Wednesday, December 11th 2019
New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data
A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.
Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mitigation against this vulnerability. The research paper can be read here.
Source:
Plundervolt
Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mitigation against this vulnerability. The research paper can be read here.
74 Comments on New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data
Intel = Fast&Risky
"Hey, six months ago our bug bounty program helped us to identify and mitigate the flaw. The update was rolled out to board vendors four months ago and we recommend everyone updates to the latest BIOS to ensure your systems are fully-protected"
But no, the first we hear about it is always the NDA deadline coming and going with Intel only promising vague future action at some undetermined point in the future, already being six months too late.
Also in cloud systems, SGX was meant to be the safe place to execute highly confidential data without risk of cloud owners accessing the data.
Root access causing SGX vulnerability undermines the usage of SGX. Thus it is a major vulnerability (to BD players DRM, and cloud services users of SGX)
This one is almost nothing. It is major if you are a cloud service provider... letting your users run around with root. Maybe.
The cloud provider employees can possibly do espionage against a client using this technique.
Yes that is a legit concern. Not something standard users need worry about,but a concern all the same.
e.g www.theinquirer.net/inquirer/news/3066979/this-linux-virus-is-a-total-jerk-even-by-malware-standards
or via software www.neowin.net/news/multiple-vulnerabilities-found-in-kaspersky-labs-anti-virus-for-linux-file-server/
Oh, how the tables have turned.
Just because that is Intel... a dirty player and we have seen it several times. And the bounty program is just raising dust and disorientation program. Playing the good Company who cares about consumers, oh my laughs... I cannot take it...
It doesn't matter what the vulnerability is, only whether it needs patching. If it needs patching, everyone suffers the performance hit whether the vulnerability is relevant to them or not.
I remember when intel suggested that we stop overclocking our 'K' series Kabylake processors.
“We do not recommend running outside the processor specifications, such as by exceeding processor frequency or voltage specifications, or removing of the integrated heat spreader to avoid high temps. "
How many have been found that we don't know about is the question. That also means Intel doesn't have to fix it...