Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PlunderVolt attack hijacks Intel SGX Enclaves by tweaking CPU Voltage

A team of researchers devised a new attack technique, dubbed PlunderVolt, to hijack Intel SGX enclave by tweaking CPU voltage. A group of security researchers (Kit Murdock, David Oswald, Flavio D Garcia (The University of Birmingham), Jo Van Bulck, Frank Piessens (imec-DistriNet, KU Leuven), Daniel Gruss (Graz University of Technology)) demonstrated a new attack technique, dubbed PlunderVolt, to […]

PlunderVolt

A team of researchers devised a new attack technique, dubbed PlunderVolt, to hijack Intel SGX enclave by tweaking CPU voltage.

A group of security researchers (Kit Murdock, David Oswald, Flavio D Garcia (The University of Birmingham), Jo Van Bulck, Frank Piessens (imec-DistriNet, KU Leuven), Daniel Gruss (Graz University of Technology)) demonstrated a new attack technique, dubbed PlunderVolt, to hijack the Intel SGX enclave by tweaking .

Intel Software Guard eXtensions (SGX) is a technology for application developers that allows protecting select code and data from disclosure or modification. The Intel SGX allows application code executing within an Intel SGX enclave, which are protected areas of execution in memory.

Enclaves are designed to be protected from processes running at higher privilege levels, including the operating system, kernel, BIOS, SMM, hypervisor.

The Plundervolt issue, tracked as CVE-2019-11157, is related to the fact that modern processors allow frequency and voltage to be adjusted when needed. An attacker could modify the voltage in a controlled way to induce errors in the memory by flipping bits and trigger the condition for the Rowhammer attack.

PlunderVolt

Rowhammer is classified as a problem affecting some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows, this means that theoretically, an attacker can change any value of the bit in the memory.

The Plundervolt attack leverages bit flipping by injecting faults in the CPU before they are written to the memory.

Plundervolt leverages a technique called CLKSCREW that exploits energy management of CPU to breach hardware security and take control over a targeted system.

“We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor’s supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX’s memory encryption/authentication technology cannot protect against Plundervolt.” reads the paper published the experts.

“We show that a privileged adversary is able to inject faults into protected enclave computations. Crucially, since the faults happen within the processor package, i.e., before the results are committed to memory, Intel SGX’s memory integrity protection fails to defend against our attacks,”

The experts published PoC videos that show how to carry out the attack by increasing or decreasing the voltage delivered to a targeted CPU. This technique allows an attacker to trigger computational faults in the encryption algorithms used by SGX enclaves, making it possible to decrypt SGX data.

The experts also released a proof-of-concept (PoC) on GitHub.

“For the first time, we bypass Intel SGX’s integrity guarantees by directly injecting faults within the processor package.” continues the paper. “We demonstrate the effectiveness of our attacks by injecting faults into Intel’s RSA-CRT and AES-NI implementations running in an SGX enclave, and we reconstruct full cryptographic keys with negligible computational efforts,” the researchers said.

“Given a pair of correct and faulty ciphertext on the same plaintext, this attack is able to recover the full 128-bit AES key with a computational complexity of only 232+256 encryptions on average. We have run this attack in practice, and it only took a couple of minutes to extract the full AES key from the enclave, including both fault injection and key computation phases.”

The Plundervolt attack works against all SGX-enabled Intel Core processors starting with the Skylake generation. Intel acknowledged the issue and released microcode and BIOS updates to address the Plundervolt flaw and tens of other high and medium severity vulnerabilities. The mitigation consists of locking voltage to the default settings.

“Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings,” Intel’s blog post published today reads. “We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.” reads the post published by Intel.

“We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

Below the list of CPU models affected by the Plundervolt issue:

  • Intel 6th, 7th, 8th, 9th & 10th Generation Core Processors
  • Intel Xeon Processor E3 v5 & v6
  • Intel Xeon Processor E-2100 & E-2200 Families
  • For the full list of affected products, you can head on to Intel’s security advisory INTEL-SA-00289.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Plundervolt, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]