Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed
Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers. At worst, miscreants can, potentially, ‘gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine. The vulnerabilities can be exploited by malware running on a computer, or a malicious logged-in user.
Patches are now available to correct the near-industry-wide programming blunders. As detailed by CERT on Tuesday, the security cockup, labeled CVE-2018-8897, appears to have been caused by developers at Microsoft, Apple, and other organizations misunderstanding the way Intel and AMD processors handle one particular special exception.