Wednesday, December 11th 2019

New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.

Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mitigation against this vulnerability. The research paper can be read here.
Source: Plundervolt
Add your own comment

74 Comments on New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

#1
Chomiq
Had to do it:
Come on Intel it's time to rebuild your cpu architecture from the scratch.
Posted on Reply
#2
Xuper
Image if you can rise Vcore CPU in department like FBI , Dow jones , or even Airport , Power plant , ......via flash driver.
Posted on Reply
#3
HD64G
Not surprised at all from this news. Surprised only by customers that keep buying Intel CPUs...
Posted on Reply
#4
Logoffon
I'm downright tired of these vulnerabilities, especially those that has a microcode patch that results in lower performance.
Can't researchers shut up about these and make them confidental?
Also, I don't care about privacy cr4p at all. Just let me have full performance from the processor, please.
Posted on Reply
#5
ratirt
HD64G
Not surprised at all from this news. Surprised only by customers that keep buying Intel CPUs...
Been thinking the same. Although, I see now a change in the winds you know. The big PC vendors like HP for instance are slowly moving towards AMD at least in some areas. At my work we have been refused to purchase same Elitedesk G4's with Intel CPU because HP is not selling these any longer. We had to go with Ryzen. The Intel equipped desktops are still listed but when you want a large number of desktops, the company will not be able to deliver because these are only leftovers I suppose. :)
What is most important, since the vulnerabilities, companies purchasing Intel desktops from HP or any other vendor, might have an issue with them for selling security flawed equipment. There has to be a response to the vulnerabilities from the market.
Posted on Reply
#6
Chomiq
ratirt
Been thinking the same. Although, I see now a change in the winds you know. The big PC vendors like HP for instance are slowly moving towards AMD at least in some areas. At my work we have been refused to purchase same Elitedesk G4's with Intel CPU because HP is not selling these any longer. We had to go with Ryzen. The Intel equipped desktops are still listed but when you want a large number of desktops, the company will not be able to deliver because these are only leftovers I suppose. :)
They have to divert some of their production to AMD simply because Intel has continued supply shortages.
Posted on Reply
#8
londiste
Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access.
Posted on Reply
#9
ratirt
Chomiq
They have to divert some of their production to AMD simply because Intel has continued supply shortages.
Well this is just as possible as what I said. Maybe the vulnerabilities and supply issues are both correct. For the companies going Ryzen is simply killing 2 birds with one stone :)
BTW. A cheaper stone :)
Posted on Reply
#10
Imsochobo
Logoffon
I'm downright tired of these vulnerabilities, especially those that has a microcode patch that results in lower performance.
Can't researchers shut up about these and make them confidental?
Also, I don't care about privacy cr4p at all. Just let me have full performance from the processor, please.
it's quite easy, buy something else and it's no problem.
also, I think you care if your credit card details were stolen :)
Posted on Reply
#11
R-T-B
Xuper
Image if you can rise Vcore CPU in department like FBI , Dow jones , or even Airport , Power plant , ......via flash driver.
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.
Posted on Reply
#12
hat
Enthusiast
R-T-B
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.
I agree, though I remain tired of all these vulnerabilities, and the patches that follow them that further reduce performance each time (and sometimes, cause worse things to happen).
Posted on Reply
#15
freeagent
That just means you actually have to overclock your cpu, rather than letting it oc automatically. Straight voltage, 1 multiplyer, and your silent pc is ruined lol.
Posted on Reply
#16
xkm1948
R-T-B
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.
The sound of reasoning in a sea of sensationalized replies.
Posted on Reply
#17
newtekie1
Semi-Retired Folder
So another "vulnerability" that requires you to basically hand your system over to the attacker before they can even exploit it?

Exploits like these are like saying your car is vulnerable to being stolen...if you give the car thief your car keys and walk him to your car.
Posted on Reply
#18
Super XP
So this adds to the already 250+ CPU Vulnerabilities. And those that did get patched need repatching which still don't work, because the issue is a design flaw.
And why are people still buying Intel CPU's? When AMD has the best processors on the planet. lol
Posted on Reply
#19
windwhirl
I think the only "remarkable" feature about this vulnerability is that they are using voltage, of all things, to exploit it. That's new, at least for me.
Posted on Reply
#20
Super XP
The company [INTEL] tried to downplay the problems early on, with confusing and carefully worded statements. We’re now approaching two years since these key processor flaws were discovered, and Intel is still misleading its customers over the status of fixes.

“There are tons of vulnerabilities still left
, we are sure,” says Herbert Bos, a professor at Vrije Universiteit Amsterdam, in an interview with The New York Times. “And they [INTEL] don’t intend to do proper security engineering until their reputation is at stake.
Intel claimed issues were fixed, but they weren’t..
Posted on Reply
#21
newtekie1
Semi-Retired Folder
Super XP
And why are people still buying Intel CPU's? When AMD has the best processors on the planet. lol
One thing that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure OR are their more vulnerabilities being found because Intel pays a bounty to people that find vulnerabilities and AMD doesn't?
windwhirl
I think the only "remarkable" feature about this vulnerability is that they are using voltage, of all things, to exploit it. That's new, at least for me.
I agree, I think that's pretty interesting actually. I couldn't care less about the actual vulnerability.
Posted on Reply
#22
windwhirl
newtekie1
One think that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure OR are their more vulnerabilities being found because Intel pays a bounty to people that find vulnerabilities and AMD doesn't?
Well, a quick Google search about "AMD bounty" doesn't reveal anything. On AMD's site there is a page about how to report bugs, but no mention of bounties.

Intel does have a bug bounty program on HackerOne, though, at the very least.
Posted on Reply
#23
newtekie1
Semi-Retired Folder
windwhirl
Well, a quick Google search about "AMD bounty" doesn't reveal anything. On AMD's site there is a page about how to report bugs, but no mention of bounties.

Intel does have a bug bounty program on HackerOne, though, at the very least.
That's my point. There is an actual financial incentive to find and report bugs on Intel processors. So it only makes sense that there are more found and reported on the Intel side.
Posted on Reply
#24
londiste
newtekie1
One think that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure
Intel processors are much better known in terms of microarchitectural functionality.
Posted on Reply
#25
moproblems99
R-T-B
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.
I get the sentiment but I am still impressed with human ingenuity. That said, it isn't always that difficult to get root once you are there. This just gives you something else to do.
Posted on Reply
Add your own comment