Researchers at the University of Birmingham, previously known for developing the Plundervolt and VoltPillager attacks, have identified a vulnerability (CVE-2022-43309) in some server motherboards that can physically disable the CPU without the possibility of subsequent recovery. The vulnerability, codenamed PMFault, can be used to damage servers to which an attacker does not have physical access, but has privileged access to the operating system, obtained, for example, as a result of exploiting an unpatched vulnerability or intercepting administrator credentials.
The essence of the proposed method is to use the PMBus interface, which uses the I2C protocol, to increase the voltage supplied to the processor to values ββthat cause damage to the chip. The PMBus interface is usually implemented in the VRM (Voltage Regulator Module), which can be accessed through manipulation of the BMC controller. To attack boards that support PMBus, in addition to administrator rights in the operating system, you must have programmatic access to the BMC (Baseboard Management Controller), for example, via the IPMI KCS (Keyboard Controller Style) interface, via Ethernet, or via flashing the BMC from the current system.
An issue that allows an attack without knowledge of the authentication parameters in the BMC has been confirmed in Supermicro motherboards with IPMI support (X11, X12, H11 and H12) and ASRock, but other server boards on which PMBus can be accessed are also affected. In the course of the experiments, when the voltage increased to 2.84 volts, two Intel Xeon processors were damaged on these boards. To access the BMC without knowing the authentication parameters, but with root access to the operating system, a vulnerability in the firmware verification mechanism was used, which made it possible to download a modified firmware update to the BMC controller, as well as the possibility of unauthenticated access via IPMI KCS.
The voltage change method via PMBus can also be used to perform a Plundervolt attack, which allows, by lowering the voltage to minimum values, to cause damage to the contents of data cells in the CPU used in calculations in isolated Intel SGX enclaves and generate errors in initially correct algorithms. For example, if you change the value used in the multiplication during the encryption process, the output will be an invalid ciphertext. By being able to call a handler in the SGX to encrypt their data, an attacker can, by causing failures, accumulate statistics about the change in the output ciphertext and recover the value of the key stored in the SGX enclave.
A toolkit for attacking Supermicro and ASRock boards, as well as a utility for checking for access to PMBus, are published on GitHub.
Source: opennet.ru