SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware

Information
2012-Jun-13 | Tags: microsoftservervirtualization

Start64!Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.

Description -  A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation.


facebook-3 twitter-3 rss-3 email-3

logo-bottom