Stefan Mileschin

Intel's paperwork was not up to snuff

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature.

According to Bleeping Computer, the vulnerability is in how the OS vendors implemented hardware debug mechanism for Intel x86-64 architectures and can be found in the MOV SS and POP SS instructions.

Nick Peterson of Everdox Tech and CERT/CC team which reported the bug said that in certain circumstances after the use of specific Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3.

This may allow an attacker to use operating system APIs to gain access to sensitive memory information or control low level operating system functions.

OS vendors have coordinated and released patches at the same time. Fixing the bug and having synchronised patches out by yesterday was an industry-wide effort. Specific operating systems vulnerable were Apple, Microsoft, FreeBSD, Red Hat, Ubuntu, SUSE Linux, and other Linux distros based on the Linux Kernel —which is also affected.

The issue also made it into virtualisation software like VMWare and Xen. CERT/CC has a page dedicated to the patch status of each affected vendor.

Both Peterson and the CERT/CC team blamed the "unclear and perhaps even incomplete documentation" relating the use of the MOV SS and POP SS instructions, as the main reason why this bug made it into the kernels of so many different operating systems, practically in the same way.

https://fudzilla.com/news/46264-os-m...-debug-feature