 Logo for the Load Value Injection security vulnerability | |
| CVE identifier | CVE-2020-0551 |
|---|---|
| Date discovered | March 2020; 5 years ago (2020-03) |
| Affected hardware | Intel x86microprocessors |
| Website | lviattack |
Load value injection (LVI) is an attack onIntel microprocessors that can be used to attackIntel'sSoftware Guard Extensions (SGX) technology.[1] It is a development of the previously knownMeltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.[2][3]
In theory, any processor affected by Meltdown may be vulnerable to LVI,[4] but as of March 2020[update], LVI is only known to affect Intel microprocessors.[2] Intel has published a guide to mitigating the vulnerability by using compiler technology, requiring existing software to be recompiled to addLFENCEmemory barrierinstructions at every potentially vulnerable point in the code.[5] However, this mitigation appears likely to result in substantial performance reductions in the recompiled code.[6]