Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

US-CERT Warns of Intel CPU Flaw

By - Source: Toms IT Pro

Intel CPUs are vulnerable to a privilege escalation hack when running 64-bit operating systems.

tel CPUs are vulnerable to a privilege escalation hack when running 64-bit operating systems. tel CPUs are vulnerable to a privilege escalation hack when running 64-bit operating systems.

The U.S. Computer Emergency Readiness Team (US-CERT) has released an advisory note warning users that Intel CPUs are vulnerable to a privilege escalation hack when running 64-bit operating systems.

Intel blames the vulnerability on a software implementation issue and that its processors are running as defined by their spec. It appears that the vulnerability comes from software that does not take the Intel-specific SYSRET instruction into account. The US-CERT warns that the problem allows a local privilege escalation hack and, in virtualized environments, would allow guest administrators to gain hypervisor-level privileges.

AMD processors are reportedly not affected. SYSRET is part of the x86-64 standard as defined by AMD. Intel uses a different implementation and it is apparently this difference that can allow an attacker to write to arbitrary addresses in the operating system’s memory. Affected operating systems include the 64-bit versions of Windows 7 and Windows Server 2008 R2, NetBSD, FreeBSD, as well as Linux distributions, including Red Hat and Suse, and operating environments from Citrix, Joyent, Xen and Oracle.  

All affected vendors are providing updates to correct the issue.

Comments