[Info-vax] CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics
Bob Gezelter
gezelter at rlgsc.com
Thu May 10 14:49:05 EDT 2018
On Thursday, May 10, 2018 at 1:41:06 PM UTC-4, Simon Clubley wrote:
> On 2018-05-10, Bob Gezelter <gezelter at rlgsc.com> wrote:
> > Apparently, a large number kernel-level developers have misunderstood
> > the documentation concerning the interruptability of an x86-64
> > privileged instruction. This misunderstanding has made many major
> > operating systems on the x86-64 platform vulnerable to a privilege
> > escalation hazard.
> >
>
> The way this is being reported implies that it is the fault of the
> OS developers and not Intel's documentation.
>
> I would argue differently. If so many people have made the same mistake
> in different operating systems then I would suggest that the fault lies
> firmly in the Intel documentation which was obviously not as clear as
> it should have been.
>
> Simon.
>
> --
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
> Microsoft: Bringing you 1980s technology to a 21st century world
Simon,
Agreed. When a large number of readers make the same mistake, the material is clearly not as clear as it should be.
- Bob Gezelter, http://www.rlgsc.com
More information about the Info-vax
mailing list