[Info-vax] CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics
clair.grant@vmssoftware.com
clairgrant71 at gmail.com
Thu May 10 12:56:09 EDT 2018
On Thursday, May 10, 2018 at 11:27:25 AM UTC-4, Bob Gezelter wrote:
> Apparently, a large number kernel-level developers have misunderstood
> the documentation concerning the interruptability of an x86-64
> privileged instruction. This misunderstanding has made many major operating systems on the x86-64 platform vulnerable to a privilege escalation hazard.
>
> Patches have reportedly been issued. Intel has also re-issued its x86-64
> Software Development Manuals.
>
> A description of the vulnerability can be found at:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
>
> I have privately forwarded this information to VSI technical management and received confirmation that they are aware of the issue.
>
> - Bob Gezelter, Ph.D., http://www.rlgsc.com
We do not think this is a problem for VMS on x86 since we determine previous mode and switch GBASE differently than the methods used that encounter the problem. Camiel can fill in the details. We will continue to watch this just in case we have misinterpreted the situation.
Clair
Clair
More information about the Info-vax
mailing list