On Sun, 24 Jun 2012, Harvey Rothenberg wrote:
To All:
Last week, the U.S. Computer Emergency Readiness Team
(US-CERT) reported a vulnerability, on Intel CPU hardware, that could
lead to a privilege escalation attack on some 64-bit operating systems
and virtualization softwares running on Intel CPU hardware.
In
these years many security flaws have affected different virtualization
platforms but this episode is remarkable because, originated at the CPU
level, affects many different systems and not just a single vendor.
Two
days ago US-CERT updated the list of the affected systems, that
includes Windows 7, Windows Server 2008 R2, FreeBSD and NetBSD as well
as Xen hypervisor, that we report in a ?per Vendor? grouping.
======
Intel
claims that this vulnerability is a software implementation issue, as
their processors are functioning as per their documented specifications.
However, software that does not take the unsafe SYSRET behavior
specific to Intel processors into account may be vulnerable.
I believe that Intel is technically right here, but morally wrong.
Yes, per the letter of the Intel specs, systems with this problem are
wrong.
But Intel cloned the AMD64 architecture, and the fact that they do this
differently than how AMD does it is really a bug in the Intel
implementation.
If the names AMD/Intel were flipped, Intel would be hammering on how AMD
was a faulty clone and nobody should trust their chips.
David Lang
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
