rc3

LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
2020-12-27, 19:10–19:50, chaosstudio-hamburg

Load Value Injection (LVI) is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.


Since 2018, we have seen an alarming wave of Meltdown-type attacks: from the
original Meltdown, breaking kernel isolation, over Foreshadow, breaking virtual
machine and SGX enclave isolation, to most recently ZombieLoad, breaking
essentially all of these. All of these attacks exploit CPU vulnerabilities to
leak data, breaking basically all confidentiality guarantees of CPUs. Luckily,
there are already widely deployed countermeasures -- either in hardware or
software -- preventing exploitation of these attacks.

In this talk, we show that despite all countermeasures, the Meltdown effect can
be turned around to inject attacker-controlled data into the microarchitectural
state of any application. This technique, called Load Value Injection (LVI),
smuggles the attacker's data through hidden processor buffers into a victim
program and allows to hijack both transient control flow as well as the data
flow. By forcing a (microarchitectural) fault in the victim, the victim
transiently calculates on maliciously injected data. Especially in the case of
trusted execution environments, such as Intel SGX, where an attacker has full
control of the operating system, adversaries can easily trigger a fault in the
victim and leak arbitrary enclave secrets. We show that this can be exploited
for all CPUs that were affected by some variant of Meltdown.
As a result, we can bypass existing Meltdown countermeasures,
arbitrarily change control flow, and let the application work on
attacker-controlled data.

We outline the drastic consequences for affected CPUs. After nearly 1
year of embargo, fully mitigating our attacks requires serializing the
processor pipeline with memory fence instructions after possibly every
memory load. Additionally and even worse, due to implicit loads on some
architectures, specific instructions have to be blacklisted, including
the ubiquitous x86 ret instruction. Intel's compiler mitigations lead to
performance impacts of factor 2 to 19. In a demo, we show how LVI can be
used to leak a cryptographic key.

For more information about our work, including demo videos and a
trailer, see: https://lviattack.eu/

A technical paper about this work appeared at IEEE S&P 2020 and is
available here: https://lviattack.eu/lvi.pdf