https://www.techpowerup.com/262024/new-plundervolt-intel-cpu-vulnerability-exploits-vcore-to-fault-sgx-and-steal-protected-data
 
A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.

Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mititagion against this vulnerability. 
 
Looks like Intel has a lot of security work ahead of them

Does this vulnerability indicate that software-based overclocking will now become a thing of the past as it poses a security risk?

It took EVGA a few months in 2018 to release BIOS patches for Spectre/Meltdown (CVE- 2017-5753 / CVE- 2017-5715 / CVE- 2017-5754). The CVEs were published in January 2018 and while the EVGA X299 got patched on January 12th (BIOS 1.06), the Z270 and Z370 didn’t get patched until March 26th (BIOS 1.07/1.08), and the X99 didn’t get patched until April 16th (BIOS 2.06).

Its still not good for servers and such.
 
Put another point for team red down, ouch.

kougar
I hate this exploit, solely because it validates all those TV show/movie tropes where adding more power miraculously fixes or hacks stuff. Star Trek correctly predicting the future once again!

 LOL, so true! 

CraptacularOne
Sure a lot of these things may not be the best for server farms or such. But for the average person they are irrelevant. If someone already has this level access to your PC you have much bigger problems anyway. 

While I 100% agree the issue for us consumers is the patch's they must deploy. The patch's usually carry some sort of performance hit which in turn affects us average consumers.

Keep in mind that Intel's 10xxx series CPUs are slower than their 9xxx series CPUs due to in-silicon vulnerability mitigation.  This confirms the concern of the trickle-down effect affecting consumers and enthusiasts years later.  As AuDioFreaK39 said, does this indicate that overclocking support on Intel's CPUs could be affected in the future?

z999z3mystorys
another exploit, just Plunderful... er wonderful.

Good one.