Info Yet Another Intel Vulnerability

[soresu]

Yet another new vulnerability in Intel processors named 'Plundervolt' has been disclosed, affecting SGX and potentially allowing protected data to be stolen.

Link here.

The fact that PowerDVD still restricts 4K Blu-ray playback to SGX capable systems in light of these vulnerabilities is utterly ridiculous, they should offer it to all or none at all.

 

[moinmoin]

With this how many times SGX was broken into already? Three?

 

[IntelUser2000]

I'm not seeing Icelake. Cometlake is affected. It's been like that with the last 3 vulnerabilities.

They gotta let the old uarch go. Some fundamental differences must make it difficult to fix and new vulnerabilities arise.

 

[VirtualLarry]

Sigh. Another day, another Intel exploit. (Am I repeating myself yet?)

 

[DrMrLordX]

Awww I tried to post about that in the Xeon Meltdown/Spectre/other vulnerabilities thread but apparently the post didn't go through. Oh well!

Interesting exploit, using software OC interfaces to undervolt the CPU until SGX fails.

 

[soresu]

Awww I tried to post about that in the Xeon Meltdown/Spectre/other vulnerabilities thread but apparently the post didn't go through. Oh well!

Interesting exploit, using software OC interfaces to undervolt the CPU until SGX fails.

Oh damn I would have posted there if I knew it existed, that should probably be a sticky thead given its importance.

 

[coercitiv]

Interesting exploit, using software OC interfaces to undervolt the CPU until SGX fails.

Oh no, I can already see what the fix will do, RIP software for on-the-fly OC / undervolting / power management.

Oh damn I would have posted there if I knew it existed, that should probably be a sticky thead given its importance.

Ever since Ryzen the moderators on this forum have been repeatedly accused of AMD bias, a sticky on Intel vulnerabilities is the last thing we need in terms of pouring gas on the fire.

 

[Hitman928]

While this is a vulnerability and needed to be patched, the amount of access you need to the computer to pull it off is ridiculous. If someone can get that much access to the system, you're screwed no matter what. The ARM trust zone platform had the same issue and needed to be patched as well. You would have thought intel would have seen that and checked their own systems against the same basic attack vector, but I think it's become readily apparent that security has taken a back seat at intel for quite a while. Seems like Icelake has been more proactive in this regard so hopefully they've learned something and will apply it consistently moving forward in their designs.

 

[Mopetar]

Sigh. Another day, another Intel exploit. (Am I repeating myself yet?)

They're so consistent you can set your CPU's clock by them. 😛

 

[Jimzz]

While this is a vulnerability and needed to be patched, the amount of access you need to the computer to pull it off is ridiculous. If someone can get that much access to the system, you're screwed no matter what. The ARM trust zone platform had the same issue and needed to be patched as well. You would have thought intel would have seen that and checked their own systems against the same basic attack vector, but I think it's become readily apparent that security has taken a back seat at intel for quite a while. Seems like Icelake has been more proactive in this regard so hopefully they've learned something and will apply it consistently moving forward in their designs.

What do you mean? This, like most other issues intel CPUs have, does not require physical access to the system. if this was a one off issue then yea. But how many exploits have been shown on Intel CPUs in the last couple years.

 

[Mr Evil]

Unlike the other recent vulnerabilities in Intel CPUs which break things that protect your computer from attackers, this breaks SGX, which is intended to be used to secure "your" computer from you. Thus I would consider this vulnerability to be a good thing.

 

[Hitman928]

What do you mean? This, like most other issues intel CPUs have, does not require physical access to the system. if this was a one off issue then yea. But how many exploits have been shown on Intel CPUs in the last couple years.

The level of access (while still possible to do remotely) is far and above what Specter and its variants require.

Plundervolt

This is because the undervolting interface is only accessible with root privileges.

We also reviewed common hypervisors and virtual machine software, and found that the guest OS cannot access the undervolting interface.

Basically you have to be able to remote in as root as well as have the interface enabled to allow for register manipulation on the VRMs in order to change the voltage levels. You own the system at that point. Yes SGX is supposed to still guard against even root being able to get the crypto keys and break protected encrypted memory, but if someone is malicious and literally has root access to the system, this type of attack is probably like number 241 on their to do list. Yes it's something that needs to get fixed but like I said, if they can pull this attack off, you're screwed anyway whether it's patched or not against this particular attack.

 

[ondma]

The problem is that even if an owner is not concerned about this type of vulnerability, he is still stuck with whatever performance hit the patch entails, since Win 10 forces updates down you throat whether you want them to or not.

 

[Hitman928]

The problem is that even if an owner is not concerned about this type of vulnerability, he is still stuck with whatever performance hit the patch entails, since Win 10 forces updates down you throat whether you want them to or not.

Given that the vulnerability is strictly within SGX and that the fix is basically a firmware update to give the option to disable voltage manipulation, I don't think you'll see any performance hit on this one.

 

[soresu]

Ever since Ryzen the moderators on this forum have been repeatedly accused of AMD bias, a sticky on Intel vulnerabilities is the last thing we need in terms of pouring gas on the fire.

Curated dual Intel/AMD vulnerability thread sticky?

It's not bias if the Intel side simply shows more vulns than the AMD one.

 

[Markfw]

Curated dual Intel/AMD vulnerability thread sticky?

It's not bias if the Intel side simply shows more vulns than the AMD one.

Start a thread in moderator discussions if you really want the other one stickied (since its more comprehensive) That way all mods can approve it, and should not cause any problems. Then we can merge this one in. If we do, we need to update/change the thread title.

 

[coercitiv]

It's not bias if the Intel side simply shows more vulns than the AMD one.

You don't have to tell me that, just watch what happens after the fact.

 

[DrMrLordX]

While this is a vulnerability and needed to be patched, the amount of access you need to the computer to pull it off is ridiculous.

Not really. If you read the exploit, you'll notice that SGX was designed to isolate certain processes so having root in the host VM/host OS is still not a threat sufficient to exfiltrate data or otherwise interfere with said process. That's the whole premise behind SGX - a last line of defense against malicious attackers gaining root. SGX just flat-out doesn't work.