LVI has been assigned CVE-2020-0551 with a base score of 5.6 Medium, CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N. This transient execution attack 3 is called load value injection (LVI) and is an example of a cross-domain transient execution attack.īecause LVI methods requires several complex steps 4 to be chained together when the victim is executing, it is primarily applicable to synthetic victim code developed by researchers or attacks against Intel® Software Guard Extensions (Intel® SGX) by malicious operating systems (OSes) or virtual machine managers (VMMs). The adversary may then be able to infer the data's value through analyzing the covert channel. For certain code sequences, those dependent operations may create a covert channel with data of interest to the adversary. If an adversary can cause a specified victim load to fault, assist, or abort, the adversary may be able to select the data to have forwarded to dependent operations by the faulting/assisting/aborting load. On some processors, faulting or assisting 1 load operations may transiently receive data from a microarchitectural buffer 2. Note that this documentation will use more precise (but different) terminology for transient execution side channel methods than we have used in past documents.īe sure to review the updated terminology guide and the list of affected processors. This technical documentation expands on the information in the Load Value Injection (LVI) disclosure overview for software developers.
0 kommentar(er)
