[Info-vax] CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics
Bob Gezelter
gezelter at rlgsc.com
Thu May 10 11:27:23 EDT 2018
Apparently, a large number kernel-level developers have misunderstood
the documentation concerning the interruptability of an x86-64
privileged instruction. This misunderstanding has made many major operating systems on the x86-64 platform vulnerable to a privilege escalation hazard.
Patches have reportedly been issued. Intel has also re-issued its x86-64
Software Development Manuals.
A description of the vulnerability can be found at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
I have privately forwarded this information to VSI technical management and received confirmation that they are aware of the issue.
- Bob Gezelter, Ph.D., http://www.rlgsc.com
More information about the Info-vax
mailing list