V0LTpwn: Attacking x86 Processor Integrity from Software

TL;DR

V0LTpwn is a novel software-controlled attack that undervolts x86 processors to induce hardware faults, compromising computation integrity and bypassing traditional security measures without physical access.

Contribution

This paper introduces V0LTpwn, the first software-based undervolting attack on x86 processors that affects computation integrity across various execution modes.

Findings

Successfully attacked Intel SGX enclaves from privileged processes.

Induced hardware faults caused erroneous computation results.

Demonstrated attack across multiple CPU revisions.

Abstract

Fault-injection attacks have been proven in the past to be a reliable way of bypassing hardware-based security measures, such as cryptographic hashes, privilege and access permission enforcement, and trusted execution environments. However, traditional fault-injection attacks require physical presence, and hence, were often considered out of scope in many real-world adversary settings. In this paper we show this assumption may no longer be justified. We present V0LTpwn, a novel hardware-oriented but software-controlled attack that affects the integrity of computation in virtually any execution mode on modern x86 processors. To the best of our knowledge, this represents the first attack on x86 integrity from software. The key idea behind our attack is to undervolt a physical core to force non-recoverable hardware faults. Under a V0LTpwn attack, CPU instructions will continue to execute with erroneous results and without crashes, allowing for exploitation. In contrast to recently presented side-channel attacks that leverage vulnerable speculative execution, V0LTpwn is not limited to information disclosure, but allows adversaries to affect execution, and hence, effectively breaks the integrity goals of modern x86 platforms. In our detailed evaluation we successfully launch software-based attacks against Intel SGX enclaves from a privileged process to demonstrate that a V0LTpwn attack can successfully change the results of computations within enclave execution across multiple CPU revisions.