Intel CPUs are at the center of controversy once again as yet another vulnerability is discovered by Cybersecurity researchers. The security vulnerability is named “Plundervolt” by the researchers which is a mixture of the words “plunder” and “undervolt.”
The security flaw is noted under CVE-2019-11157 and was first reported to Intel back in June of this year under the company’s bug bounty program. The program puts the findings under a 6-month NDA which is lo longer applies.
Hence, Cybersecurity researchers have made their findings public. According to their findings, the security vulnerability can compromise SGX (software guard extensions) protected by undervolting the CPU when executing protected computations, to the degree that the SGX memory encryption failed to protect data. Cybersecurity researchers also released proof of concept code. Plundervolt is similar yet different from “Rowhammer” as it flips bits inside the CPU prior to their shift to memory, so SGX isn’t able to protect the data. You can check out the entire Intel CPU research document for yourself.