'Plundervolt' attack against Intel Core CPUs prompts fix that can turn off CPU voltage tweaks

The microcode update that Intel is sending motherboard providers in response to the new 'Plundervolt' may turn off the ability to adjust CPU voltages via software. Is undervolting or overclocking at risk?

Credit: Plundervolt.com

A new attack on Intel’s CPUs, called Plunderbolt, may have an unforeseen consequence. The mitigation that fixes it appears to lock the CPU voltage to default settings, possibly preventing users from undervolting or overclocking them.

According to the researchers who authored the paper in question, every mobile and desktop Intel Core processor since the sixth-generation “Skylake” onward that supports Intel’s Software Guard Extensions (SGX) is vulnerable to the software attack, which injects faults into the processor package by very briefly decreasing the processor voltage. Injecting these faults can introduce errors into otherwise secure code, or reproduce cryptographic keys by what the researchers call negligible computational efforts.

The researchers said that they believe that the attacks can be mounted by a remote attacker, and not just one with local access.

As most researchers do, the team—made up of researchers at the University of Birmingham, the Graz University of Technology, and imec-DistriNet—reported the vulnerability to Intel, which issued an advisory and also said that it had released firmware updates to motherboard manufacturers. A related blog post by Intel said that the company was unaware of any issues in the wild. 

Most users won’t be affected by Plundervolt itself, because it first requires an attack against the system. If SGX has not been enabled or if CPU voltage is locked at the default values, the system is also not vulnerable to this attack method, an Intel spokeswoman added in a follow-up email in response to a PCWorld question.

The mitigation Intel is issuing, however, appears to lock your PC’s voltage settings, preventing you from adjusting them. “Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings,” a related Intel blog post says. 

“A BIOS update will lock the voltage to default settings that mitigate this vulnerability without need for users to enable anything and is typically provided by system manufacturers,” the Intel spokeswoman added, via email. “We recommend checking with your system manufacturer to better understand voltage settings.”

The medicine may be worse than the disease. It sounds like the Plunderbolt mitigation could effectively remove the option to “undervolt” laptops, a technique that some enthusiasts use to extend the battery life and longevity of laptops. By using Intel’s eXtreme Tuning Utility, undervolters dial down the operating voltage of their PC by tiny increments until they can find a voltage level at which their PC can run under load. By shaving off a few hundredths or thousandths of a volt, the battery life can be extended proportionally. A PC’s CPU voltage can also be adjusted via overclocking on desktop PCs, though the focus there is primarily on the CPU’s clock speed, rather than the core voltage itself.

In either case, several questions remain, including which boards and laptops will apply the mitigation, and whether users will have an option to install them. It’s also not clear whether the mitigation that Intel is sending motherboard makers will in fact ever allow further CPU voltage modifications via software, or whether that capability is being disabled permanently. 

According to the Plundervolt researchers, “if you do not use SGX, you do not need to do anything,” they wrote.  “If you do use SGX: Intel has released a microcode update that—together with a BIOS update—allows disabling of the undervolting interface.”

Does your motherboard support SGX? It’s likely most recent boards do, though it’s not clear whether the feature is on by default. Here’s a list of SGX boards and platforms compiled over at GitHub. MSI’s customer support site claims that the company supports the feature, too. As we learn new information, we’ll update this post.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Mark Hachman

Mark Hachman

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Ada Chan

Dynabook Portégé X30L-G

I highly recommend the Dynabook Portégé® X30L-G notebook for everyday business use, it is a benchmark setting notebook of its generation in the lightweight category.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?