# Load Value Injection (LVI) ***LVI** is a new class of transient-execution attacks exploiting **microarchitectural flaws** in modern processors to **inject attacker data** into a victim program and **steal sensitive data and keys** from **Intel SGX**, a secure vault in Intel processors for your personal data.* https://lviattack.eu/ - Discovered: 2020 - Mitigated: 2020 - Paper: [abstract](https://ieeexplore.ieee.org/document/9152763), [pdf](https://lviattack.eu/lvi.pdf) - PoC: [sgx-step](https://github.com/jovanbulck/sgx-step/tree/master/app/lvi) ### Main website LVI is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data. **Affected products** We believe that LVI is principally relevant as an attack by a malicious compromised operating system or hypervisor targeting Intel SGX enclaves. As such, in our current assessment, you should consider LVI and install updates if you are using a **recent processor equipped with Intel SGX** technology (see "What is Intel SGX" below). Intel provides a list with all affected products [here](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html). SGX is supported on certain Core-family processors from Skylake onwards. ==The most recent Icelake Core-family processors appear unaffected by LVI. We found that some other recent, acclaimed Meltdown-resistant recent Core-family processors are only potentially vulnerable to LVI-zero-data (aka loads exhibiting zero injection behavior only). Among Atom processors, only older Silvermont/Airmont (without SGX support) are potentially affected.== **Mitigations** Future CPUs will contain silicon fixes to mitigate LVI directly in hardware. At least for SGX enclaves a short-term solution is needed to mitigate LVI on current, widely deployed systems. In contrast to previous Meltdown-type attacks, processor **microcode updates to flush affected buffers are no longer sufficient.** Instead, complementary to existing Spectre software mitigations, LVI necessitates **compiler patches to insert explicit `lfence` speculation barriers** which serialize the processor pipeline after potentially _every_ vulnerable load instruction. Additionally and even worse, due to implicit loads, **certain instructions have to be blacklisted,** including the ubiquitous x86 `ret` instruction. Intel is releasing an update for the [Intel SGX SDK](https://github.com/intel/linux-sgx) to assist SGX application providers in updating their enclave code. For other guidance, please review Intel’s white paper [here](https://software.intel.com/security-software-guidance/deep-dives/deep-dive-load-value-injection). For more information on trusted computing base recovery in the Intel SGX ecosystem, see [here](https://software.intel.com/sites/default/files/managed/01/7b/Intel-SGX-Trusted-Computing-Base-Recovery.pdf). ### Wikipedia [page](https://en.wikipedia.org/wiki/Load_value_injection) *Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's Software Guard Extensions (SGX) technology.[1] It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.[2][3]* **Mitigations** > In theory, any processor affected by Meltdown may be vulnerable to LVI,[4] but as of March 2020, LVI is only known to affect Intel microprocessors.[2] Intel has published a guide to mitigating the vulnerability by using compiler technology, requiring existing software to be recompiled to add LFENCE memory barrier instructions at every potentially vulnerable point in the code.[5] However, this mitigation appears likely to result in substantial performance reductions in the recompiled code.[6] ### (GitHub Issue) [Occlum#842](https://github.com/occlum/occlum/discussions/842) > If you are using Intel SGX2 with the latest BIOS, you may not need the LVI mitigation.