Skip to content
Tool Suite for V0LTpwn (CVE-2019-11157). Code will be published soon.
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.


V0LTpwn (CVE-2019-11157) is a software-controlled fault attack on x86 processors. It is the first attack corrupting the integrity of SGX enclaves.


All recent Intel processors exhibit a software interface for controlling core voltages without rebooting the system. This feature is not required for normal operation but is used by expert users for performance optimizations. For instance, it is utilized by Intel's XTU application in the overclocking community.

In V0LTpwn, we show that malicious software can use this interface to reduce the processor voltage to a critical threshold at which certain instructions no longer operate correctly. This means that an attacker is able to induce bit flips in computations which are implemented with these instructions. We show in our paper how an attacker can manipulate cryptographic computations and even deviate the control flow of programs.

As the attack is controlled by software, the attacker does not require physical access to the machine. However, the attacker needs operating system privileges to utilize the voltage interfaces. It means that the vulnerability is not directly a threat for normal users. The main target are trusted execution environments like Intel's SGX.

SGX is a security feature enabling applications to deploy enclaves which are protected even from the operating system. For instance, SGX can be used to run an application (securely) in an untrusted cloud environment. Previous attacks like Foreshadow have shown that secrets can be stolen from SGX enclaves over side channels. V0LTpwn is the first attack demonstrating how computations in SGX enclaves can be manipulated.

We informed Intel in a responsible disclosure process about the vulnerability. Intel cooperated with us and started delivering patches to the affected platforms. For further details, we refer to official information in Intel's Security Advisory.


We provide all details about V0LTpwn in our research paper:


We will release our tool suite for further research soon.

Further Information

Official information by Intel can be found at the following webpages:

You can’t perform that action at this time.