can acquire the sensitive information. Its not possible to fix or mitigate the vulnerability inside the silicon, leaving the only mitigation option for outside developers to recompile the code their apps use. The team of researchers who devised the LVI exploit said that compiler mitigations come with a considerable hit to system performance.

“Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory,” the researchers wrote in an overview of their research. “Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations 2 up to 19 times.”

LVI reverses the exploitation process of Meltdown. Whereas Meltdown relies on an attacker probing memory offsets to infer the contents of in-flight data, LVI turns the flow around by injecting data that poisons hidden processor buffer (specifically the line fill buffer) with attacker values. From there, the attacker can hijack a process and access the data it uses.

LVI-based attacks arent likely to be used against consumer machines, because the attacks are extremely difficult to carry out and there are generally much easier ways to obtain confidential information in home and small business settings. The most likely attack scenario is a cloud-computing environment that allocates two or more customers to the same CPU. While hypervisors and other protections normally cordon off data belonging to different customers, LVI could in theory pluck out any data or code stored in SGX environments, as well as other regions of a vulnerable CPU.

In a statement, Intel officials wrote:

Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface. We thank the researchers who worked with us, and our industry partners for their contributions on the coordinated disclosure of this issue.

To mitigate the potential exploits of Load Value Injection (LVI) on platforms and applications utilizing Intel SGX, Intel is releasing updates to the SGRead More – Source

[contf] [contfnew]

arstechnica

[contfnewc] [contfnewc]