This vulnerability was first reported on June 9 this year under Intel's rewards program, which rewarded researchers for the vulnerability. Six months have passed since the NDA ended and the threat has been made public with all its details, although it is true that Intel has been working on solving the problem for some time and, in fact, it has already been quiet ways to reduce it this includes a BIOS update for that disable the undervolt in the processor.
What does Plundervolt contain?
This vulnerability is defined as ways to compromise SGX-protected memory components (Software Guard Extensions, a set of commands that increase data security and application code, to protect yourself from change)perform an undervolt on the processor while the calculation is taking place, so that SGX memory encryption does not protect data.
Plundervolt is different from the "Rowhammer" vulnerability, since it can convert fragments within a processor before they are written into memory, so that SGX does not process such information. Plundervolt, yes, requires administrator privileges to be able to convert vCore, or physical access to a PC where malicious code is performed unnecessarily because this is something that can be done remotely.
Are you affected? What will Intel do about it?
If you have an Intel processor, you may be affected Because of this it is at risk. However, this will only affect you if you are using a set of SGX commands, something that is installed separately using the SDK. In other words, ordinary users will not be directly affected – as far as we know – only developers use this SDK. So actually we must not act on this.
For its part, Intel has already released a firmware update for its BIOS processor to minimize this risk. And they did it forcibly, because this update disables the possibility of slowing down the processor, so that Plundervolt never gets killed. This is an urgent step, for now they work with a descriptive solution.
So in short, this interruption affects all Intel processes but can actually be run only on those who use the SGX SDK, so only developers can be affected. There are steps to reduce the remaining and, at present, Intel is already working on a defining solution. Therefore, it is not something to be concerned about right now.
