Bizarre security vulnerability found in every x86-64 Intel processor

2012-Jun-18 | Tags: antispywareantivirusmicrosoft

Start64!Given how long 64-bit processors have been on the market, it's a bit surprising to see a vulnerability that takes advantage of AMD's x86-64 instruction set on Intel processors surface this late in the game. The vulnerability was originally thought to be Linux-specific, but was only recently found to be exploitable in Windows, BSD, and potentially OS X.

Originally discovered by CERT, the vulnerability takes advantage of the intricate mechanics of how memory is copied from one security level to another. In a nutshell, when AMD was creating its x86-64 instruction set, it opted to restrict the addressable memory space to 48-bits, leaving bits 48 through 64 unused. In order to prevent hackers from putting malicious data in this out-of-bounds area, AMD's processors require something called canonical addresses, where bits 48 through 64 have identical and meaningless data. If a ring three, or unprivileged user tries to elevate their privileges with non-canonical addresses in tow, AMD's processors will throw a general protection fault and then attempt to reload software from a safe place at the kernel level.

facebook-3 twitter-3 rss-3 email-3