DrinkLyeAndDie
Retired Moderator
Thread Starter
- Joined
- Jan 28, 2007
- Messages
- 11,822
- Likes
- 468
I read about this yesterday but was too busy to get around to posting. Some sad humour.
This relates to CVE-2018-8897:
Operating systems that mishandle this debug exception and had their systems open to attacks include Apple, Microsoft, FreeBSD, Red Hat, Ubuntu, SUSE Linux, and other Linux distros based on the Linux Kernel —which is also affected.
Further, the issue also made it into virtualization software like VMWare and Xen. CERT/CC has a page dedicated to the patch status of each affected vendor.
Fixing the bug and having synchronized patches out by yesterday was an industry-wide effort, one that deserves praises, compared to the jumbled Meltdown and Spectre patching process.
The issues seems to be that by misinterpreting Intel’s incomplete documentation for these instructions, the OS vendors were allowing instructions such as SYSCALL, SYSENTER, INT 3, and others that transfer control to the operating system at Current Privilege Level (CPL) < 3 to follow the MOV SS and POP SS instructions.
This would result in an unexpected behavior by allowing Ring 3 user-level applications to control the kernel Ring 0 system level. In other words, malicious apps would be able to gain control of lower-level components of the system to bypass other security protections and steal sensitive memory information.
This relates to CVE-2018-8897:
- Mitre CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
- Microsoft Security TechCenter: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897