[Info-vax] CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics

[Simon Clubley]

On 2018-05-10, Bob Gezelter <gezelter at rlgsc.com> wrote:
> Apparently, a large number kernel-level developers have misunderstood
> the documentation concerning the interruptability of an x86-64
> privileged instruction. This misunderstanding has made many major
> operating systems on the x86-64 platform vulnerable to a privilege
> escalation hazard.
>

The way this is being reported implies that it is the fault of the
OS developers and not Intel's documentation.

I would argue differently. If so many people have made the same mistake
in different operating systems then I would suggest that the fault lies
firmly in the Intel documentation which was obviously not as clear as
it should have been.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world