Indigodefense

Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed

Posted on May 9, 2018

Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed

Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers. At worst, miscreants can, potentially, ‘gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine. The vulnerabilities can be exploited by malware running on a computer, or a malicious logged-in user.

Patches are now available to correct the near-industry-wide programming blunders. As detailed by CERT on Tuesday, the security cockup, labeled CVE-2018-8897, appears to have been caused by developers at Microsoft, Apple, and other organizations misunderstanding the way Intel and AMD processors handle one particular special exception.

Source: co.uk