

Privilege escalation vulnerability on 64-bit Intel CPU hardware - HerrMonnezza
http://www.kb.cert.org/vuls/id/649219

======
maayank
Sounds like the vulnerability is in the software (the hardware works as
specified): "Intel claims that this vulnerability is a software implementation
issue, as their processors are functioning as per their documented
specifications. However, software that fails to take the Intel-specific SYSRET
behavior into account may be vulnerable."

~~~
atmz
The issue seems to be present in Xen, Windows, and Linuxes -- this suggests
that, regardless of technicalities, Intel did something unwise. (Or at least
didn't communicate effectively with software vendors)

~~~
j_s
Per [http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-
pr...](http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-
escalation/)

"Linux actually fixed the bug in 2006, with CVE-2006-0744. [
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744> ] But the
description says “Linux kernel before 2.6.16.5 does not properly handle
uncanonical return addresses on Intel EM64T CPUs…”, which makes it sound like
something Linux-specific. It’s therefore not surprising that it attracted
little notice from other operating systems."

------
spullara
They don't have AWS on the list. Were they not notified or were they not
affected? Are they vulnerable now?

~~~
wwkeyboard
I believe they use Xen. (and so thinks wikipedia
<http://en.wikipedia.org/wiki/Amazon_Web_Services>)

------
Estragon
Anyone got a link to a more detailed explanation of the vulnerability and how
it would be exploited?

~~~
flatline3
[http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-
pr...](http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-
escalation/)

~~~
Estragon
Thanks.

------
sirlancer
More information on OS specific vulnerabilities can be found here:
<http://www.scmagazine.com.au/Tools/Print.aspx?CIID=304829>

------
ikonst
Date Public: 12 Apr 2006 ?!

~~~
__alexs
I believe that is referring to this
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-074...](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0744)

------
mspeed
This is old news.

~~~
jps359
Original Release date: 12 Jun 2012 | Last revised: 25 Jun 2012

yeah, ancient history

