Plundervolt, a new attack on Intel CPUs could undermine the overclocking potential

Is called Plundervolt (CVE-2019-11157) the new attack shown on Intel CPU. This time we are not faced with a pure side channel vulnerability like those that have emerged over the past two years (however we talk about complementarity), but it is another type of solution that corrupts the integrity of Intel SGX on Intel Core processors acting – as the name implies – on tension. Don't worry though, the US company has already intervened by making up a corrective.

Plundervolt was discovered by an international group of researchers (The University of Birmingham, imec-DistriNet, KU Leuven and Graz University of Technology) on June 7 of this year, the date on which the problem was communicated to Intel. Other researchers have also reported it to the company by calling it by other names, for example VoltJockey or CLKScrew, which however affect the ARM and ARM Trustzone chips.

The attack emerges today because Intel published the December security bulletins on its website and distributed the related corrections. “We are not aware that any of these problems are actively exploited, but as always we recommend installing security updates as soon as possible, “explains the Santa Clara house.

The post reads that the problem affects client systems (from the sixth to the tenth generation Core) and some platforms based on Xeon E (Intel Xeon Processor E3 v5, v6 and Xeon E-2100 and E-2200). “Some researchers have shown the same class of problems on non-Intel architectures. When SGX is enabled on a system, a privileged user may be able to trigger an attack by checking the CPU voltage settings with the potential to impact the confidentiality and integrity of software resources. “

“Intel has worked with system manufacturers to develop an update of the microcode that mitigates the problem by blocking the voltage to the default settings“.

On a dedicated website, the researchers briefly explain (there are also videos that concretely show the attack) what Plundervolt consists of. “Modern processors are driven to operate faster than ever and consequently increase heat and consumption. To handle these aspects many chip makers allow the frequency and voltage to be adjusted when needed. In addition to this, they offer the user the opportunity to change voltage and frequency through privileged software interfaces “.

“With Plundervolt we have shown that these software interfaces can be used to undermine the security of a system. We have been able to corrupt the integrity of Intel SGX on Intel Core processors by checking the voltage when performing enclave-related calculations. This means that even Intel SGX's memory authentication / encryption technology cannot protect against Plundervolt. “

Intel SGX stands for Intel Software Guard Extensions, and is a set of security instructions built into the latest Intel CPUs. SGX's goal is to shield sensitive calculations within so-called enclaves (a sort of fence, editor's note). The contents of these enclaves are protected and cannot be accessed or modified from the outside. This also includes an attacker who has root privileges in the normal (untrusted) operating system. “

The researchers also explained that by analyzing common hypervisors and virtual machines, they found that the guest operating system cannot access the interface that handles undervolt. It is also not strictly necessary to have physical access to a computer to launch the attack. If you don't use SGX you don't have to fear anything, while if you use this technology then update the system BIOS (and Windows) which disables the interface dedicated to undervolt. Further details in the paper entitled “Plundervolt: Software-based Fault Injection Attacks against Intel SGX”.

At this point, a big question remains: what will become of the overclocking (OC) potential of Intel CPUs? We and many other foreign sites ask ourselves this question, but at the moment we have no certainties. In fact, mitigation deactivates the possibility of acting on the voltage (blocking it at the default parameter established by Intel), which means that this possibility should disappear in the software used by many to increase the frequencies of Intel CPUs. Therefore the overclocking software may not work after the correction. Wired says that “Intel has refused to specify how the patch will affect overclockers.” As always we will keep you updated.