Intel ´¦ÖÃÆ÷Ó²¼þ¡°VoltJockey¡±£¨ÆïÊ¿£©·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2019-12-11

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-11157£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.9£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Intel Core µÚ6¡¢7¡¢8¡¢9ºÍµÚ10´ú´¦ÖÃÆ÷

Intel Xeon ´¦ÖÃÆ÷E3 v5ºÍv6

Intel Xeon ´¦ÖÃÆ÷E-2100 ºÍ E-2200


·ì϶¸ÅÊö


2019Äê12ÔÂ10ÈÕ£¬Intel¹Ù¸ÕÕýʽȷÈϲ¢°ä²¼ÁË¡°VoltJockey¡±£¨ÆïÊ¿£©·ì϶²¼¸æ¡£¸Ã·ì϶ÊÇÓÉÓÚÏÖ´úÖ÷Á÷´¦ÖÃÆ÷΢ϵͳ¼Ü¹¹Éè¼ÆʱѡȡµÄ¶¯Ì¬µçÔ´ÖÎÀíÄ£¿éDVFS£¨Dynamic Voltage and Frequency Scaling£©´æÔÚ°²È«Òþ»¼Ôì³ÉµÄ£¬´æÔÚÌáȨºÍÐÅϢй¶µÄ·çÏÕ¡£


VoltJockey·ì϶»ùÓÚµçѹ¹ÊÕÏ×¢Èë¶ÔCPU½øÐй¥»÷£¬ÀûÓÃÓ²¼þ¹ÊÕ϶ÔCPUµÄÓ²¼þ¸ôÀëÉèÊ©£¨ÈçTrustZone£©½øÐй¥»÷¡£·ÖÆçÓÚ´«Í³Ñ¡È¡±à³Ì½Ó¿Ú·ì϶µÄ¹¥»÷·½Ê½£¬¸Ã²½ÖèÆëÈ«Ñ¡È¡CPUµÄÓ²¼þ·ì϶£¬·ÀÓùÆðÀ´Ïà¶ÔÄÑÌ⣬ÇÒ¶ÔÓÚÀàËÆTrustZoneµÄÆäËüCPUµÄÓ²¼þ°²È«À©´óÒ²ÓÐÀàËƳÉЧ¡£Ä¿Ç°VoltJockey·ì϶¿í·º´æÔÚÓÚÖ÷Á÷´¦ÖÃÆ÷оƬÖУ¬¿ÉÄÜÉæ¼°µ±Ç°´óÁ¿Ê¹ÓõÄÊÖ»úÖ§¸¶¡¢ÈËÁ³/Ö¸ÎƼø±ð¡¢°²È«ÔÆÍÆËãµÈ¸ß¼ÛÖµÃܶÅצÓõݲȫ£¬Ó°ÏìÃæ¹ã¡£


Áí±í¸Ã°²È«·ì϶½öµ±ÔÚIntel SGX£¨Software Guard Extensions£©¿ªÆôʱ²Å´æÔÚ¡£IntelÒѾ­ÏòϵͳÔì×÷ÉÌ°ä²¼Á˹̼þ¸üУ¬ÒÔ»º½âÕâһDZÔڵķì϶¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Intel½¨ÒéÊÜÓ°ÏìµÄÓû§ÓëϵͳÔì×÷ÉÌÁªÏµ£¬ÒÔ»ñÈ¡¿É»º½â´ËÎÊÌâµÄ×îÐÂBIOS¡£


²Î¿¼Á´½Ó


https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html