• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

Joined
Mar 10, 2015
Messages
3,984 (1.12/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.

I get the sentiment but I am still impressed with human ingenuity. That said, it isn't always that difficult to get root once you are there. This just gives you something else to do.
 
Joined
Jun 19, 2010
Messages
409 (0.08/day)
Location
Germany
Processor Ryzen 5600X
Motherboard MSI A520
Cooling Thermalright ARO-M14 orange
Memory 2x 8GB 3200
Video Card(s) RTX 3050 (ROG Strix Bios)
Storage SATA SSD
Display(s) UltraHD TV
Case Sharkoon AM5 Window red
Audio Device(s) Headset
Power Supply beQuiet 400W
Mouse Mountain Makalu 67
Keyboard MS Sidewinder X4
Software Windows, Vivaldi, Thunderbird, LibreOffice, Games, etc.
AMD = Cool&Quiet
Intel = Fast&Risky
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,230 (6.64/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
I'm downright tired of these vulnerabilities, especially those that has a microcode patch that results in lower performance.
Can't researchers shut up about these and make them confidental?
Also, I don't care about privacy cr4p at all. Just let me have full performance from the processor, please.

We as consumers have a right to know about these security threats.
 
Joined
Jun 18, 2015
Messages
341 (0.10/day)
Location
Perth , West Australia
System Name schweinestalle
Processor AMD Ryzen 7 3700 X
Motherboard Asus Prime - Pro X 570 + Asus PCI -E AC68 Dual Band Wi-Fi Adapter
Cooling Standard Air
Memory Kingston HyperX 2 x 16 gb DDR 4 3200mhz
Video Card(s) AMD Radeon 5700 XT 8 GB Strix
Storage Intel SSD 240 gb Speed Demon & WD 240 SSD Blue & WD 250 SSD & WD Green 500gb SSD & Seagate 1 TB Sata
Display(s) Asus XG 32 V ROG
Case Corsair AIR ATX
Audio Device(s) Realtech standard
Power Supply Corsair 850 Modular
Mouse CM Havoc
Keyboard Corsair Cherry Mechanical
Software Win 10
Benchmark Scores Unigine_Superposition 4K ultra 7582
what the hell is going on with intel … are they being targeted by a source ……… im no bond obviously , yet I feel bad fore the them ….:wtf:
 
Joined
Oct 25, 2005
Messages
193 (0.03/day)
Location
Long Island, NY
Processor 9700K
Motherboard Asrock Z390 Phantom Gaming-ITX/ac
Cooling Alpenfohn Black Ridge
Memory 32GB Micron VLP 18ADF2G72AZ-3G2E1
Video Card(s) 3090 FE
Display(s) Samsung G9 NEO
Case Formd T1
Power Supply Corsair SF750
Get ready for Intels fix... They'll probably lock cpu voltage...
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,473 (4.10/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
what the hell is going on with intel … are they being targeted by a source ……… im no bond obviously , yet I feel bad fore the them ….:wtf:

I already addressed this. They literally pay people to find vulnerabilities, that's why vulnerabilities keep getting found. I believe the bounty can be as much as $100,000.
 

freeagent

Moderator
Staff member
Joined
Sep 16, 2018
Messages
8,560 (3.78/day)
Location
Winnipeg, Canada
Processor AMD R7 5800X3D
Motherboard Asus Crosshair VIII Dark Hero
Cooling Thermalright Frozen Edge 360, 3x TL-B12 V2, 2x TL-B12 V1
Memory 2x8 G.Skill Trident Z Royal 3200C14, 2x8GB G.Skill Trident Z Black and White 3200 C14
Video Card(s) Zotac 4070 Ti Trinity OC
Storage WD SN850 1TB, SN850X 2TB, SN770 1TB
Display(s) LG 50UP7100
Case Fractal Torrent Compact
Audio Device(s) JBL Bar 700
Power Supply Seasonic Vertex GX-1000, Monster HDP1800
Mouse Logitech G502 Hero
Keyboard Logitech G213
VR HMD Oculus 3
Software Yes
Benchmark Scores Yes
I bet if people start digging they could probably do something similar with an AMD cpu. Or maybe not.. but wow what a shit storm that would be lol.
 
Joined
Sep 24, 2019
Messages
64 (0.03/day)
Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access.

And if you have that, you don't need some fancy exploit to gain access to whatever data you want, or worse, delete or encrypt all the data.
 
Joined
Mar 10, 2015
Messages
3,984 (1.12/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
And if you have that, you don't need some fancy exploit to gain access to whatever data you want, or worse, delete or encrypt all the data.

Not necessarily. It sounds like the SgX might be OS agnostic. Else, as you said, you wouldn't need to do this with root access.
 
Joined
Aug 24, 2004
Messages
217 (0.03/day)
Well I think my next rig will be a Ryzen based one. Better get on it before everyone starts price gouging..
 
Joined
Feb 20, 2019
Messages
8,284 (3.93/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Wouldn't be great if, JUST ONCE, the first we heard about an Intel CPU vulnerability was when Intel themselves went public, something along the lines of

"Hey, six months ago our bug bounty program helped us to identify and mitigate the flaw. The update was rolled out to board vendors four months ago and we recommend everyone updates to the latest BIOS to ensure your systems are fully-protected"

But no, the first we hear about it is always the NDA deadline coming and going with Intel only promising vague future action at some undetermined point in the future, already being six months too late.
 
Joined
Jun 18, 2015
Messages
341 (0.10/day)
Location
Perth , West Australia
System Name schweinestalle
Processor AMD Ryzen 7 3700 X
Motherboard Asus Prime - Pro X 570 + Asus PCI -E AC68 Dual Band Wi-Fi Adapter
Cooling Standard Air
Memory Kingston HyperX 2 x 16 gb DDR 4 3200mhz
Video Card(s) AMD Radeon 5700 XT 8 GB Strix
Storage Intel SSD 240 gb Speed Demon & WD 240 SSD Blue & WD 250 SSD & WD Green 500gb SSD & Seagate 1 TB Sata
Display(s) Asus XG 32 V ROG
Case Corsair AIR ATX
Audio Device(s) Realtech standard
Power Supply Corsair 850 Modular
Mouse CM Havoc
Keyboard Corsair Cherry Mechanical
Software Win 10
Benchmark Scores Unigine_Superposition 4K ultra 7582
I bet if people start digging they could probably do something similar with an AMD cpu. Or maybe not.. but wow what a shit storm that would be lol.
[/QUOTEi
i reakon amd is leaps and bounds ahead on old intel core and memory platforms that its become easier for hackers to exploit them ....my 2 cents lol
 
Joined
Aug 24, 2018
Messages
818 (0.36/day)
System Name Dell Inspiron 7375
Processor AMD Ryzen™ 7 2700U Mobile Processor with Radeon™ RX Vega 10 Graphics
Memory 16GB (total) 2400MHz DDR4 SODIMM
Video Card(s) Radeon™ RX Vega 10 Graphics
Storage SanDisk X600 SATA SSD 512GB
Display(s) BOE NV13FHM
Audio Device(s) Realtek ALC3253 (Dell Labelling) ALC255 (Real name)
SGX was meant to be a secure enclave where no system code, including root can access the data being processed. Also why UHD-BD requires SGX.
Also in cloud systems, SGX was meant to be the safe place to execute highly confidential data without risk of cloud owners accessing the data.
Root access causing SGX vulnerability undermines the usage of SGX. Thus it is a major vulnerability (to BD players DRM, and cloud services users of SGX)
 
Joined
Aug 23, 2007
Messages
153 (0.02/day)
System Name CyberMania
Processor AMD RYZEN 7 5800X
Motherboard GB AORUS PRO AC B550
Cooling CM HYPER212 TURBO ARGB
Memory XPG D50 DDR4-3600 16X 2
Video Card(s) SAPPHIRE AMD RX580
Storage XPG M.2 NVME SPECTRIX D40 512GB 2TB
Display(s) SAMSUNG 32" T55 Curved Monitor
Case CM ELITE 430
Audio Device(s) REALTEK HD
Power Supply CM WME GOLD 650WATT
Software Windows 10 21H2 LTSC 2021
intel is hollysh1t now...
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
We as consumers have a right to know about these security threats.

Yes, and you also have a right to know about how much of a threat they actually are.

This one is almost nothing.

SGX was meant to be a secure enclave where no system code, including root can access the data being processed. Also why UHD-BD requires SGX.
Also in cloud systems, SGX was meant to be the safe place to execute highly confidential data without risk of cloud owners accessing the data.
Root access causing SGX vulnerability undermines the usage of SGX. Thus it is a major vulnerability (to BD players DRM, and cloud services users of SGX)

It is major if you are a cloud service provider... letting your users run around with root. Maybe.
 
Joined
Jul 16, 2014
Messages
8,198 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
There's a party under that IHS!!! BYOV ( Bring your own voltage ) :kookoo:

Yes, and you also have a right to know about how much of a threat they actually are.

This one is almost nothing.
I had thought there was a threat scale/chart.
 
Joined
Aug 24, 2018
Messages
818 (0.36/day)
System Name Dell Inspiron 7375
Processor AMD Ryzen™ 7 2700U Mobile Processor with Radeon™ RX Vega 10 Graphics
Memory 16GB (total) 2400MHz DDR4 SODIMM
Video Card(s) Radeon™ RX Vega 10 Graphics
Storage SanDisk X600 SATA SSD 512GB
Display(s) BOE NV13FHM
Audio Device(s) Realtek ALC3253 (Dell Labelling) ALC255 (Real name)
It is major if you are a cloud service provider... letting your users run around with root. Maybe.
Its not allowing the client to run as root that SGX tries to help, its preventing the cloud provider services to gain access to client data.
The cloud provider employees can possibly do espionage against a client using this technique.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Its not allowing the client to run as root that SGX tries to help, its preventing the cloud provider services to gain access to client data.
The cloud provider employees can possibly do espionage against a client using this technique.

Oh, I see.

Yes that is a legit concern. Not something standard users need worry about,but a concern all the same.
 
Joined
Jun 18, 2015
Messages
341 (0.10/day)
Location
Perth , West Australia
System Name schweinestalle
Processor AMD Ryzen 7 3700 X
Motherboard Asus Prime - Pro X 570 + Asus PCI -E AC68 Dual Band Wi-Fi Adapter
Cooling Standard Air
Memory Kingston HyperX 2 x 16 gb DDR 4 3200mhz
Video Card(s) AMD Radeon 5700 XT 8 GB Strix
Storage Intel SSD 240 gb Speed Demon & WD 240 SSD Blue & WD 250 SSD & WD Green 500gb SSD & Seagate 1 TB Sata
Display(s) Asus XG 32 V ROG
Case Corsair AIR ATX
Audio Device(s) Realtech standard
Power Supply Corsair 850 Modular
Mouse CM Havoc
Keyboard Corsair Cherry Mechanical
Software Win 10
Benchmark Scores Unigine_Superposition 4K ultra 7582
I already addressed this. They literally pay people to find vulnerabilities, that's why vulnerabilities keep getting found. I believe the bounty can be as much as $100,000.
send the Mandalorian ,,,,,,,,,,,,:pimp:
 
Joined
Sep 17, 2014
Messages
22,452 (6.03/day)
Location
The Washing Machine
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling Thermalright Peerless Assassin
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
I vaguely remember us saying the timing for these vulnerabilities was in favor of Intel because their 10nm was stalling.

Oh, how the tables have turned.
 
Joined
Sep 3, 2019
Messages
3,515 (1.84/day)
Location
Thessaloniki, Greece
System Name PC on since Aug 2019, 1st CPU R5 3600 + ASUS ROG RX580 8GB >> MSI Gaming X RX5700XT (Jan 2020)
Processor Ryzen 9 5900X (July 2022), 220W PPT limit, 80C temp limit, CO -6-14, +50MHz (up to 5.0GHz)
Motherboard Gigabyte X570 Aorus Pro (Rev1.0), BIOS F39b, AGESA V2 1.2.0.C
Cooling Arctic Liquid Freezer II 420mm Rev7 (Jan 2024) with off-center mount for Ryzen, TIM: Kryonaut
Memory 2x16GB G.Skill Trident Z Neo GTZN (July 2022) 3667MT/s 1.42V CL16-16-16-16-32-48 1T, tRFC:280, B-die
Video Card(s) Sapphire Nitro+ RX 7900XTX (Dec 2023) 314~467W (375W current) PowerLimit, 1060mV, Adrenalin v24.10.1
Storage Samsung NVMe: 980Pro 1TB(OS 2022), 970Pro 512GB(2019) / SATA-III: 850Pro 1TB(2015) 860Evo 1TB(2020)
Display(s) Dell Alienware AW3423DW 34" QD-OLED curved (1800R), 3440x1440 144Hz (max 175Hz) HDR400/1000, VRR on
Case None... naked on desk
Audio Device(s) Astro A50 headset
Power Supply Corsair HX750i, ATX v2.4, 80+ Platinum, 93% (250~700W), modular, single/dual rail (switch)
Mouse Logitech MX Master (Gen1)
Keyboard Logitech G15 (Gen2) w/ LCDSirReal applet
Software Windows 11 Home 64bit (v24H2, OSBuild 26100.2161), upgraded from Win10 to Win11 on Jan 2024
One thing that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure OR are their more vulnerabilities being found because Intel pays a bounty to people that find vulnerabilities and AMD doesn't?
It can easily cross my mind that Intel is paying a whole division to find and expose AMD vulnerabilities. We just dont know about it.
Just because that is Intel... a dirty player and we have seen it several times. And the bounty program is just raising dust and disorientation program. Playing the good Company who cares about consumers, oh my laughs... I cannot take it...
 
Joined
Feb 20, 2019
Messages
8,284 (3.93/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Yes, and you also have a right to know about how much of a threat they actually are.
This one is almost nothing.
It is major if you are a cloud service provider... letting your users run around with root. Maybe.

Well, even though none of use are cloud service providers with dumb customer policies, those exploits still get OS and microcode patches that hamper the performance of ordinary things like web-browsing, gaming, photo-editing.

It doesn't matter what the vulnerability is, only whether it needs patching. If it needs patching, everyone suffers the performance hit whether the vulnerability is relevant to them or not.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,473 (4.10/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
It can easily cross my mind that Intel is paying a whole division to find and expose AMD vulnerabilities. We just dont know about it.
Just because that is Intel... a dirty player and we have seen it several times. And the bounty program is just raising dust and disorientation program. Playing the good Company who cares about consumers, oh my laughs... I cannot take it...

Yes, wild baseless speculation. That's what we should do!
 
Joined
Jul 29, 2014
Messages
484 (0.13/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
So much for Enhanced Intel SpeedStep and Turbo Boost technology. At this point entire Core Architecture is flawed regardless of the performance it offers. Same goes for their upcoming 10th Gen Comet Lake.

I remember when intel suggested that we stop overclocking our 'K' series Kabylake processors.
“We do not recommend running outside the processor specifications, such as by exceeding processor frequency or voltage specifications, or removing of the integrated heat spreader to avoid high temps. "
 
Top