Intel Plundervolt vulnerability exposes secrets by undervolting

Another interesting security vulnerability has been discovered in Intel's processors. Called Plundervolt, this new vulnerability affects all Core processors since the Skylake generation, as well as the Xeon server lineup. Plundervolt is aptly named as the vulnerability allows attackers to gain access to sensitive data by undervolting the processor.

Overall, the risk here seems limited. The biggest worry is for datacenter and cloud operators but Plundervolt is a rather complex attack that's difficult to pull off. The attack does not require physical access but does require root access. You need to be able to run privileged code on the target machine and you need to be able to adjust the CPU's voltage (which is a feature that can be disabled in the BIOS).

But it turns out that subtle fluctuations in voltage powering the main CPU can corrupt the normal functioning inside the SGX. By subtly increasing or decreasing the current delivered to a CPU—operations known as "overvolting" and "undervolting"—a team of scientists has figured out how to induce SGX faults that leak cryptographic keys, break integrity assurances, and potentially induce memory errors that could be used in other types of attacks. While the exploit requires the execution of privileged code, it doesn't rely on physical access, raising the possibility of remote attacks.

More details at ARS Technica. The vulnerability was discovered in June and got disclosed yesterday after Intel rolled out a microcode update.