Shulou(Shulou.com)06/01 Report--

Intel processor hardware VoltJockey vulnerability risk example analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

0x00 vulnerability description

On December 10, 2019, Intel officially confirmed and issued the "VoltJockey" (Knight) vulnerability announcement, the vulnerability number is: CVE-2019-11157. The vulnerability is due to the security risks of the dynamic power management module DVFS (Dynamic Voltage and Frequency Scaling), which is used in the design of modern mainstream processor microarchitecture, and there is a risk of power enhancement and information leakage.

The VoltJockey vulnerability attacks CPU based on voltage fault injection and uses hardware faults to attack CPU hardware isolation facilities such as TrustZone. Different from the traditional attack method using programming interface vulnerabilities, this method completely adopts the hardware vulnerabilities of CPU, which is relatively difficult to defend, and has a similar effect on other CPU hardware security extensions similar to TrustZone. At present, VoltJockey vulnerabilities exist widely in mainstream processor chips, which may involve the security of high-value density applications such as mobile payment, face / fingerprint recognition, secure cloud computing and so on.

In addition, this security vulnerability exists only when Intel SGX (Software Guard Extensions) is turned on. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability.

360-CERT advises relevant users to follow the official announcement of Intel in time and consult the solution.

0x01 affects products

Intel Core 6th, 7th, 8th, 9th and 10th generation processors

Intel Xeon processors E3 v5 and V6

Intel Xeon processors Emai 2100 and Emai 2200

0x02 repair recommendation

Intel advises affected users to contact the system manufacturer for the latest BIOS that can alleviate the problem

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.