load value injection

{{short description|Microprocessor security vulnerability}}

{{See also|Transient execution CPU vulnerability}}

{{Infobox bug

| name = Load value injection

| image = 180px

| caption = Logo for the Load Value Injection security vulnerability

| CVE = {{CVE|2020-0551|link=no}}

| discovered = {{Start date and age|2020|03|df=No}}

| patched =

| discoverer =

| affected hardware = Intel x86 microprocessors

| website = {{URL|https://lviattack.eu/}}

}}

Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's Software Guard Extensions (SGX) technology.{{Cite web|url=https://software.intel.com/security-software-guidance/software-guidance/load-value-injection|title=Load Value Injection|last=|first=|date=2020-03-10|website=software.intel.com|archive-url=|archive-date=|access-date=2020-03-11}} It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.{{Cite web|url=https://www.zdnet.com/article/intel-cpus-vulnerable-to-new-lvi-attacks/|title=Intel CPUs vulnerable to new LVI attacks|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=2020-03-11}}{{Cite web|url=https://www.tomshardware.com/uk/news/load-value-injection-vulnerability-found-in-intel-chips|title=New Load Value Injection Vulnerability Found In Intel Chips|last=Alcorn|first=Paul|date=10 March 2020|website=Tom's Hardware|language=en|archive-url=|archive-date=|access-date=2020-03-11}}

In theory, any processor affected by Meltdown may be vulnerable to LVI,{{Cite web|url=https://www.theregister.co.uk/2020/03/10/lvi_intel_cpu_attack/|title=Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance|last=Claburn|first=Thomas|date=10 Mar 2020|website=www.theregister.co.uk|language=en|archive-url=|archive-date=|access-date=2020-03-11}} but {{As of|2020|03|lc=yes}}, LVI is only known to affect Intel microprocessors. Intel has published a guide to mitigating the vulnerability by using compiler technology, requiring existing software to be recompiled to add LFENCE memory barrier instructions at every potentially vulnerable point in the code.{{Cite web|url=https://software.intel.com/security-software-guidance/insights/optimized-mitigation-approach-load-value-injection|title=An Optimized Mitigation Approach for Load Value Injection|website=software.intel.com|access-date=2020-03-11}} However, this mitigation appears likely to result in substantial performance reductions in the recompiled code.{{Cite web|url=https://www.anandtech.com/show/15608/load-value-injection-a-new-intel-attack-bypasses-sgx-with-significant-performance-mitigation-concerns|title=Load Value Injection: A New Intel Attack Bypasses SGX with Significant Performance Mitigation Concerns|last=Cutress|first=Ian|website=www.anandtech.com|access-date=2020-03-11}}