Intel® CPU Voltage Settings Modification Advisory, Disclosed December 10, 2019

Documentation

Product Information & Documentation

000055804

02/07/2020

On December 10, 2019, Intel publicly disclosed a potential security vulnerability in some Intel® processors that may allow escalation of privilege and/or information disclosure.

This is a potential security vulnerability only when Intel® Software Guard Extensions (Intel® SGX) is enabled on a system. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability.

Intel recommends that end users contact their system manufacturer to obtain the latest BIOS version that mitigates this issue. You can find a list of many system manufacturer’s support sites here.

This issue has been referenced using various names by researchers and media including: VoltJockey, Knight, and Plundervolt.

Affected products:

  • Intel® Core™ 6th, 7th, 8th, 9th & 10th generation processors
  • Intel® Xeon® Processor E3 v5 & v6
  • Intel® Xeon® Processor E-2100 & E-2200
    Note Other processor families (such as Intel® Pentium® processors and Intel® Celeron® processors) may have some SKUs that support Intel® SGX.

Further technical details can be found in the Intel Security Center, INTEL-SA-00289, as well as our December blog, which provides a summary of this month’s security advisories.

If you need further assistance, please contact Intel Customer Support.

General Q&A:

Click or the question for details:

What is the issue? External Researchers informed Intel of a potential vulnerability that could impact the security of Intel® Software Guard Extensions (Intel® SGX). This issue may occur when using software that enables the user to alter voltage operating points.
How do I fix this issue? Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability.

Intel recommends that end users contact their system manufacturer to obtain the latest BIOS version that mitigates this issue. You can find a list of many system manufacturers' support sites.

What is the impact of this issue on systems already deployed using Intel® SGX? Intel is not aware of any real-world use of the new vulnerabilities.
How can I tell if my processor supports Intel® SGX? If you are unsure, contact your system manufacturer.
How is this potential vulnerability mitigated? The BIOS updates mitigate the issue by locking voltage to the default settings.
Is this issue linked to any specific operating system (OS) type or is the issue independent of OS types and versions? This issue is independent of the OS type and version.
Can I still overclock? Intel recommends you contact your system manufacturer to determine if your system supports overclocking.
My system manufacturer does not have any update available yet, what should I do? Unfortunately, Intel cannot dictate nor control when our ecosystem partners release updated BIOS or driver files. We recommend that you request an estimate on when the update will be available.